It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like:Chrome,Firefox,Internet Explorer orOpera

×
avatar
Lin545: edit:

It turns out that piping the arguments using pipe or xargs results them not to be displayed on the process output!
That means command line option is fine, if input is piped like this:

echo $login $pass | xargs lgogdownloader --login

would not cause any security holes.
Unfortunately it would still create the same security hole. Now you have echo process running with the cmdline arguments world readable (and I think it won't exit until lgogdownloader is done reading from the pipe).

Write them to file, then cat the file to xargs. That might be secure, depending on the permissions.
Post edited February 14, 2017 by huan
avatar
huan: Write them to file, then cat the file to xargs. That might be secure, depending on the permissions.
Nice, thanks!
avatar
Lin545: Nice, thanks!
Eh, I should slap myself. All this is doing is moving the bug around so it's harder to spot, and I fell for it too. xargs itself creates the same kind of problem - it converts stdin to command line arguments and passes them to another process - as a command line. Until lgogdownloader supports reading the information directly from stdin all you can do is obscure it a bit, no implementation will truly be secure. Expect route should avoid this kind of pitfall, but my experience with it is very limited.
I made some progress with Galaxy API.

Much of the Galaxy stuff is hard coded and full of ugly hacks that require lots of clean up but I'm able to download at least some game files.

https://gfycat.com/AntiqueEcstaticFawn
avatar
Sude: I made some progress with Galaxy API.

Much of the Galaxy stuff is hard coded and full of ugly hacks that require lots of clean up but I'm able to download at least some game files.

https://gfycat.com/AntiqueEcstaticFawn
Hacks be damned, you've pretty much just made a Linux Galaxy client before GOG did. This is extremely cool, can't wait to try it out!
avatar
Sude: I made some progress with Galaxy API.

Much of the Galaxy stuff is hard coded and full of ugly hacks that require lots of clean up but I'm able to download at least some game files.

https://gfycat.com/AntiqueEcstaticFawn
Are GOG changing the protocol often, or it looks stable? They claimed they don't want to publish it, because they expect to change it quite a lot, and efforts on clients based on that will be somewhat wasted because of it.
Post edited February 17, 2017 by shmerl
So I cleaned up large part the code and pushed the current code to git.

It has lots of changes
$ git diff --cached --shortstat
18 files changed, 1491 insertions(+), 702 deletions(-)

https://github.com/Sude-/lgogdownloader/commit/f2e8dde


Website login code was changed to Galaxy login.
You probably want to --login to generate Galaxy login tokens.
Galaxy login tokens are saved to $XDG_CONFIG_HOME/lgogdownloader/galaxy_tokens.json

Config is now global in "Globals" namespace. I'm planning on splitting the config to smaller individual parts so this is probably going to change in the future.

I added 2 options to test some galaxy features. They are hidden from --help text so users don't think these are final or even working properly.
--galaxy-show-builds "product_id" - shows game builds for product id
--galaxy-show-builds "product_id/build_index" - shows some more info about specified game build

--galaxy-install "product_id" - installs the first build for product id (same as "product_id/0")
--galaxy-install "product_id/build_index" - installs a specified build, you can get the build index with --galaxy-show-builds

--list-details shows the numerical product id that you can use with --galaxy-show-builds and --galaxy-install

Galaxy support is limited to only English language Windows builds.
Only generation 2 builds are supported. GOG hasn't updated many older games to generation 2 builds yet. So expect to see "Only generation 2 builds are supported currently" error message a lot when testing this.
I haven't tested if this works with DLCs. Most likely it fails to install DLCs or just crashes when it encounters one.

It can't resume partial file downloads at this moment.

New dependencies:
boost-iostreams
avatar
shmerl: Are GOG changing the protocol often, or it looks stable? They claimed they don't want to publish it, because they expect to change it quite a lot, and efforts on clients based on that will be somewhat wasted because of it.
I've only spent a couple weeks looking at the API responses and I've only looked at the API traffic related to downloading files.
So far I haven't noticed any big changes. I guess that parts of the API that are for downloading files are quite stable but then again I haven't looked at it for that long time.
Downloading via lgogdownloader not working.

