diff --git a/README.md b/README.md index c5392e9..095958a 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,14 @@ -
+Icon + +# sudo-touchid - +[![Downloads](https://img.shields.io/github/downloads/artginzburg/sudo-touchid/total?color=teal)](https://github.com/artginzburg/sudo-touchid/releases) +[![Donate](https://img.shields.io/badge/buy%20me%20a%20coffee-donate-white)](https://github.com/artginzburg/sudo-touchid?sponsor=1) -### sudo-touchid +
Permanent [**TouchID**](https://support.apple.com/en-gb/guide/mac-help/mchl16fbf90a/mac) support for `sudo` - -![Preview](res/preview.png) -Just type git.io/sudotouchid to go here. -
## Try it out     without installing @@ -18,19 +17,30 @@ Permanent [**TouchID**](https://support.apple.com/en-gb/guide/mac-help/mchl16fbf curl -sL git.io/sudo-touch-id | sh ``` -> Now entering sudo mode is easier than ever, just like on GitHub โ€” with TouchID in Terminal or whatever you're on. Don't worry, you can also [reverse](#reverse-without-installation) it without installing +Now sudo is great, just like Safari โ€” with your fingerprint in Terminal or whatever you're on. -### Why? +> Don't worry, you can also [reverse](#usage) it without installing -Productivity ยท reliability โ€” macOS _updates_ do _reset_ `/etc/pam.d/sudo`, so previously users had to _manually_ edit the file after each upgrade. +
-This tool was born to automate the process, allowing for TouchID sudo auth to be **quickly enabled** on a new/clean system. +Result: -
+Preview -## Install +Just type git.io/sudotouchid to go here. -### Via [๐Ÿบ Homebrew](https://brew.sh/) +
+ +## Features + +- Fast +- Reliable +- Written in Bash โ€” no dependencies! +- Include it to your automated system build โ€” always working, always up to date with major macOS upgrades! + +## Install + +### Via [๐Ÿบ Homebrew](https://brew.sh/) (Recommended) ```powershell brew install artginzburg/tap/sudo-touchid @@ -45,11 +55,55 @@ sudo brew services start sudo-touchid curl -sL git.io/sudo-touchid | sh ``` -> Performs automated "manual" installation. But `brew install` is still the recommended way. +> Performs automated "manual" installation. + +## Usage + +```ps1 +sudo-touchid [options] + # Running without options adds TouchID parameter to sudo configuration + [-v, --version] # Output installed version + # Commands: + [-d, --disable] # Removes TouchID from sudo config +``` + +if not installed, can be used via `curl` + +```ps1 +sh <( curl -sL git.io/sudo-touch-id ) [options] + # Reliability โ€” check :) + [-d, --disable] # Removes TouchID from sudo config +```
-## What does it do? +### Why? + +1. Productivity + + macOS _updates_ do _reset_ `/etc/pam.d/sudo`, so previously users had to _manually_ edit the file after each upgrade. + + > This tool was born to automate the process, allowing for TouchID sudo auth to be **quickly enabled** on a new/clean system. + +2. Spreading the technology. + + I bet half of you didn't know. + + > It was there for a long time. + +3. Lightness + + The script is small, doesn't need any builds, doesn't need XCode. + + ##### Code size comparison โ€” previously favoured solution VS. the one you're currently reading: + + [![](https://img.shields.io/github/languages/code-size/mattrajca/sudo-touchid?color=brown&label=mattrajca/sudo-touchid%20โ€”%20code%20size)](https://github.com/mattrajca/sudo-touchid) + + ![](https://img.shields.io/github/languages/code-size/artginzburg/sudo-touchid?color=teal&label=artginzburg/sudo-touchid%20โ€”%20code%20size) + +
+ +## How does it work? #### `sudo-touchid.sh` โ€” the script: @@ -57,7 +111,7 @@ curl -sL git.io/sudo-touchid | sh - Creates a backup file named `sudo.bak`. -- Has a `--disable` (`-D`) option that performs the opposite of the steps above. +- Has a `--disable` (`-d`) option that performs the opposite of the steps above.
Non-Homebrew files: @@ -87,38 +141,16 @@ curl -sL git.io/sudo-touchid | sh
-### Why this? - -Fast ยท [Reversible](#reverse-without-installation) ยท Reliable - -> Unlike other solutions, this can be included to your automated system build with `brew install artginzburg/tap/sudo-touchid && sudo brew services start sudo-touchid`. Always working, always up to date with major macOS upgrades! - -Also, the script is small, doesn't need any builds, doesn't need XCode. - -Take a look at code size comparison of the previously favoured solution to the one you're currently reading: +## Contributing -[![](https://img.shields.io/github/languages/code-size/mattrajca/sudo-touchid?color=critical&label=mattrajca/sudo-touchid%20code%20size)](https://github.com/mattrajca/sudo-touchid) -![](https://img.shields.io/github/languages/code-size/artginzburg/sudo-touchid?color=success&label=artginzburg/sudo-touchid%20code%20size) - -that is about 6718 times difference. - -
- -### Reverse without installation +##### [PRs](https://github.com/artginzburg/sudo-touchid/pulls) and [Issues](https://github.com/artginzburg/sudo-touchid/issues/new/choose) are much welcome! -```ps1 -sh <( curl -sL git.io/sudo-touch-id ) -D -``` +If you don't like something โ€” change it or inform the ones willing to help.
