Dateien nach "Main" hochladen

Main/gnome-fingerprint-feedback-deploy.md

@@ -0,0 +1,59 @@
+# GNOME/GDM Fingerprint Feedback Deployment
+
+This provides a team-friendly deployment path for faster visible fingerprint failure feedback on Fedora systems using authselect.
+
+## Files
+- `tools/gnome_fprint_feedback_setup.sh`
+- `tools/gnome_fprint_feedback_rollback.sh`
+
+## Apply
+
+Default (recommended):
+
+```bash
+cd /home/jan/Documents/RFP/WLED-MM/repo
+sudo ./tools/gnome_fprint_feedback_setup.sh
+```
+
+Custom tuning:
+
+```bash
+sudo ./tools/gnome_fprint_feedback_setup.sh --max-tries 2 --timeout 6
+```
+
+## Validate
+
+```bash
+authselect current --raw
+authselect check
+grep pam_fprintd /etc/authselect/custom/local-fprint-feedback/fingerprint-auth
+grep pam_fprintd /etc/pam.d/fingerprint-auth
+```
+
+Expected effective line:
+
+```text
+pam_fprintd.so max-tries=2 timeout=6
+```
+
+## Rollback
+
+Restore previous authselect selection saved during setup:
+
+```bash
+cd /home/jan/Documents/RFP/WLED-MM/repo
+sudo ./tools/gnome_fprint_feedback_rollback.sh
+```
+
+Rollback and remove custom profile directory:
+
+```bash
+sudo ./tools/gnome_fprint_feedback_rollback.sh --remove-profile
+```
+
+## Notes
+- Scripts must be run as root.
+- Setup stores previous `authselect current --raw` in:
+  - `/etc/authselect/custom/local-fprint-feedback/.previous-authselect-raw`
+- If no saved state exists, rollback falls back to:
+  - `local with-fingerprint with-silent-lastlog with-mdns4`

Main/gnome_fprint_feedback_rollback.sh

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PROFILE_NAME="local-fprint-feedback"
+PROFILE_PATH="/etc/authselect/custom/${PROFILE_NAME}"
+STATE_FILE="${PROFILE_PATH}/.previous-authselect-raw"
+REMOVE_PROFILE=false
+
+usage() {
+  cat <<USAGE
+Usage: sudo $0 [--profile NAME] [--remove-profile]
+
+Restores the previous authselect selection captured by setup script.
+If no saved state exists, falls back to local profile with common features.
+
+Options:
+  --profile NAME    Custom authselect profile name (default: local-fprint-feedback)
+  --remove-profile  Remove the custom profile directory after rollback
+  -h, --help        Show this help
+USAGE
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --profile)
+      PROFILE_NAME="$2"
+      PROFILE_PATH="/etc/authselect/custom/${PROFILE_NAME}"
+      STATE_FILE="${PROFILE_PATH}/.previous-authselect-raw"
+      shift 2
+      ;;
+    --remove-profile)
+      REMOVE_PROFILE=true
+      shift
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "Unknown argument: $1" >&2
+      usage >&2
+      exit 2
+      ;;
+  esac
+done
+
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Please run as root (sudo)." >&2
+  exit 1
+fi
+
+if ! command -v authselect >/dev/null 2>&1; then
+  echo "authselect not found." >&2
+  exit 1
+fi
+
+if [[ -f "$STATE_FILE" ]]; then
+  PREV_RAW="$(tr -d '\r' < "$STATE_FILE" | head -n1)"
+  PREV_PROFILE="${PREV_RAW%% *}"
+  PREV_FEATURES="${PREV_RAW#${PREV_PROFILE}}"
+  PREV_FEATURES="${PREV_FEATURES# }"
+  if [[ -n "$PREV_PROFILE" ]]; then
+    # shellcheck disable=SC2086
+    authselect select "$PREV_PROFILE" $PREV_FEATURES --force
+  else
+    authselect select local with-fingerprint with-silent-lastlog with-mdns4 --force
+  fi
+else
+  authselect select local with-fingerprint with-silent-lastlog with-mdns4 --force
+fi
+
+authselect apply-changes
+authselect check
+
+if [[ "$REMOVE_PROFILE" == true ]] && [[ -d "$PROFILE_PATH" ]]; then
+  rm -rf "$PROFILE_PATH"
+  echo "Removed profile directory: $PROFILE_PATH"
+fi
+
+echo "Rollback complete. Active profile: $(authselect current --raw)"
+echo "Effective pam_fprintd line:"
+grep -n 'pam_fprintd' /etc/pam.d/fingerprint-auth || true