I'm on Arch Linux and tried downloading KotOR. I had lgogdownloader-git installed from the AUR, but there was, as usual, a issue with boost. This typically means I just need to compile it again. So I first compile and install the stable version, lgogdownder. This didn't work. [code]$ lgogdownloader --list --game knights
terminate called after throwing an instance of 'std::invalid_argument'
what(): stoi
Aborted (core dumped)
[/code]
I then install the tried-and-true lgogdownloader-git. I run the program again, and it works, listing KotOR. I then try to download it with --download but...
[code]
$ lgogdownloader --download --game knights
Getting game names (2/2) 60 / 60
Getting game info 1 / 1
2017-Mar-03 19:16:05 [Thread #1] Begin download: setup_sw_kotor_2.0.0.3.exe
2017-Mar-03 19:16:05 [Thread #0] Begin download: setup_sw_kotor_2.0.0.3.bin
2017-Mar-03 19:16:05 [Thread #2] Begin download: sw_kotor_manual.zip
2017-Mar-03 19:16:06 [Thread #1] Download complete (Failure when receiving data from the peer): setup_sw_kotor_2.0.0.3.exe
2017-Mar-03 19:16:06 [Thread #1] Finished all tasks
2017-Mar-03 19:16:06 [Thread #2] Download complete (Failure when receiving data from the peer): sw_kotor_manual.zip
2017-Mar-03 19:16:06 [Thread #2] Finished all tasks
2017-Mar-03 19:16:06 [Thread #0] Download complete (Failure when receiving data from the peer): setup_sw_kotor_2.0.0.3.bin
2017-Mar-03 19:16:06 [Thread #0] Finished all tasks
#0: Finished
#1: Finished
#2: Finished
[/code]
avatar
Lin545: ...
f5af312 Adds support for setting login info on command line or reading it from file

avatar
nstgc: Downloading via lgogdownloader not working.

I'm on Arch Linux and tried downloading KotOR. I had lgogdownloader-git installed from the AUR, but there was, as usual, a issue with boost. This typically means I just need to compile it again. So I first compile and install the stable version, lgogdownder. This didn't work. [code]$ lgogdownloader --list --game knights
terminate called after throwing an instance of 'std::invalid_argument'
what(): stoi
Aborted (core dumped)
[/code]
I then install the tried-and-true lgogdownloader-git. I run the program again, and it works, listing KotOR. I then try to download it with --download but...
[code]
$ lgogdownloader --download --game knights
Getting game names (2/2) 60 / 60
Getting game info 1 / 1
2017-Mar-03 19:16:05 [Thread #1] Begin download: setup_sw_kotor_2.0.0.3.exe
2017-Mar-03 19:16:05 [Thread #0] Begin download: setup_sw_kotor_2.0.0.3.bin
2017-Mar-03 19:16:05 [Thread #2] Begin download: sw_kotor_manual.zip
2017-Mar-03 19:16:06 [Thread #1] Download complete (Failure when receiving data from the peer): setup_sw_kotor_2.0.0.3.exe
2017-Mar-03 19:16:06 [Thread #1] Finished all tasks
2017-Mar-03 19:16:06 [Thread #2] Download complete (Failure when receiving data from the peer): sw_kotor_manual.zip
2017-Mar-03 19:16:06 [Thread #2] Finished all tasks
2017-Mar-03 19:16:06 [Thread #0] Download complete (Failure when receiving data from the peer): setup_sw_kotor_2.0.0.3.bin
2017-Mar-03 19:16:06 [Thread #0] Finished all tasks
#0: Finished
#1: Finished
#2: Finished
[/code]
Does this only happen with KotOR or also with other games?
I would be interested in output of "lgogdownloader --download --game knights --repair --verbose"
--repair is there to force downloader to use single threaded code path
Post edited March 06, 2017 by Sude
avatar
Sude: f5af312 Adds support for setting login info on command line or reading it from file
Thank you very much, Sude!!!
LGOGDownloader 3.2
- Fixed crash in Website::getGames
* Sometimes JSON value for updates was null. For example when user owns a dlc but not the base game. This caused a crash due to std::stoi throwing std::invalid_argument exception.
- Changed --login to use GOG Galaxy login method
* Galaxy login tokens are stored to "$XDG_CONFIG_HOME/lgogdownloader/galaxy_tokens.json"
- Added initial support for some Galaxy API features
- Show product id for game when using --list-details
* Product id is used with some Galaxy related commands

https://sites.google.com/site/gogdownloader/lgogdownloader-3.2.tar.gz

sha256: 9e60af50c18533884ca317778b291152d5f04d93dfd3dc2579f6f965538b2031
md5: 84163e5363ee88549f942c3a3451210d

New dependencies:
boost-iostreams (libboost-iostreams-dev)

New options for testing Galaxy features.
These are experimental and therefore hidden from help text to make sure users don't expect them to work properly.
These options are probably going to change in the future.

--galaxy-show-builds "product_id"
* Show game builds for product id (hard coded to only support generation 2 builds)
--galaxy-show-builds "product_id/build_index"
* Show some more information about specified game build
--galaxy-install "product_id"
* Install the first build for product id (same as "product_id/0")
--galaxy-install "product_id/build_index"
* Install game build specified by build index, you can get the build index with --galaxy-show-builds
--galaxy-platform "platform"
* Select platform for game (Linux is not supported by Galaxy API at the moment)
--galaxy-language "language"
* Select language for game