From d2598464d6f07ff4800a14f51f040fae58385065 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Wed, 9 Jul 2025 20:26:43 -0400
Subject: [PATCH 1/7] Switch to polkit-gnome to make fingerprint authentication
 work better

hyprpolkit was not designed well for fingerprint authentication. It
doesn't allow you to easily deal with both fingerprints and passwords in
the same configuration.
---
 bin/omarchy-fingerprint-setup | 20 +++++++++++++++++---
 default/hypr/autostart.conf   |  3 ++-
 install/hyprlandia.sh         |  2 +-
 migrations/1752104271.sh      |  4 ++++
 4 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 migrations/1752104271.sh

diff --git a/bin/omarchy-fingerprint-setup b/bin/omarchy-fingerprint-setup
index d23a0fc..48e5bca 100755
--- a/bin/omarchy-fingerprint-setup
+++ b/bin/omarchy-fingerprint-setup
@@ -2,9 +2,23 @@
 
 yay -S --noconfirm --needed fprintd libfprint
 
-# Add fingerprint authentication as a sufficient option
-grep -q 'pam_fprintd.so' /etc/pam.d/system-auth ||
-  sudo sed -i '/^auth.*pam_unix.so/ i auth       sufficient                  pam_fprintd.so' /etc/pam.d/system-auth
+# Add fingerprint authentication as an option for sudo
+if ! grep -q pam_fprintd.so /etc/pam.d/sudo; then
+  sudo sed -i '1i auth    sufficient pam_fprintd.so' /etc/pam.d/sudo
+fi
+
+# Add fingerprint authentication as an option for hyprpolkitagent
+if [ ! -f /etc/pam.d/polkit-1 ] || ! grep -q pam_fprintd.so /etc/pam.d/polkit-1; then
+  sudo tee /etc/pam.d/polkit-1 >/dev/null <<'EOF'
+auth      required pam_unix.so
+auth      optional pam_fprintd.so
+
+account   required pam_unix.so
+password  required pam_unix.so
+session   required pam_unix.so
+EOF
+fi
+
 systemctl --user restart hyprpolkitagent
 
 # Enroll the first finger
diff --git a/default/hypr/autostart.conf b/default/hypr/autostart.conf
index 089f64a..c840548 100644
--- a/default/hypr/autostart.conf
+++ b/default/hypr/autostart.conf
@@ -1,4 +1,5 @@
 exec-once = hypridle & mako & waybar & fcitx5
 exec-once = swaybg -i ~/.config/omarchy/current/background -m fill
-exec-once = systemctl --user start hyprpolkitagent
+# exec-once = systemctl --user start hyprpolkitagent
+exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
 exec-once = wl-clip-persist --clipboard regular
diff --git a/install/hyprlandia.sh b/install/hyprlandia.sh
index a320d9d..a7e0c3b 100644
--- a/install/hyprlandia.sh
+++ b/install/hyprlandia.sh
@@ -1,5 +1,5 @@
 yay -S --noconfirm --needed \
-  hyprland hyprshot hyprpicker hyprlock hypridle hyprpolkitagent hyprland-qtutils \
+  hyprland hyprshot hyprpicker hyprlock hypridle polkit-gnome hyprland-qtutils \
   wofi waybar mako swaybg \
   xdg-desktop-portal-hyprland xdg-desktop-portal-gtk
 
diff --git a/migrations/1752104271.sh b/migrations/1752104271.sh
new file mode 100644
index 0000000..ace1ef9
--- /dev/null
+++ b/migrations/1752104271.sh
@@ -0,0 +1,4 @@
+yay -S --noconfirm --needed polkit-gnome
+systemctl --user stop hyprpolkitagent
+systemctl --user disable hyprpolkitagent
+yay -Rns --noconfirm hyprpolkitagent

From 5684aa80d83dd384564bd430c88a22445d27ea05 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Wed, 9 Jul 2025 20:30:16 -0400
Subject: [PATCH 2/7] Make sure to run polkit-gnome after migrating to it

---
 migrations/1752104271.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/migrations/1752104271.sh b/migrations/1752104271.sh
index ace1ef9..64c6186 100644
--- a/migrations/1752104271.sh
+++ b/migrations/1752104271.sh
@@ -2,3 +2,4 @@ yay -S --noconfirm --needed polkit-gnome
 systemctl --user stop hyprpolkitagent
 systemctl --user disable hyprpolkitagent
 yay -Rns --noconfirm hyprpolkitagent
+setsid /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &

From 929aafc17c03c4048af4a00b8dfea6b97a74686c Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Wed, 9 Jul 2025 20:31:50 -0400
Subject: [PATCH 3/7] Guard against running it twice

---
 migrations/1752104271.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/migrations/1752104271.sh b/migrations/1752104271.sh
index 64c6186..dda375c 100644
--- a/migrations/1752104271.sh
+++ b/migrations/1752104271.sh
@@ -1,5 +1,7 @@
-yay -S --noconfirm --needed polkit-gnome
-systemctl --user stop hyprpolkitagent
-systemctl --user disable hyprpolkitagent
-yay -Rns --noconfirm hyprpolkitagent
-setsid /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &
+if ! command -v /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &>/dev/null; then
+  yay -S --noconfirm --needed polkit-gnome
+  systemctl --user stop hyprpolkitagent
+  systemctl --user disable hyprpolkitagent
+  yay -Rns --noconfirm hyprpolkitagent
+  setsid /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &
+fi

From 089f73c518a44d5804d90307cf779efa42bdaee1 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Wed, 9 Jul 2025 17:41:06 -0700
Subject: [PATCH 4/7] Remove commented out exec