Main/gnome_fprint_feedback_setup.sh

@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PROFILE_NAME="local-fprint-feedback"
+PROFILE_PATH="/etc/authselect/custom/${PROFILE_NAME}"
+STATE_FILE="${PROFILE_PATH}/.previous-authselect-raw"
+
+usage() {
+  cat <<USAGE
+Usage: sudo $0 [--max-tries N] [--timeout SEC] [--profile NAME]
+
+Applies an authselect custom profile that sets pam_fprintd parameters
+for faster visible fingerprint failure feedback in GDM/GNOME unlock.
+
+Options:
+  --max-tries N   Fingerprint tries before failure (default: 2)
+  --timeout SEC   Fingerprint timeout in seconds (default: 6)
+  --profile NAME  Custom authselect profile name (default: local-fprint-feedback)
+  -h, --help      Show this help
+USAGE
+}
+
+MAX_TRIES=2
+TIMEOUT=6
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --max-tries)
+      MAX_TRIES="$2"
+      shift 2
+      ;;
+    --timeout)
+      TIMEOUT="$2"
+      shift 2
+      ;;
+    --profile)
+      PROFILE_NAME="$2"
+      PROFILE_PATH="/etc/authselect/custom/${PROFILE_NAME}"
+      STATE_FILE="${PROFILE_PATH}/.previous-authselect-raw"
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "Unknown argument: $1" >&2
+      usage >&2
+      exit 2
+      ;;
+  esac
+done
+
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Please run as root (sudo)." >&2
+  exit 1
+fi
+
+if ! command -v authselect >/dev/null 2>&1; then
+  echo "authselect not found." >&2
+  exit 1
+fi
+
+if ! [[ "$MAX_TRIES" =~ ^-?[0-9]+$ ]] || ! [[ "$TIMEOUT" =~ ^-?[0-9]+$ ]]; then
+  echo "--max-tries and --timeout must be integers." >&2
+  exit 2
+fi
+
+CURRENT_RAW="$(authselect current --raw)"
+CURRENT_PROFILE="${CURRENT_RAW%% *}"
+CURRENT_FEATURES="${CURRENT_RAW#${CURRENT_PROFILE}}"
+CURRENT_FEATURES="${CURRENT_FEATURES# }"
+
+if [[ ! -d "$PROFILE_PATH" ]]; then
+  authselect create-profile "$PROFILE_NAME" -b local
+fi
+
+FP_FILE="${PROFILE_PATH}/fingerprint-auth"
+if [[ ! -f "$FP_FILE" ]]; then
+  echo "Expected file not found: $FP_FILE" >&2
+  exit 1
+fi
+
+if [[ ! -f "$STATE_FILE" ]]; then
+  printf '%s\n' "$CURRENT_RAW" > "$STATE_FILE"
+fi
+
+cp -a "$FP_FILE" "${FP_FILE}.bak.$(date +%Y%m%d%H%M%S)"
+perl -0pi -e "s/pam_fprintd\\.so\\b[^\\n]*/pam_fprintd.so max-tries=${MAX_TRIES} timeout=${TIMEOUT}/" "$FP_FILE"
+
+if [[ "$CURRENT_PROFILE" == "custom/${PROFILE_NAME}" ]]; then
+  SELECT_FEATURES="$CURRENT_FEATURES"
+else
+  SELECT_FEATURES="$CURRENT_FEATURES"
+fi
+
+if ! grep -q 'with-fingerprint' <<<"$SELECT_FEATURES"; then
+  SELECT_FEATURES="${SELECT_FEATURES:+$SELECT_FEATURES }with-fingerprint"
+fi
+
+# shellcheck disable=SC2086
+authselect select "custom/${PROFILE_NAME}" $SELECT_FEATURES --force
+authselect apply-changes
+authselect check
+
+echo "Applied custom authselect profile: custom/${PROFILE_NAME}"
+echo "Active profile: $(authselect current --raw)"
+echo "Effective pam_fprintd line:"
+grep -n 'pam_fprintd' /etc/pam.d/fingerprint-auth