diff --git a/install.sh b/install.sh index cf0b081..91c289a 100755 --- a/install.sh +++ b/install.sh @@ -31,7 +31,7 @@ cd "$SCRIPT_DIR" if [ "$1" = "--uninstall" ]; then echo -e "${CYAN}${BOLD}Uninstalling Linux Hello...${NC}" - sudo sed -i '/pam_linux_hello/d' /etc/pam.d/gdm-password 2>/dev/null || true + sudo sed -i '/pam_linux_hello/d' /etc/pam.d/gdm-password /etc/pam.d/sddm /etc/pam.d/lightdm 2>/dev/null || true sudo systemctl disable --now linux-hello.service 2>/dev/null || true sudo rm -f /usr/libexec/linux-hello-daemon /usr/local/bin/linux-hello sudo rm -f /lib/x86_64-linux-gnu/security/pam_linux_hello.so /lib/security/pam_linux_hello.so @@ -186,9 +186,37 @@ sudo ORT_DYLIB_PATH=/usr/local/lib/linux-hello/libonnxruntime.so linux-hello enr # ─── PAM Integration ───────────────────────────────────────────────────────── -# Add face auth to GDM (if not already there) -if ! grep -q "pam_linux_hello" /etc/pam.d/gdm-password 2>/dev/null; then - sudo sed -i '/@include common-auth/i auth sufficient pam_linux_hello.so timeout=5' /etc/pam.d/gdm-password +# Detect display manager and configure PAM accordingly +DM_NAME="" +PAM_CONFIGURED=false + +if systemctl is-active --quiet gdm.service 2>/dev/null || systemctl is-active --quiet gdm3.service 2>/dev/null; then + DM_NAME="GDM" + PAM_FILE="/etc/pam.d/gdm-password" + if [ -f "$PAM_FILE" ] && ! grep -q "pam_linux_hello" "$PAM_FILE"; then + sudo sed -i '/@include common-auth/i auth sufficient pam_linux_hello.so timeout=5' "$PAM_FILE" + PAM_CONFIGURED=true + elif grep -q "pam_linux_hello" "$PAM_FILE" 2>/dev/null; then + PAM_CONFIGURED=true + fi +elif systemctl is-active --quiet sddm.service 2>/dev/null; then + DM_NAME="SDDM" + PAM_FILE="/etc/pam.d/sddm" + if [ -f "$PAM_FILE" ] && ! grep -q "pam_linux_hello" "$PAM_FILE"; then + sudo sed -i '/auth.*include.*system-login\|auth.*include.*common-auth\|@include common-auth/i auth sufficient pam_linux_hello.so timeout=5' "$PAM_FILE" + PAM_CONFIGURED=true + elif grep -q "pam_linux_hello" "$PAM_FILE" 2>/dev/null; then + PAM_CONFIGURED=true + fi +elif systemctl is-active --quiet lightdm.service 2>/dev/null; then + DM_NAME="LightDM" + PAM_FILE="/etc/pam.d/lightdm" + if [ -f "$PAM_FILE" ] && ! grep -q "pam_linux_hello" "$PAM_FILE"; then + sudo sed -i '/@include common-auth\|auth.*include.*system-login/i auth sufficient pam_linux_hello.so timeout=5' "$PAM_FILE" + PAM_CONFIGURED=true + elif grep -q "pam_linux_hello" "$PAM_FILE" 2>/dev/null; then + PAM_CONFIGURED=true + fi fi # ─── Done ───────────────────────────────────────────────────────────────────── @@ -198,8 +226,21 @@ echo -e "${GREEN}${BOLD} ╔═════════════════ echo " ║ Installation complete! ║" echo " ╚═══════════════════════════════════╝${NC}" echo "" -echo " Lock your screen and look at the camera to unlock." -echo " Your password always works as a fallback." + +if [ "$PAM_CONFIGURED" = true ]; then + echo " Lock your screen and look at the camera to unlock." + echo " Your password always works as a fallback." + echo " Display manager: $DM_NAME ($PAM_FILE)" +elif [ -n "$DM_NAME" ]; then + echo -e " ${YELLOW}Could not configure $DM_NAME automatically.${NC}" + echo " Add this line to $PAM_FILE before the auth include:" + echo " auth sufficient pam_linux_hello.so timeout=5" +else + echo -e " ${YELLOW}No supported display manager detected (GDM, SDDM, LightDM).${NC}" + echo " To enable face unlock, add this line to your display manager's PAM config:" + echo " auth sufficient pam_linux_hello.so timeout=5" +fi + echo "" echo " Commands:" echo " linux-hello test — test face recognition"