├── README.md
├── munki_installcheck_script.sh
├── munki_postinstall_script.sh
└── munkiimport.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # enable_sudo_touchid
 2 | 
 3 | This generates a Munki [nopkg](https://github.com/munki/munki/wiki/nopkgs) to enable Touch ID for sudo.
 4 | 
 5 | For more information, please see [my blog post](https://mikesolin.com/2020/06/14/using-munki-to-enable-sudo-for-touch-id/).
 6 | 
 7 | # Requirements
 8 | 
 9 | * Munki
10 | * A Mac with Touch ID
11 | 
12 | # Installation
13 | 
14 | 1. Edit `munkiimport.sh`. Towards the top of the file, change the `munki_repo` variable to the location of your Munki repository, if it's not available at `/Volumes/munki_repo`. Replace `Your Org` with your organization's name. Finally, specify the pkginfo path to save the file, if you don't have a `pkgsinfo/scripts` directory in your Munki repository.
15 | 2. `cd` into the directory containing the code.
16 | 3. Run `munkiimport.sh`.
17 | 4. Add it to a catalog and a manifest.


--------------------------------------------------------------------------------
/munki_installcheck_script.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | grep="/usr/bin/grep"
 4 | 
 5 | enable_touchid="auth       sufficient     pam_tid.so"
 6 | 
 7 | if $(${grep} -q "${enable_touchid}" /etc/pam.d/sudo); then
 8 | 	# Nothing to be done
 9 | 	exit 1
10 | fi
11 | 
12 | exit
13 | 


--------------------------------------------------------------------------------
/munki_postinstall_script.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | sed="/usr/bin/sed"
 4 | 
 5 | enable_touchid="auth       sufficient     pam_tid.so"
 6 | 
 7 | ${sed} -i '' -e "1s/^//p; 1s/^.*/${enable_touchid}/" /etc/pam.d/sudo
 8 | 
 9 | exit
10 | 


--------------------------------------------------------------------------------
/munkiimport.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | basename="/usr/bin/basename"
 4 | cp="/bin/cp"
 5 | makepkginfo="/usr/local/munki/makepkginfo"
 6 | mkdir="/bin/mkdir"
 7 | PlistBuddy="/usr/libexec/PlistBuddy"
 8 | 
 9 | munki_repo="/Volumes/munki_repo"
10 | 
11 | # Check for Munki repository
12 | if [ ! -d ${munki_repo} ]; then
13 |  ${echo} "Munki repository file share not found, please mount and retry."
14 |  exit 1
15 | fi
16 | 
17 | # Name of the pkg, based on the parent directory
18 | pkg_name="$(${basename} ${PWD})"
19 | 
20 | # Version number of the pkg
21 | pkg_version="1.0"
22 | 
23 | # If build directory doesn't exist, create it
24 | if [ ! -d ./build ]; then
25 |  ${mkdir} ./build
26 | fi
27 | 
28 | # Generate nopkg
29 | ${makepkginfo} \
30 | --nopkg \
31 | --name "${pkg_name}" \
32 | --pkgvers="${pkg_version}" \
33 | --displayname "Enable Touch ID for sudo" \
34 | --description "Enables Touch ID for the sudo and su commands in the Terminal." \
35 | --category "Scripts" \
36 | --developer "Your Org" \
37 | --minimum_os_version "10.14" \
38 | --installcheck_script ./munki_installcheck_script.sh \
39 | --postinstall_script ./munki_postinstall_script.sh \
40 | --unattended_install \
41 | > ./build/"${pkg_name}"-"${pkg_version}".plist
42 | 
43 | # Copy to Munki repository
44 | ${cp} -v ./build/"${pkg_name}"-"${pkg_version}".plist "${munki_repo}"/pkgsinfo/scripts/
45 | 
46 | exit
47 | 


--------------------------------------------------------------------------------