From f5dcaed5d0afa5ae03c57acee7e9771936c9b9c9 Mon Sep 17 00:00:00 2001
From: jan <jannihanewinkel@gmail.com>
Date: Fri, 24 Apr 2026 14:20:44 +0200
Subject: [PATCH] Tune fingerprint feedback defaults

---
 README.md                                 | 6 +++++-
 docs/gnome-fingerprint-feedback-deploy.md | 6 ++++--
 tools/gnome_fprint_feedback_setup.sh      | 8 ++++----
 3 files changed, 13 insertions(+), 7 deletions(-)
 mode change 100644 => 100755 tools/gnome_fprint_feedback_setup.sh

diff --git a/README.md b/README.md
index cf67f95..69fb09b 100644
--- a/README.md
+++ b/README.md
@@ -10,9 +10,13 @@ in GNOME/GDM on Fedora systems managed by `authselect`.
 
 ## Quick start
 ```bash
-sudo ./tools/gnome_fprint_feedback_setup.sh --max-tries 2 --timeout 6
+sudo ./tools/gnome_fprint_feedback_setup.sh
 ```
 
+The default tuning uses `max-tries=3 timeout=20`, which keeps fingerprint
+unlock available long enough after lockout or suspend while still providing
+clear failure feedback.
+
 ## Rollback
 ```bash
 sudo ./tools/gnome_fprint_feedback_rollback.sh
diff --git a/docs/gnome-fingerprint-feedback-deploy.md b/docs/gnome-fingerprint-feedback-deploy.md
index e198cfc..f2a82ee 100644
--- a/docs/gnome-fingerprint-feedback-deploy.md
+++ b/docs/gnome-fingerprint-feedback-deploy.md
@@ -19,7 +19,7 @@ sudo ./tools/gnome_fprint_feedback_setup.sh
 Custom tuning:
 
 ```bash
-sudo ./tools/gnome_fprint_feedback_setup.sh --max-tries 2 --timeout 6
+sudo ./tools/gnome_fprint_feedback_setup.sh --max-tries 3 --timeout 20
 ```
 
 ## Validate
@@ -34,7 +34,7 @@ grep pam_fprintd /etc/pam.d/fingerprint-auth
 Expected effective line:
 
 ```text
-pam_fprintd.so max-tries=2 timeout=6
+pam_fprintd.so max-tries=3 timeout=20
 ```
 
 ## Rollback
@@ -54,6 +54,8 @@ sudo ./tools/gnome_fprint_feedback_rollback.sh --remove-profile
 
 ## Notes
 - Scripts must be run as root.
+- The defaults are intentionally long enough for GNOME unlock after suspend;
+  too-short timeouts can make fingerprint unlock appear unavailable.
 - Setup stores previous `authselect current --raw` in:
   - `/etc/authselect/custom/local-fprint-feedback/.previous-authselect-raw`
 - If no saved state exists, rollback falls back to:
diff --git a/tools/gnome_fprint_feedback_setup.sh b/tools/gnome_fprint_feedback_setup.sh
old mode 100644
new mode 100755
index 92248d3..df0ddf7
--- a/tools/gnome_fprint_feedback_setup.sh
+++ b/tools/gnome_fprint_feedback_setup.sh
@@ -13,15 +13,15 @@ Applies an authselect custom profile that sets pam_fprintd parameters
 for faster visible fingerprint failure feedback in GDM/GNOME unlock.
 
 Options:
-  --max-tries N   Fingerprint tries before failure (default: 2)
-  --timeout SEC   Fingerprint timeout in seconds (default: 6)
+  --max-tries N   Fingerprint tries before failure (default: 3)
+  --timeout SEC   Fingerprint timeout in seconds (default: 20)
   --profile NAME  Custom authselect profile name (default: local-fprint-feedback)
   -h, --help      Show this help
 USAGE
 }
 
-MAX_TRIES=2
-TIMEOUT=6
+MAX_TRIES=3
+TIMEOUT=20
 
 while [[ $# -gt 0 ]]; do
   case "$1" in