From 48df92bf168185e7f11a26e1b960224416260d73 Mon Sep 17 00:00:00 2001
From: Mike McQuaid <mike@mikemcquaid.com>
Date: Fri, 29 Sep 2023 09:19:08 +0100
Subject: [PATCH] bin/touchid-enable-pam-sudo: use Sonoma's sudo_local instead
 of sudo.

This now survives system updates.

Reference: https://sixcolors.com/post/2023/08/in-macos-sonoma-touch-id-for-sudo-can-survive-updates/
---
 bin/touchid-enable-pam-sudo | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/touchid-enable-pam-sudo b/bin/touchid-enable-pam-sudo
index 363f78b..6c42fbc 100755
--- a/bin/touchid-enable-pam-sudo
+++ b/bin/touchid-enable-pam-sudo
@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 # Enables sudo authentication using TouchID.
 
-pam_sudo_filename = "/etc/pam.d/sudo"
+pam_sudo_filename = "/etc/pam.d/sudo_local"
 pam_sudo_contents = File.read(pam_sudo_filename)
 if pam_sudo_contents.include?("pam_tid.so")
   unless ARGV.include?("--quiet")
@@ -10,7 +10,7 @@ if pam_sudo_contents.include?("pam_tid.so")
   exit
 end
 
-first_line = "# sudo: auth account password session"
+first_line = "# sudo_local: local config file which survives system update and is included for sudo"
 first_line_regex = /^#{first_line}$/
 unless pam_sudo_contents.match?(first_line_regex)
   warn "Error: #{pam_sudo_filename} is not in the expected format!"