#!/usr/bin/env bash set -euo pipefail PROFILE_NAME="local-fprint-feedback" PROFILE_PATH="/etc/authselect/custom/${PROFILE_NAME}" STATE_FILE="${PROFILE_PATH}/.previous-authselect-raw" REMOVE_PROFILE=false usage() { cat <&2 usage >&2 exit 2 ;; esac done if [[ "${EUID}" -ne 0 ]]; then echo "Please run as root (sudo)." >&2 exit 1 fi if ! command -v authselect >/dev/null 2>&1; then echo "authselect not found." >&2 exit 1 fi if [[ -f "$STATE_FILE" ]]; then PREV_RAW="$(tr -d '\r' < "$STATE_FILE" | head -n1)" PREV_PROFILE="${PREV_RAW%% *}" PREV_FEATURES="${PREV_RAW#${PREV_PROFILE}}" PREV_FEATURES="${PREV_FEATURES# }" if [[ -n "$PREV_PROFILE" ]]; then # shellcheck disable=SC2086 authselect select "$PREV_PROFILE" $PREV_FEATURES --force else authselect select local with-fingerprint with-silent-lastlog with-mdns4 --force fi else authselect select local with-fingerprint with-silent-lastlog with-mdns4 --force fi authselect apply-changes authselect check if [[ "$REMOVE_PROFILE" == true ]] && [[ -d "$PROFILE_PATH" ]]; then rm -rf "$PROFILE_PATH" echo "Removed profile directory: $PROFILE_PATH" fi echo "Rollback complete. Active profile: $(authselect current --raw)" echo "Effective pam_fprintd line:" grep -n 'pam_fprintd' /etc/pam.d/fingerprint-auth || true