56 lines
1.7 KiB
Bash
56 lines
1.7 KiB
Bash
source $stdenv/setup
|
|
|
|
# Curl flags to increase reliability a bit.
|
|
#
|
|
# Can't use fetchurl, for several reasons. One is that we definitely
|
|
# don't want --insecure for the login, though we need it for the
|
|
# download as their download cert isn't in the standard linux bundle.
|
|
curl="curl \
|
|
--max-redirs 20 \
|
|
--retry 3 \
|
|
--cacert $cacert/etc/ssl/certs/ca-bundle.crt \
|
|
-b cookies \
|
|
-c cookies \
|
|
$curlOpts \
|
|
$NIX_CURL_FLAGS"
|
|
|
|
# We don't want the password to be on any program's argv, as it may be
|
|
# visible in /proc. Writing it to file with echo should be safe, since
|
|
# it's a shell builtin.
|
|
echo -n "$password" > password
|
|
# Might as well hide the username as well.
|
|
echo -n "$username" > username
|
|
|
|
# Get a CSRF token.
|
|
csrf=$($curl $loginUrl | xidel - -e '//input[@id="csrf_token"]/@value')
|
|
|
|
# Log in. We don't especially care about the result, but let's check if login failed.
|
|
$curl --data-urlencode csrf_token="$csrf" \
|
|
--data-urlencode username_or_email@username \
|
|
--data-urlencode password@password \
|
|
-d action=Login \
|
|
$loginUrl -D headers > /dev/null
|
|
|
|
if grep -q 'Location: https://' headers; then
|
|
# Now download. We need --insecure for this, but the sha256 should cover us.
|
|
$curl --insecure --location $url > $out
|
|
set +x
|
|
else
|
|
set +x
|
|
echo 'Login failed'
|
|
echo 'Please set username and password with config.nix,'
|
|
echo 'or /etc/nix/nixpkgs-config.nix if on NixOS.'
|
|
echo
|
|
echo 'Example:'
|
|
echo '{'
|
|
echo ' packageOverrides = pkgs: rec {'
|
|
echo ' factorio = pkgs.factorio.override {'
|
|
echo ' username = "<username or email address>";'
|
|
echo ' password = "<password>";'
|
|
echo ' };'
|
|
echo ' };'
|
|
echo '}'
|
|
|
|
exit 1
|
|
fi
|