3 files changed, 90 insertions, 3 deletions
diff --git a/customized/factorio-fetch.nix b/customized/factorio-fetch.nix
new file mode 100644
index 00000000..04b31ac1
--- /dev/null
+++ b/customized/factorio-fetch.nix
@@ -0,0 +1,33 @@
+{ stdenv, curl, xidel, cacert
+# Begin download parameters
+, username ? ""
+, password ? ""
+}:
+{
+  # URL to fetch.
+  url ? ""
+  # Login URL.
+, loginUrl ? "https://www.factorio.com/login"
+  # SHA256 of the fetched URL.
+, sha256 ? ""
+}:
+stdenv.mkDerivation {
+  name = "factorio.tar.gz";
+  buildInputs = [ curl xidel ];
+  inherit url loginUrl username password cacert;
+  builder = ./fetch.sh;
+  outputHashAlgo = "sha256";
+  outputHash = sha256;
+  outputHashMode = "flat";
+  # There's no point in downloading remotely, we'd just slow things down.
+  preferLocalBuild = true;
+}
diff --git a/customized/factorio.nix b/customized/factorio.nix
index a718c9c7..b2832aad 100644
--- a/customized/factorio.nix
+++ b/customized/factorio.nix
@@ -1,9 +1,8 @@
 { stdenv, callPackage, fetchurl, makeWrapper
 , alsaLib, libX11, libXcursor, libXinerama, libXrandr, libXi, mesa_noglu
-, factorio-utils
+, factorio-utils, factorio-fetch
 , releaseType
 , mods ? []
-, username ? "" , password ? ""
 }:
 assert releaseType == "alpha" || releaseType == "headless";
@@ -21,7 +20,7 @@ let
    inTar = "i386";
  } else abort "Unsupported platform";
-  authenticatedFetch = callPackage ./fetch.nix { inherit username password; };
+  authenticatedFetch = factorio-fetch;
  fetch = rec {
    url = "https://www.factorio.com/get-download/${version}/${releaseType}/${arch.inUrl}";
diff --git a/customized/fetch.sh b/customized/fetch.sh
new file mode 100644
index 00000000..30d9c9fd
--- /dev/null
+++ b/customized/fetch.sh
@@ -0,0 +1,55 @@
+source $stdenv/setup
+# Curl flags to increase reliability a bit.
+#
+# Can't use fetchurl, for several reasons. One is that we definitely
+# don't want --insecure for the login, though we need it for the
+# download as their download cert isn't in the standard linux bundle.
+curl="curl \
+ --max-redirs 20 \
+ --retry 3 \
+ --cacert $cacert/etc/ssl/certs/ca-bundle.crt \
+ -b cookies \
+ -c cookies \
+ $curlOpts \
+ $NIX_CURL_FLAGS"
+# We don't want the password to be on any program's argv, as it may be
+# visible in /proc. Writing it to file with echo should be safe, since
+# it's a shell builtin.
+echo -n "$password" > password
+# Might as well hide the username as well.
+echo -n "$username" > username
+# Get a CSRF token.
+csrf=$($curl $loginUrl | xidel - -e '//input[@id="csrf_token"]/@value')
+# Log in. We don't especially care about the result, but let's check if login failed.
+$curl --data-urlencode csrf_token="$csrf" \
+      --data-urlencode username_or_email@username \
+      --data-urlencode password@password \
+      -d action=Login \
+      $loginUrl -D headers > /dev/null
+if grep -q 'Location: https://' headers; then
+    # Now download. We need --insecure for this, but the sha256 should cover us.
+    $curl --insecure --location $url > $out
+    set +x
+else
+    set +x
+    echo 'Login failed'
+    echo 'Please set username and password with config.nix,'
+    echo 'or /etc/nix/nixpkgs-config.nix if on NixOS.'
+    echo
+    echo 'Example:'
+    echo '{'
+    echo '  packageOverrides = pkgs: rec {'
+    echo '    factorio = pkgs.factorio.override {'
+    echo '      username = "<username or email address>";'
+    echo '      password = "<password>";'
+    echo '    };'
+    echo '  };'
+    echo '}'
+    exit 1
+fi

