#!/usr/bin/perl -w

# documentation for this program is right here, please read

# IMPORTANT: also see usage notes below

# BACKGROUND/PURPOSE:

# - an external program populates "keydir" with *all* keys and then
#   calls this program, giving "keydir" as arg-1
# - we then call gitolite.pm's "setup_authkeys" function to do its thing

# arg-1: keydir

# DISCUSSION:
#
# For now, we will assume *all* the keys are in the keydir passed.  The
# setup_authkeys routine factored out from the old gl-compile-conf is not
# setup to take a partial set of keys and create the ~/.ssh/authorized_keys
# file.
#
# Also, there are issues to do with *deleted* keys that need to be taken care
# of.
#
# All in all, unless it is shown to be quite inefficient, I'd much prefer
# processing *all* keys each time there is a change.

use strict;
use warnings;

use FindBin;
BEGIN { $ENV{GL_BINDIR} = $FindBin::Bin; }

use lib $ENV{GL_BINDIR};
use gitolite_rc;
use gitolite;

use Getopt::Long;
my $batch = 0;
GetOptions('batch' => \$batch);

# prevent newbie from running it accidentally and clobbering his authkeys file!
unless ($batch) {
    print STDERR "
    This is a cronnable, batchable, program to rewrite ~/.ssh/authorized_keys
    using public keys in a given directory.  It MUST be run by supplying its
    full path, and the rest of the gitolite scripts must be in the same
    directory.  Here's how to run it:

        /full/path/to/gl-setup-authkeys -batch keydir

    where 'keydir' contains a bunch of '*.pub' files.

    If you're not sure what the full path to the script should be, look in
    ~/.ssh/authorized_keys for the path to the gl-auth-command script.

    If you managed to lose that file (how careless of you!) then, depending on
    what install mode you used, it's either \$HOME/.gitolite/src or \$HOME/bin
    or /usr/local/bin or whatever your package maintainer decided.  I leave it
    to you to figure out which method gets you which PATH ;-)  In this case
    you'll also have to set GL_BINDIR to that same path *and* export it, so
    something like this should do:

        export GL_BINDIR=/that/full/path/you/just/found
        \$GL_BINDIR/gl-setup-authkeys -batch keydir

    The keydir can be found from the value of \$GL_KEYDIR in ~/.gitolite.rc\n\n";
    exit 1;
}

# quick sanity check and run
my $keydir = shift or die "I need a directory name\n";
-d $keydir or die "$keydir should be a directory\n";

setup_authkeys($keydir);
