From ece6a9b3b2d3d226d2b4bb0fb97c88d63f396dae Mon Sep 17 00:00:00 2001
From: "T. R. Bernstein" <137705289+trbernstein@users.noreply.github.com>
Date: Sun, 31 Aug 2025 20:23:39 +0200
Subject: [PATCH] Allow azwdevice and admin as filevault users

---
 bin/{azw-ensure-single-fv-user => azw-set-filevault-users}    | 4 ++--
 ...{03-single-filevault-user.sh => 03-set-filevault-users.sh} | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename bin/{azw-ensure-single-fv-user => azw-set-filevault-users} (85%)
 rename modules/{03-single-filevault-user.sh => 03-set-filevault-users.sh} (96%)

diff --git a/bin/azw-ensure-single-fv-user b/bin/azw-set-filevault-users
similarity index 85%
rename from bin/azw-ensure-single-fv-user
rename to bin/azw-set-filevault-users
index c7bd2ba..b89b6eb 100755
--- a/bin/azw-ensure-single-fv-user
+++ b/bin/azw-set-filevault-users
@@ -18,8 +18,8 @@ function main {
 
 	function allowOnlyFilevaultUserToUnlock() {
 		local fdeuser
-		for fdeuser in ${(f)"$(fdesetup list | cut -d',' -f1)"}; do
-		 [[ ${fdeuser} != ${username} ]] && fdesetup remove -user "${fdeuser}"
+		for fdeuser in $(fdesetup list | cut -d',' -f1); do
+		 [[ ${fdeuser} != ${username} && ${fdeuser} != "admin" ]] && fdesetup remove -user "${fdeuser}"
 		done
 		return 0
 	}
diff --git a/modules/03-single-filevault-user.sh b/modules/03-set-filevault-users.sh
similarity index 96%
rename from modules/03-single-filevault-user.sh
rename to modules/03-set-filevault-users.sh
index a218c98..3b962fd 100755
--- a/modules/03-single-filevault-user.sh
+++ b/modules/03-set-filevault-users.sh
@@ -16,7 +16,7 @@ function createLaunchDaemon() {
 			<key>ProgramArguments</key>
 			<array>
 					<string>/usr/local/bin/azw</string>
-					<string>ensure-single-fv-user</string>
+					<string>set-filevault-users</string>
 					<string>${filevault_username}</string>
 			</array>
 			<key>OnDemand</key>
@@ -36,7 +36,7 @@ function enableLaunchDaemon() {
 }
 
 function createLaunchdService() {
-	local serviceName='de.astzweig.macos.launchdaemons.ensure-single-filevault-user'
+	local serviceName='de.astzweig.macos.launchdaemons.set-filevault-users'
 	local launchDaemonPath="/Library/LaunchDaemons/${serviceName}.plist"
 	[[ -f ${launchDaemonPath} ]] || indicateActivity -- 'Create Launch Daemon' createLaunchDaemon
 	indicateActivity -- 'Enable Launch Daemon' enableLaunchDaemon