After a couple days of futzing with this I think I have the yaks shaved in the proper order to make this setup repeatable, but I'm fairly certain this won't work on free accounts due to the myriad external download links that brew uses pulling the software from the original hosting locations.
Because the certificates PyA uses appear to come from an older "stable" distribution they sometimes throw warnings when sites have an updated certificate that they don't trust yet, and currently Linuxbrew (and Homebrew) don't have a way to pass the underlying curl
command the insecure flag -k
. To work around this we can use the latest certificate trust bundle from Curl's own website to work around this in some cases.
Notes:
# Curl -L follows redirects, -O saves using server file name
# Brew requires a tmp dir with world writeable and sticky bits set
Install Linuxbrew following directions from https://linuxbrew.sh.
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Linuxbrew/install/master/install)"
PATH="$HOME/.linuxbrew/bin:$PATH"
echo 'export PATH="$HOME/.linuxbrew/bin:$PATH"' >>~/.bashrc
# Occasionally the first brew command fails if the tmp directory isn't readable
brew doctor
# This may fail without sudo, but PyA users aren't in the sudoers group
chmod +t /tmp
# A workaround if the above doesn't work is to create your own ~/tmp and use it
# mkdir ~/tmp; chmod +t ~/tmp; export HOMEBREW_TEMP=~/tmp
# You may also want to add the export above to your ~/.bashrc
Commands to fix brew for PyA:
mkdir -p ~/.local/ssl/; cd ~/.local/ssl/; curl -L -O https://curl.haxx.se/ca/cacert.pem
CURL_CA_BUNDLE=~/.local/ssl/cacert.pem brew install curl
# brew installed curl uses its own certificates instead of just the OS ones
Now you can use brew to install whatever software you desire.
brew install mosh
brew install tmux
It would be great if a PythonAnywhere staff member could test this in a fresh free and fresh paid user environment and make sure I haven't missed anything. I currently don't have my environment backed up to the point where I could blow it away and retest.