diff --git a/customized/factorio-fetch.nix b/customized/factorio-fetch.nix new file mode 100644 index 00000000..04b31ac1 --- /dev/null +++ b/customized/factorio-fetch.nix
@@ -0,0 +1,33 @@
		1	{ stdenv, curl, xidel, cacert
		2	# Begin download parameters
		3	, username ? ""
		4	, password ? ""
		5	}:
		6
		7	{
		8	# URL to fetch.
		9	url ? ""
		10
		11	# Login URL.
		12	, loginUrl ? "https://www.factorio.com/login"
		13
		14	# SHA256 of the fetched URL.
		15	, sha256 ? ""
		16	}:
		17
		18	stdenv.mkDerivation {
		19	name = "factorio.tar.gz";
		20
		21	buildInputs = [ curl xidel ];
		22
		23	inherit url loginUrl username password cacert;
		24
		25	builder = ./fetch.sh;
		26
		27	outputHashAlgo = "sha256";
		28	outputHash = sha256;
		29	outputHashMode = "flat";
		30
		31	# There's no point in downloading remotely, we'd just slow things down.
		32	preferLocalBuild = true;
		33	}


diff --git a/customized/factorio.nix b/customized/factorio.nix index a718c9c7..b2832aad 100644 --- a/customized/factorio.nix +++ b/customized/factorio.nix
@@ -1,9 +1,8 @@
1	{ stdenv, callPackage, fetchurl, makeWrapper	1	{ stdenv, callPackage, fetchurl, makeWrapper
2	, alsaLib, libX11, libXcursor, libXinerama, libXrandr, libXi, mesa_noglu	2	, alsaLib, libX11, libXcursor, libXinerama, libXrandr, libXi, mesa_noglu
3	, factorio-utils	3	, factorio-utils, factorio-fetch
4	, releaseType	4	, releaseType
5	, mods ? []	5	, mods ? []
6	, username ? "" , password ? ""
7	}:	6	}:
8		7
9	assert releaseType == "alpha" \|\| releaseType == "headless";	8	assert releaseType == "alpha" \|\| releaseType == "headless";
@@ -21,7 +20,7 @@ let
21	inTar = "i386";	20	inTar = "i386";
22	} else abort "Unsupported platform";	21	} else abort "Unsupported platform";
23		22
24	authenticatedFetch = callPackage ./fetch.nix { inherit username password; };	23	authenticatedFetch = factorio-fetch;
25		24
26	fetch = rec {	25	fetch = rec {
27	url = "https://www.factorio.com/get-download/${version}/${releaseType}/${arch.inUrl}";	26	url = "https://www.factorio.com/get-download/${version}/${releaseType}/${arch.inUrl}";


diff --git a/customized/fetch.sh b/customized/fetch.sh new file mode 100644 index 00000000..30d9c9fd --- /dev/null +++ b/customized/fetch.sh
@@ -0,0 +1,55 @@
		1	source $stdenv/setup
		2
		3	# Curl flags to increase reliability a bit.
		4	#
		5	# Can't use fetchurl, for several reasons. One is that we definitely
		6	# don't want --insecure for the login, though we need it for the
		7	# download as their download cert isn't in the standard linux bundle.
		8	curl="curl \
		9	--max-redirs 20 \
		10	--retry 3 \
		11	--cacert $cacert/etc/ssl/certs/ca-bundle.crt \
		12	-b cookies \
		13	-c cookies \
		14	$curlOpts \
		15	$NIX_CURL_FLAGS"
		16
		17	# We don't want the password to be on any program's argv, as it may be
		18	# visible in /proc. Writing it to file with echo should be safe, since
		19	# it's a shell builtin.
		20	echo -n "$password" > password
		21	# Might as well hide the username as well.
		22	echo -n "$username" > username
		23
		24	# Get a CSRF token.
		25	csrf=$($curl $loginUrl \| xidel - -e '//input[@id="csrf_token"]/@value')
		26
		27	# Log in. We don't especially care about the result, but let's check if login failed.
		28	$curl --data-urlencode csrf_token="$csrf" \
		29	--data-urlencode username_or_email@username \
		30	--data-urlencode password@password \
		31	-d action=Login \
		32	$loginUrl -D headers > /dev/null
		33
		34	if grep -q 'Location: https://' headers; then
		35	# Now download. We need --insecure for this, but the sha256 should cover us.
		36	$curl --insecure --location $url > $out
		37	set +x
		38	else
		39	set +x
		40	echo 'Login failed'
		41	echo 'Please set username and password with config.nix,'
		42	echo 'or /etc/nix/nixpkgs-config.nix if on NixOS.'
		43	echo
		44	echo 'Example:'
		45	echo '{'
		46	echo ' packageOverrides = pkgs: rec {'
		47	echo ' factorio = pkgs.factorio.override {'
		48	echo ' username = "<username or email address>";'
		49	echo ' password = "<password>";'
		50	echo ' };'
		51	echo ' };'
		52	echo '}'
		53
		54	exit 1
		55	fi