#!/usr/bin/perl -w

# documentation for this program is right here, please read

# IMPORTANT: also see usage notes below

# BACKGROUND/PURPOSE:

# - an external program populates "keydir" with *all* keys and then
#   calls this program, giving "keydir" as arg-1
# - we then call gitolite.pm's "setup_authkeys" function to do its thing

# arg-1: keydir

# DISCUSSION:
#
# For now, we will assume *all* the keys are in the keydir passed.  The
# setup_authkeys routine factored out from the old gl-compile-conf is not
# setup to take a partial set of keys and create the ~/.ssh/authorized_keys
# file.
#
# Also, there are issues to do with *deleted* keys that need to be taken care
# of.
#
# All in all, unless it is shown to be quite inefficient, I'd much prefer
# processing *all* keys each time there is a change.

use strict;
use warnings;

use FindBin;
BEGIN { $ENV{GL_BINDIR} = $FindBin::Bin; }

use lib $ENV{GL_BINDIR};
use gitolite_rc;
use gitolite;

use Getopt::Long;
my $batch = 0;
GetOptions('batch' => \$batch);

# prevent newbie from running it accidentally and clobbering his authkeys file!
unless ($batch) {
    print STDERR "
    This is a cronnable, batchable, program to rewrite ~/.ssh/authorized_keys
    using public keys in a given directory.  You MUST make sure you run the
    one that is in the same directory as that used by gl-auth-command (and for
    what that is, see ~/.ssh/authorized_keys).

    Except for the deprecated 'from-client' install mode, this should work:

        gl-setup-authkeys -batch keydir

    where 'keydir' contains a bunch of '*.pub' files.\n\n";

    exit 1;
}

# quick sanity check and run
my $keydir = shift or die "I need a directory name\n";
-d $keydir or die "$keydir should be a directory\n";

setup_authkeys($keydir);