search

carnal0wnage / weirdAAL

WeirdAAL (AWS Attack Library)
780 stars 92 forks source link

Use Pipenv instead of Pip + Virtualenv #71

Closed artis3n closed 5 years ago

artis3n commented 5 years ago

Versions locked by Pipfile.lock, simplifies the setup in the Wiki. Upgrade packages in future by running pipenv update. I don't have permission to update, but the Setup page of the wiki should now show:

setup infoz:

git clone https://github.com/carnal0wnage/weirdAAL.git
cd weirdAAL

pip3 install pipenv (if required)

pipenv install
pipenv shell

OSX Setup:

$ brew install python
$ pip3 install pipenv
$ pipenv install
$ pipenv shell

Then, all references to python3 can just be python as python 3 will be the only available interpreter inside the pipenv shell.

Dependency graph:

➜ pipenv graph           
boto3==1.9.173
  - botocore [required: >=1.12.173,<1.13.0, installed: 1.12.173]
    - docutils [required: >=0.10, installed: 0.14]
    - jmespath [required: >=0.7.1,<1.0.0, installed: 0.9.4]
    - python-dateutil [required: >=2.1,<3.0.0, installed: 2.8.0]
      - six [required: >=1.5, installed: 1.12.0]
    - urllib3 [required: >=1.20,<1.26, installed: 1.25.3]
  - jmespath [required: >=0.7.1,<1.0.0, installed: 0.9.4]
  - s3transfer [required: >=0.2.0,<0.3.0, installed: 0.2.1]
    - botocore [required: >=1.12.36,<2.0.0, installed: 1.12.173]
      - docutils [required: >=0.10, installed: 0.14]
      - jmespath [required: >=0.7.1,<1.0.0, installed: 0.9.4]
      - python-dateutil [required: >=2.1,<3.0.0, installed: 2.8.0]
        - six [required: >=1.5, installed: 1.12.0]
      - urllib3 [required: >=1.20,<1.26, installed: 1.25.3]
tabulate==0.8.3
cktricky commented 5 years ago

Hey @artis3n 👋 - I had not seen this PR until I got the notification about you closing it. Did you want to keep it closed or reopen?

artis3n commented 5 years ago

Ah, no problem. Well, I'm conflicted. I think pipenv to automatically scope weirdaal's dependencies to a project-specific virtualenv would be beneficial, but people have issues with pipenv that are well summed up in: https://chriswarrick.com/blog/2018/07/17/pipenv-promises-a-lot-delivers-very-little/.

I feel that it's beneficial for weirdAAL's use case, but it's not so much a "definitely use this" as I originally thought when I opened the issue.

You may also want to lock the versions in the Pipfile, I've left them * (and rely on the Pipfile.lock to store the specific version needed).