From 3710133b20a4dd3e54c828575964c2d3ade4930f Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Fri, 23 Jan 2026 07:55:03 -0600
Subject: fix(archsetup): add PAM config for gnome-keyring auto-unlock

Configure /etc/pam.d/login to pass login password to gnome-keyring-daemon,
enabling automatic keyring unlock on console login + startx workflow.
---
 archsetup | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'archsetup')

diff --git a/archsetup b/archsetup
index 80e0f5e..1f62c33 100755
--- a/archsetup
+++ b/archsetup
@@ -1280,6 +1280,17 @@ desktop_environment() {
     chown -R "$username": "/home/$username/.local/share/keyrings"
     chmod 700 "$keyring_dir"
 
+    # configure PAM to auto-unlock gnome-keyring on console login
+    # this passes the login password to gnome-keyring-daemon at session start
+    action="configuring PAM for gnome-keyring auto-unlock" && display "task" "$action"
+    pam_login="/etc/pam.d/login"
+    if ! grep -q "pam_gnome_keyring.so" "$pam_login"; then
+        # add auth line after the last auth line
+        sed -i '/^auth.*system-local-login/a auth       optional     pam_gnome_keyring.so' "$pam_login"
+        # add session line after the last session line
+        sed -i '/^session.*system-local-login/a session    optional     pam_gnome_keyring.so auto_start' "$pam_login"
+    fi
+
     #  Power Management
 
     action="Power Management" && display "subtitle" "$action"
-- 
cgit v1.2.3