Switch to polkit-gnome to make fingerprint authentication work better

hyprpolkit was not designed well for fingerprint authentication. It doesn't allow you to easily deal with both fingerprints and passwords in the same configuration.
2025-07-27 04:09:23 +00:00 · 2025-07-09 20:26:43 -04:00
parent 5f46b7560e
commit d2598464d6
4 changed files with 24 additions and 5 deletions
--- a/bin/omarchy-fingerprint-setup
+++ b/bin/omarchy-fingerprint-setup
@ -2,9 +2,23 @@

 yay -S --noconfirm --needed fprintd libfprint

-# Add fingerprint authentication as a sufficient option
-grep -q 'pam_fprintd.so' /etc/pam.d/system-auth ||
-  sudo sed -i '/^auth.*pam_unix.so/ i auth       sufficient                  pam_fprintd.so' /etc/pam.d/system-auth
+# Add fingerprint authentication as an option for sudo
+if ! grep -q pam_fprintd.so /etc/pam.d/sudo; then
+  sudo sed -i '1i auth    sufficient pam_fprintd.so' /etc/pam.d/sudo
+fi
+
+# Add fingerprint authentication as an option for hyprpolkitagent
+if [ ! -f /etc/pam.d/polkit-1 ] || ! grep -q pam_fprintd.so /etc/pam.d/polkit-1; then
+  sudo tee /etc/pam.d/polkit-1 >/dev/null <<'EOF'
+auth      required pam_unix.so
+auth      optional pam_fprintd.so
+
+account   required pam_unix.so
+password  required pam_unix.so
+session   required pam_unix.so
+EOF
+fi
+
 systemctl --user restart hyprpolkitagent

 # Enroll the first finger
--- a/default/hypr/autostart.conf
+++ b/default/hypr/autostart.conf
@ -1,4 +1,5 @@
 exec-once = hypridle & mako & waybar & fcitx5
 exec-once = swaybg -i ~/.config/omarchy/current/background -m fill
-exec-once = systemctl --user start hyprpolkitagent
+# exec-once = systemctl --user start hyprpolkitagent
+exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
 exec-once = wl-clip-persist --clipboard regular
--- a/install/hyprlandia.sh
+++ b/install/hyprlandia.sh
@ -1,5 +1,5 @@
 yay -S --noconfirm --needed \
-  hyprland hyprshot hyprpicker hyprlock hypridle hyprpolkitagent hyprland-qtutils \
+  hyprland hyprshot hyprpicker hyprlock hypridle polkit-gnome hyprland-qtutils \
  wofi waybar mako swaybg \
  xdg-desktop-portal-hyprland xdg-desktop-portal-gtk

--- a/migrations/1752104271.sh
+++ b/migrations/1752104271.sh
@ -0,0 +1,4 @@
+yay -S --noconfirm --needed polkit-gnome
+systemctl --user stop hyprpolkitagent
+systemctl --user disable hyprpolkitagent
+yay -Rns --noconfirm hyprpolkitagent