installing pwntools pollutes /usr/local/bin

[tkmikan]

For a long time, installing pwntools will create console scripts for all files under pwnlib/commandline to /usr/local/bin (or other equivalent path).

(Dry-)Running pip uninstall pwntools will show the files it creates, including

asm,checksec,common,constgrep,cyclic,debug,disablenx,disasm,elfdiff,elfpatch,errno,hex,libcdb,main,phd,pwn,pwnstrip,scramble,shellcraft,template,unhex,update,version

As command accessible globally in PATH,

• some are meaningful and seem reasonable (e.g. checksec hex)
• some are confusing (e.g. debug template update version)
• main and common is not a command at all.

These commands can actually be invoked pwn subcommand.
And, the usage help always prepend pwn before the actual script name.

Although there is a flag --only-use-pwn-command, I believe few people know it and use it.

[peace-maker]

Do you suggest something or just document the current behaviour? Do you want to toggle the default and not create scripts by default? Or only for a few commands?

I agree "update" and "template" are very generic indeed.

We can filter some weird ones out?
https://github.com/Gallopsled/pwntools/blob/dev/setup.py#L34

[tkmikan]

main and common should be removed.
As for other "weird ones", IMHO we should avoid installing scripts debug template update version.
Others may need some discussion.

I do not have a preference about the default behavior (the flag), but, the bash/zsh completion currently only works under pwn subcommand.

Finally, we should update the doc https://github.com/Gallopsled/pwntools/blob/dev/docs/source/install.rst#command-line-tools

[tkmikan]

And it seems installing pwntools through homebrew do not have chance to set --only-use-pwn-command

[peace-maker]

Would you mind proposing a pull request please? I don't own a Mac so can't tell for the homebrew install too.

[tkmikan]

According to #660, the original plan was to use a single entry point, which is in my favour.
But #701 only added the pwn entry and did not remove the aliases, to keep backward compatibility.
(The pip install --install-option='--only-use-pwn-command' now is pip install --config-setting="--build-option=--only-use-pwn-command")

Removing scripts in setup.py will take effect at next upgradation. So we need deprecation before actually removing them, in case there are shortcut users.

The two steps:

1. remove weird ones; deprecate direct invoking the others
2. remove all entries except pwn

[tkmikan]

about distro actions:

• AUR: manually delete everything except pwn ref
• Debian (Kali): remove the scripts with patch. ref1 and ref2
• Gentoo: use --only-use-pwn-command ref
• Pentoo: Perhaps same as gentoo?

By the way, there is checksec for checksec, moreutils for errno.

[gsingh93]

pip install --config-setting="--build-option=--only-use-pwn-command"

@tkmikan does this command work for you? I still get all of the CLI binaries installed. According to this [1], maybe it actually shouldn't work with install? Hoping to get rid of these annoying CLI binaries except pwn until this issue gets fully fixed.

[1] https://discuss.python.org/t/passing-command-line-arguments-to-pip-install-after-install-options-deprecation/22981/5