-### Contributing - -##### [PRs](https://github.com/artginzburg/sudo-touchid/pulls) and [Issues](https://github.com/artginzburg/sudo-touchid/issues/new/choose) are much welcome! -If you don't like something โ€” change it or inform the ones willing to help. - -### Related +## Related -#### Disabling password prompt for `sudo` +### Disabling password prompt for `sudo` - Change `%admin ALL=(ALL) ALL` to `%admin ALL=(ALL) NOPASSWD: ALL` in `/etc/sudoers` diff --git a/sudo-touchid.sh b/sudo-touchid.sh index 83fa426..aab5659 100755 --- a/sudo-touchid.sh +++ b/sudo-touchid.sh @@ -1,45 +1,102 @@ -#!/bin/sh +#!/bin/bash -VERSION=0.2 +VERSION=0.3 +readable_name='[TouchID for sudo]' +backup_ext='.bak' -sudo_touchid_disable() { - local touch_pam='auth sufficient pam_tid.so' - local sudo_path='/etc/pam.d/sudo' +touch_pam='auth sufficient pam_tid.so' +sudo_path='/etc/pam.d/sudo' - if grep -e "^$touch_pam$" "$sudo_path" &> /dev/null; then - echo "The following will be your $sudo_path after disabling:\n" - grep -v "^$touch_pam$" "$sudo_path" - echo - read -p "Are you sure? [y] to confirm " -n 1 -r +# Source: https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh +getc() { + local save_state + save_state="$(/bin/stty -g)" + /bin/stty raw -echo + IFS='' read -r -n 1 -d '' "$@" + /bin/stty "${save_state}" +} +wait_for_user() { + local c + echo + echo "Press RETURN to continue or any other key to abort" + getc c + # we test for \r and \n because some stuff does \r instead + if ! [[ "${c}" == $'\r' || "${c}" == $'\n' ]]; then + exit 1 + fi +} +# Source end. + +display_backup_info() { + echo "Created a backup file at $sudo_path$backup_ext" + echo +} + +display_sudo_without_touch_pam() { + grep -v "^$touch_pam$" "$sudo_path" +} + +touch_pam_at_sudo_path_check_exists() { + grep -q -e "^$touch_pam$" "$sudo_path" +} + +touch_pam_at_sudo_path_insert() { + sudo sed -E -i "$backup_ext" "1s/^(#.*)$/\1\n$touch_pam/" "$sudo_path" +} + +touch_pam_at_sudo_path_remove() { + sudo sed -i "$backup_ext" -e "/^$touch_pam$/d" "$sudo_path" +} + +sudo_touchid_disable() { + if touch_pam_at_sudo_path_check_exists; then + echo "The following will be your $sudo_path after disabling:" echo - if [[ $REPLY =~ ^[Yy]$ ]]; then - sudo sed -i '.bak' -e "/^$touch_pam$/d" "$sudo_path" + display_sudo_without_touch_pam + wait_for_user + if touch_pam_at_sudo_path_remove; then + display_backup_info + echo "$readable_name has been disabled." + else + echo "$readable_name failed to disable" fi - else - echo "TouchID for sudo seems not to be enabled" + else + echo "$readable_name seems to be already disabled" fi } -sudo_touchid() { - local touch_pam='auth sufficient pam_tid.so' - local sudo_path='/etc/pam.d/sudo' +sudo_touchid_enable() { + if touch_pam_at_sudo_path_check_exists; then + echo "$readable_name seems to be enabled already" + else + if touch_pam_at_sudo_path_insert; then + display_backup_info + echo "$readable_name enabled successfully." + else + echo "$readable_name failed to execute" + fi + fi +} +sudo_touchid() { for opt in "${@}"; do case "$opt" in - -V|--version) - echo "$VERSION" - return 0 + -v | --version) + echo "v$VERSION" + return 0 ;; - -D|--disable) - sudo_touchid_disable - return 0 + -d | --disable) + sudo_touchid_disable + return 0 + ;; + *) + echo "$readable_name Unknown option: $opt" + return 0 ;; esac done - grep -e "^$touch_pam$" "$sudo_path" &> /dev/null - if [ $? -ne 0 ]; then - sudo sed -E -i '.bak' "1s/^(#.*)$/\1\n$touch_pam/" "$sudo_path" - fi + sudo_touchid_enable } + sudo_touchid "${@}"