54 use the built in fingerprint sensor on mac for sudo (#92)

* add touchid setup for sudo for macOS

* update version

* only run on macOS

* fix formatting to be prettier

onboardme/__init__.py

@@ -6,22 +6,29 @@
     AUTHOR:         Jesse Hitch
     LICENSE:        GNU AFFERO GENERAL PUBLIC LICENSE
 """
+
 from click import option, command, Choice
-# for importing modules by str names
 from importlib import import_module
-# for getting the version of onboardme
 from importlib.metadata import version as get_version
 import logging
-
-# rich helps pretty print everything
 from rich.console import Console
 from rich.logging import RichHandler
-
-# custom libs
 from .help_text import RichCommand, options_help
 from .env_config import check_os_support, OS, process_configs, USR_CONFIG_FILE
 from .env_config import DEFAULTS as OPTS
 from .console_logging import print_manual_steps
+from .dot_files import setup_dot_files
+from .pkg_management import run_pkg_mngrs
+from .sudo_setup import setup_sudo
+from .firewall import configure_firewall
+
+
+# for importing modules by str names
+# for getting the version of onboardme
+
+# rich helps pretty print everything
+
+# custom libs
 
 
 HELP = options_help()
@@ -126,14 +133,12 @@ def main(log_level: str = "",
     for step in usr_pref['steps'][OS[0]]:
 
         if step == 'dot_files':
-            from .dot_files import setup_dot_files
             # this creates a live git repo out of your home directory
             df_prefs = usr_pref['dot_files']
             setup_dot_files(OS, df_prefs['overwrite'],
                             df_prefs['git_url'], df_prefs['git_branch'])
 
         elif step == 'packages':
-            from .pkg_management import run_pkg_mngrs
             pkg_mngrs = usr_pref['package']['managers'][OS[0]]
             pkg_groups = usr_pref['package']['groups']
             run_pkg_mngrs(pkg_mngrs, pkg_groups)
@@ -144,8 +149,11 @@ def main(log_level: str = "",
             func = getattr(ide_setup, step)
             func()
 
+        elif step == 'sudo_setup':
+            # if we're not running as root, kick off another process
+            setup_sudo()
+
     if 'firewall_setup' in steps:
-        from .firewall import configure_firewall
         configure_firewall(remote_host)
 
     print_manual_steps()

onboardme/config/onboardme_config.yml

@@ -29,6 +29,7 @@ steps:
     - font_setup
     - vim_setup
     - neovim_setup
+    - sudo_setup
   # these are linux specific steps
   Linux:
     - dot_files

onboardme/console_logging.py

@@ -63,7 +63,7 @@ def print_header(title='', line_style='royal_blue1'):
     return
 
 
-def print_sub_header(title='', style='light_steel_blue', alignment='center'):
+def print_sub_header(title='', style='italic light_steel_blue', alignment='center'):
     """
     prints text centered in a line that spans the terminal
     """

onboardme/ide_setup.py

@@ -12,7 +12,7 @@
 import wget
 
 # custom libs
-from .console_logging import print_header, print_msg
+from .console_logging import print_header, print_sub_header, print_msg
 from .subproc import subproc
 from .env_config import HOME_DIR, OS
 
@@ -25,7 +25,6 @@ def vim_setup():
     """
     print_header('[b]vim-plug[/b] and [green][i]Vim[/i][/green] plugins '
                  'installation [dim]and[/dim] upgrades')
-    print('')
 
     # trick to not run youcompleteme init every single time
     init_ycm = False
@@ -46,7 +45,7 @@ def vim_setup():
     # updates all currently installed plugins
     subproc(['vim +PlugInstall +PlugUpgrade +PlugUpdate +qall!'],
             quiet=True)
-    print_msg('[i][dim]Vim Plugins installed.')
+    print_sub_header('Vim Plugins installed.')
 
