squatto/.enable_sudo_touchid.zsh

## .enable_sudo_touchid.zsh
# Ensure that Touch ID for sudo auth is enabled whenever the shell is loaded.
#
# IMPORTANT: This script will only work on macOS.
#
# [Description]
# macOS versions prior to Sonoma (released late 2023) overwrite
# the PAM configuration file for sudo (/etc/pam.d/sudo) every time the OS is updated.
# This means that any changes that you manually make to the file are lost,
# and you are reverted back to Touch ID for sudo auth being disabled.
# This script will automatically enable Touch ID for sudo auth whenever the shell is loaded.
# (assuming that you have sourced this script from your ~/.zshrc file)
#
# When macOS Sonoma is released in late 2023, this script will no longer be necessary
# because there is an official way to enable Touch ID for sudo auth that persists across OS updates.
# See here for more info: https://sixcolors.com/post/2023/08/in-macos-sonoma-touch-id-for-sudo-can-survive-updates/
#
# [Installation]
# 1. Save this script to ~/.enable_sudo_touchid.zsh
# 2. Source this script from your ~/.zshrc file.
#    Add the following as the very first thing in your ~/.zshrc file.
#    If you are using Fig (https://fig.io/), then add it immediately after Fig's pre-block.
#
#    ```
#    # Enable Touch ID for sudo auth
#    # IMPORTANT: This script MUST BE sourced BEFORE Powerlevel10k or oh-my-zsh are sourced!
#    [[ -f "$HOME/.enable_sudo_touchid.zsh" ]] && builtin source "$HOME/.enable_sudo_touchid.zsh"
#    ```
#

enable-sudo-touchid() {
    if [[ "$(uname)" != 'Darwin' ]]; then
        # this script only works on macOS
        return
    fi

    if grep 'pam_tid.so' /etc/pam.d/sudo --silent; then
        # Touch ID for sudo auth is already enabled
        return
    fi

    # Touch ID for sudo auth is not enabled, so prompt the user to enable it

    echo
    echo "❗️ NOTICE ❗️"
    echo "Touch ID for sudo auth is not currently enabled! 🙀"
    echo "Enter your sudo password to enable it or press CTRL+C to return to your prompt."
    echo

    sudo sed -i -e '1s;^;auth       sufficient     pam_tid.so\n;' /etc/pam.d/sudo

    echo

    if grep 'pam_tid.so' /etc/pam.d/sudo --silent; then
        echo "🔐 Touch ID for sudo auth has been enabled!"
    else
        echo "❌ Touch ID for sudo auth was not enabled"
    fi

    echo
}

# immediately call the function to ensure that
# Touch ID for sudo auth is enabled whenever the shell is loaded
enable-sudo-touchid
	# Ensure that Touch ID for sudo auth is enabled whenever the shell is loaded.
	#
	# IMPORTANT: This script will only work on macOS.
	#
	# [Description]
	# macOS versions prior to Sonoma (released late 2023) overwrite
	# the PAM configuration file for sudo (/etc/pam.d/sudo) every time the OS is updated.
	# This means that any changes that you manually make to the file are lost,
	# and you are reverted back to Touch ID for sudo auth being disabled.
	# This script will automatically enable Touch ID for sudo auth whenever the shell is loaded.
	# (assuming that you have sourced this script from your ~/.zshrc file)
	#
	# When macOS Sonoma is released in late 2023, this script will no longer be necessary
	# because there is an official way to enable Touch ID for sudo auth that persists across OS updates.
	# See here for more info: https://sixcolors.com/post/2023/08/in-macos-sonoma-touch-id-for-sudo-can-survive-updates/
	#
	# [Installation]
	# 1. Save this script to ~/.enable_sudo_touchid.zsh
	# 2. Source this script from your ~/.zshrc file.
	# Add the following as the very first thing in your ~/.zshrc file.
	# If you are using Fig (https://fig.io/), then add it immediately after Fig's pre-block.
	#
	# ```
	# # Enable Touch ID for sudo auth
	# # IMPORTANT: This script MUST BE sourced BEFORE Powerlevel10k or oh-my-zsh are sourced!
	# [[ -f "$HOME/.enable_sudo_touchid.zsh" ]] && builtin source "$HOME/.enable_sudo_touchid.zsh"
	# ```
	#

	enable-sudo-touchid() {
	if [[ "$(uname)" != 'Darwin' ]]; then
	# this script only works on macOS
	return
	fi

	if grep 'pam_tid.so' /etc/pam.d/sudo --silent; then
	# Touch ID for sudo auth is already enabled
	return
	fi

	# Touch ID for sudo auth is not enabled, so prompt the user to enable it

	echo
	echo "❗️ NOTICE ❗️"
	echo "Touch ID for sudo auth is not currently enabled! 🙀"
	echo "Enter your sudo password to enable it or press CTRL+C to return to your prompt."
	echo

	sudo sed -i -e '1s;^;auth sufficient pam_tid.so\n;' /etc/pam.d/sudo

	echo

	if grep 'pam_tid.so' /etc/pam.d/sudo --silent; then
	echo "🔐 Touch ID for sudo auth has been enabled!"
	else
	echo "❌ Touch ID for sudo auth was not enabled"
	fi

	echo
	}

	# immediately call the function to ensure that
	# Touch ID for sudo auth is enabled whenever the shell is loaded
	enable-sudo-touchid