source $stdenv/setup # Curl flags to increase reliability a bit. # # Can't use fetchurl, for several reasons. One is that we definitely # don't want --insecure for the login, though we need it for the # download as their download cert isn't in the standard linux bundle. curl="curl \ --max-redirs 20 \ --retry 3 \ --cacert $cacert/etc/ssl/certs/ca-bundle.crt \ -b cookies \ -c cookies \ $curlOpts \ $NIX_CURL_FLAGS" # We don't want the password to be on any program's argv, as it may be # visible in /proc. Writing it to file with echo should be safe, since # it's a shell builtin. echo -n "$password" > password # Might as well hide the username as well. echo -n "$username" > username # Get a CSRF token. csrf=$($curl $loginUrl | xidel - -e '//input[@id="csrf_token"]/@value') # Log in. We don't especially care about the result, but let's check if login failed. $curl --data-urlencode csrf_token="$csrf" \ --data-urlencode username_or_email@username \ --data-urlencode password@password \ -d action=Login \ $loginUrl -D headers > /dev/null if grep -q 'Location: https://' headers; then # Now download. We need --insecure for this, but the sha256 should cover us. $curl --insecure --location $url > $out set +x else set +x echo 'Login failed' echo 'Please set username and password with config.nix,' echo 'or /etc/nix/nixpkgs-config.nix if on NixOS.' echo echo 'Example:' echo '{' echo ' packageOverrides = pkgs: rec {' echo ' factorio = pkgs.factorio.override {' echo ' username = "<username or email address>";' echo ' password = "<password>";' echo ' };' echo ' };' echo '}' exit 1 fi