     if init_ycm:
         # This is for you complete me, which is a python completion module
@@ -68,14 +67,13 @@ def neovim_setup():
     """
     print_header('[b]packer[/b] and [green][i]NeoVim[/i][/green] plugins '
                  'installation [dim]and[/dim] upgrades')
-    print('')
 
     # updates all currently installed plugins
     commands = ["nvim --headless +PackerInstall",
                 "nvim --headless +PackerSync"]
     subproc(commands)
 
-    print_msg('[i][dim]NeoVim Plugins installed.')
+    print_sub_header('NeoVim Plugins installed.')
 
     return True
 
@@ -97,6 +95,7 @@ def font_setup():
         subproc(["brew tap homebrew/cask-fonts",
                  "brew install --cask font-mononoki",
                  "brew install --cask font-hack-nerd-font"])
+        print_sub_header("Fonts installed/upgraded.")
 
     if 'Linux' in OS:
         # not sure if needed anymore
@@ -141,6 +140,4 @@ def update(self, op_code, cur_count, max_count=None,
 
         print_msg('[i][dim]The fonts should be installed, however, you have ' +
                   'to set your terminal font to the new font. I rebooted too.')
-        return
-
     return

onboardme/pkg_management.py

@@ -47,7 +47,6 @@ def run_pkg_mngrs(pkg_mngrs=[], pkg_groups=[]):
             pkg_emoji = pkg_mngr_dict['emoji']
             msg = f'{pkg_emoji} [green][b]{pkg_mngr}[/b][/] app Installs'
             print_header(msg)
-            print('')
 
             # run package manager specific setup if needed, & updates/upgrades
             pkg_cmds = pkg_mngr_dict['commands']

onboardme/sudo_setup.py

@@ -0,0 +1,58 @@
+#!/usr/bin/env python3.10
+"""
+       Name: onbaordme.sudo_setup
+DESCRIPTION: setup pam module for sudo and add user to sudo group
+     AUTHOR: Jesse Hitch
+    LICENSE: GNU AFFERO GENERAL PUBLIC LICENSE Version 3
+"""
+
+import logging as log
+from os import geteuid
+from os import system as check_response
+
+# custom libs
+from .console_logging import print_header, print_sub_header
+from .subproc import subproc
+
+
+def setup_sudo():
+    """
+    make sure we're root on mac and kick off setting up sudo with touchid
+    Returns True
+    """
+    print_header("🔒 Setting up sudo")
+
+    # check if running as root
+    if geteuid() != 0:
+        subproc(["sudo onboardme -s sudo_setup"], spinner=False)
+        print_sub_header("🧑‍💻 sudo using TouchId is enabled.")
+    else:
+        enable_sudo_with_touchid()
+    return True
+
+
+def enable_sudo_with_touchid():
+    """
+    We look for this line in /etc/pam.d/sudo:
+        auth       sufficient     pam_tid.so
+    If not found, we add it.
+    return True
+    """
+    pam_file = "/etc/pam.d/sudo"
+    if check_response(f'grep "pam_tid.so" {pam_file}') != 0:
+        log.info(f"TouchID not found in {pam_file}. Attempting to add it.")
+
+        # read in the file and modify the second line to have pam_tid.so
+        new_contents = []
+        with open(pam_file, 'r') as file_contents:
+            for index, line in enumerate(file_contents.readlines()):
+                new_contents.append(line)
+                if index == 1:
+                    touchid = "auth       sufficient     pam_tid.so\n"
+                    new_contents.append(touchid)
+
+        # write back the altered file
+        with open(pam_file, 'w') as new_file_contents:
+            for line in new_contents:
+                new_file_contents.write(line)
+    return True

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name          = "onboardme"
-version       = "0.15.3"
+version       = "0.15.4"
 description   = "An onboarding tool to install dot files and packages including a default mode with sensible defaults to run on most Debian/macOS machines."
 authors       = ["Jesse Hitch <[email protected]>"]
 license       = "AGPL-3.0-or-later"