Fix another ‘curl|sh’ bogus installation – Heroku

The Heroku toolbelt (which I don’t remember if its mentioned in the “curlpipesh” tumbler mentioned by Amir in his response to my “Fix RVM” post), is a CLI to manage applications on the Heroku PaaS platform. As is common (and horrible) in this day and age they also offer a ‘curl|sh’ type install on their home page.

While the Debian/Ubuntu specific installer is not entirely horrible – it basically adds the Heroku Toolbelt debian repository to the APT source list, updates the package list and installs it, the “standalone” version is as horrible as it can get: download an unsigned binary from the internet, get root permissions and then do something.

For users of Fedora and other distributions, or just Ubuntu users who don’t like installing external repositories on their system, here is a simpler method to get the Heroku Toolbelt running on your system without root permissions and downloading scripts off the internet:

  1. Download the toolbelt distribution and extract it to a local path:
    cd ~/.local
    curl https://s3.amazonaws.com/assets.heroku.com/heroku-client/heroku-client.tgz -s | tar xz
  2. Add the Heroku binary directory to the path:
    echo 'export PATH="$PATH:$HOME/.local/heroku-client/bin"' >> ~/.bashrc
  3. Make sure ruby is available – use your operating system software tool to install it from the repository. For Fedora users, you can also use the following command:
    sudo dnf install ruby
  4. Make sure the required Ruby gem “Nokogiry” is installed. Fedora users can use the command
    sudo dnf install rubygems-nokogiri
    If your operating system does not provide Nokogiri in the software repositories, you can also install it manually through the gem gem command, like so:


    sudo gem install nokogiri

And that’s it – now you should be able to start a new terminal and execute heroku to get access to the Heroku Toolbelt.

Leave a Reply