---
 default/hypr/autostart.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/default/hypr/autostart.conf b/default/hypr/autostart.conf
index c840548..4bc01c3 100644
--- a/default/hypr/autostart.conf
+++ b/default/hypr/autostart.conf
@@ -1,5 +1,4 @@
 exec-once = hypridle & mako & waybar & fcitx5
 exec-once = swaybg -i ~/.config/omarchy/current/background -m fill
-# exec-once = systemctl --user start hyprpolkitagent
 exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
 exec-once = wl-clip-persist --clipboard regular

From 6434fddb594b0440ac4bb1f5043da5af64a6dc6a Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Wed, 9 Jul 2025 20:45:17 -0400
Subject: [PATCH 5/7] Explain migration

---
 migrations/1752104271.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/migrations/1752104271.sh b/migrations/1752104271.sh
index dda375c..b00e99a 100644
--- a/migrations/1752104271.sh
+++ b/migrations/1752104271.sh
@@ -1,3 +1,4 @@
+echo "Switching to polkit-gnome for better fingerprint authentication compatibility"
 if ! command -v /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &>/dev/null; then
   yay -S --noconfirm --needed polkit-gnome
   systemctl --user stop hyprpolkitagent

From c567dbffaa222891535e187cec44bbbd4a51b15e Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Wed, 9 Jul 2025 20:46:43 -0400
Subject: [PATCH 6/7] Only allow fingerprint setup if a sensor is detected

---
 bin/omarchy-fingerprint-setup | 48 +++++++++++++++++++----------------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/bin/omarchy-fingerprint-setup b/bin/omarchy-fingerprint-setup
index 48e5bca..98b8af3 100755
--- a/bin/omarchy-fingerprint-setup
+++ b/bin/omarchy-fingerprint-setup
@@ -1,15 +1,18 @@
 #!/bin/bash
 
-yay -S --noconfirm --needed fprintd libfprint
+yay -S --noconfirm --needed fprintd libfprint lsusb
 
-# Add fingerprint authentication as an option for sudo
-if ! grep -q pam_fprintd.so /etc/pam.d/sudo; then
-  sudo sed -i '1i auth    sufficient pam_fprintd.so' /etc/pam.d/sudo
-fi
+if ! lsusb | grep -iq fingerprint; then
+  echo "No fingerprint sensor detected."
+else
+  # Add fingerprint authentication as an option for sudo
+  if ! grep -q pam_fprintd.so /etc/pam.d/sudo; then
+    sudo sed -i '1i auth    sufficient pam_fprintd.so' /etc/pam.d/sudo
+  fi
 
-# Add fingerprint authentication as an option for hyprpolkitagent
-if [ ! -f /etc/pam.d/polkit-1 ] || ! grep -q pam_fprintd.so /etc/pam.d/polkit-1; then
-  sudo tee /etc/pam.d/polkit-1 >/dev/null <<'EOF'
+  # Add fingerprint authentication as an option for hyprpolkitagent
+  if [ ! -f /etc/pam.d/polkit-1 ] || ! grep -q pam_fprintd.so /etc/pam.d/polkit-1; then
+    sudo tee /etc/pam.d/polkit-1 >/dev/null <<'EOF'
 auth      required pam_unix.so
 auth      optional pam_fprintd.so
 
@@ -17,18 +20,19 @@ account   required pam_unix.so
 password  required pam_unix.so
 session   required pam_unix.so
 EOF
-fi
-
-systemctl --user restart hyprpolkitagent
-
-# Enroll the first finger
-echo -e "\e[32m\nLet's setup your right index finger as the first fingerprint.\nKeep moving the finger around on sensor until the process completes.\n\e[0m"
-sudo fprintd-enroll $USER
-
-echo -e "\e[32m\nNow let's verify that it's working correctly.\e[0m\n"
-
-if fprintd-verify; then
-  echo -e "\e[32m\nPerfect! Now you can use your fingerprint on the lock screen (Super + Escape).\e[0m"
-else
-  echo -e "\e[31m\nSomething went wrong. Maybe try again?\e[0m"
+  fi
+
+  systemctl --user restart hyprpolkitagent
+
+  # Enroll the first finger
+  echo -e "\e[32m\nLet's setup your right index finger as the first fingerprint.\nKeep moving the finger around on sensor until the process completes.\n\e[0m"
+  sudo fprintd-enroll $USER
+
+  echo -e "\e[32m\nNow let's verify that it's working correctly.\e[0m\n"
+
+  if fprintd-verify; then
+    echo -e "\e[32m\nPerfect! Now you can use your fingerprint on the lock screen (Super + Escape).\e[0m"
+  else
+    echo -e "\e[31m\nSomething went wrong. Maybe try again?\e[0m"
+  fi
 fi

From 4f77e71d2c8181d6cf771cbd3ffa8c861f25ecdb Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Wed, 9 Jul 2025 17:47:54 -0700
Subject: [PATCH 7/7] Red means no!

---
 bin/omarchy-fingerprint-setup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/omarchy-fingerprint-setup b/bin/omarchy-fingerprint-setup
index 98b8af3..0a7e09a 100755
--- a/bin/omarchy-fingerprint-setup
+++ b/bin/omarchy-fingerprint-setup
@@ -3,7 +3,7 @@
 yay -S --noconfirm --needed fprintd libfprint lsusb
 
 if ! lsusb | grep -iq fingerprint; then
-  echo "No fingerprint sensor detected."
+  echo -e "\e[31m\nNo fingerprint sensor detected.\e[0m"
 else
   # Add fingerprint authentication as an option for sudo
   if ! grep -q pam_fprintd.so /etc/pam.d/sudo; then