Merge pull request #171 from icehunt/fido2-setup-script

add fido2-setup script
2025-07-27 04:09:23 +00:00 · 2025-07-17 17:39:09 -04:00
parent 3f01ced913 86bf311866
commit 729cd6a3a2
1 changed files with 34 additions and 0 deletions
--- a/bin/omarchy-fido2-setup
+++ b/bin/omarchy-fido2-setup
@ -0,0 +1,34 @@
+#!/bin/bash
+
+yay -S --noconfirm --needed libfido2 pam-u2f
+
+# Check if the user doesn't want sudo
+while [[ $# -gt 0 ]]; do
+  case $1 in
+  --no-sudo) exit 0 ;;
+  *)
+    echo "Unknown option: $1 \n --no-sudo is the only option"
+    exit 1
+    ;;
+  esac
+  shift
+done
+
+tokens=$(fido2-token -L)
+if [ -z "$tokens" ]; then
+  echo -e "\e[31m\nNo fido2 device detected. Plug it in, you may have to unlock it as well\e[0m"
+else
+
+  # Create the pamu2fcfg file
+  if [ ! -f /etc/fido2/fido2 ]; then
+    sudo mkdir -p /etc/fido2
+    echo -e "\e[32m\nLet's setup your device, confirm on the device now\n\e[0m"
+    pamu2fcfg >/tmp/fido2 # This needs to run as the user
+    sudo mv /tmp/fido2 /etc/fido2/fido2
+  fi
+
+  # Add fido2 auth as an option for sudo
+  if ! grep -q pam_u2f.so /etc/pam.d/sudo; then
+    sudo sed -i '1i auth    sufficient pam_u2f.so cue authfile=/etc/fido2/fido2' /etc/pam.d/sudo
+  fi
+fi