Enable support for sudo via Apple Watch and Touch ID

enable_sudo_with_apple_watch_and_touch_id.sh

#! /usr/bin/zsh
# https://gist.github.com/alexg0/39eb038c704962bcf832c74a8c2cecd4
enable_sudo_with_apple_watch_and_touch_id() {
  PAMD_SUDO_PATH=/etc/pam.d/sudo
  APPLE_WATCH_PAMID_LIBPATH=/usr/local/lib/pam/pam_watchid.so.2
  # APPLE_WATCH_PAMID_URL=https://github.com/biscuitehh/pam-watchid
  APPLE_WATCH_PAMID_URL=https://github.com/msanders/pam-watchid
  APPLE_WATCH_PAMID_PATH=$HOME/src/pamid-applewatch
  
  preserve_pamd_sudo() {
    if ! test -f $PAMD_SUDO_PATH.orig
    then
      sudo cp $PAMD_SUDO_PATH ${PAMD_SUDO_PATH}.orig
    fi
  }
  enable_apple_watch() {
    if ! test -f $APPLE_WATCH_PAMID_LIBPATH
    then
      if ! test -d $APPLE_WATCH_PAMID_PATH
      then
        mkdir -p $(dirname $APPLE_WATCH_PAMID_PATH)
        git clone $APPLE_WATCH_PAMID_URL $APPLE_WATCH_PAMID_PATH
      fi
      >&2 printf "${BGreen}INFO${NC}: Installing Apple Watch sudo extension. Enter your \
password when prompted.\n"
      (cd $APPLE_WATCH_PAMID_PATH && sudo make install )
    fi
    if ! grep -q "pam_watchid.so" $PAMD_SUDO_PATH
    then
      >&2 printf "${BGreen}INFO${NC}: Enabling Apple Watch sudo extension. Enter your \
password when prompted.\n"
      sudo sed -i.bak '1s/^/auth    sufficient      pam_watchid.so    "reason=execute command as root"\n/' \
        $PAMD_SUDO_PATH
    fi
  }
  enable_touchid() {
    if ! grep -q "pam_tid.so" /etc/pam.d/sudo
    then
      >&2 printf "${BGreen}INFO${NC}: Enabling Touch ID sudo extension. Enter your \
password when prompted.\n"
      sudo sed -i.bak  '1s/^/auth    sufficient      pam_tid.so    "reason=execute command as root"\n/' \
        $PAMD_SUDO_PATH
    fi
  }
  preserve_pamd_sudo && enable_apple_watch && enable_touchid
}


enable_sudo_with_apple_watch_and_touch_id

Another somewhat related gist.