refresh-auth now takes ~/.ssh/authorized_keys as an argument, and
it checks that it wrote it last time before rewriting it.
#!/usr/bin/env python# WARNING# This script completely destroys your ~/.ssh/authorized_keys# file every time it is run# WARNINGimport sysimport osimport os.pathimport rulesetimport subprocessif len(sys.argv) != 3: sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv) sys.exit(-1)akeyfile = sys.argv[1]wrappercommand = sys.argv[2]prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='if os.path.exists(akeyfile): f = open(akeyfile) try: for l in f: if not l.startswith(prefix): raise Exception("Safety check failed, delete %s to continue" % akeyfile) finally: f.close()akeys = open(akeyfile + "_new", "w")for root, dirs, files in os.walk("keys"): for fn in files: ffn = os.path.join(root, fn) if not ruleset.goodpath(ffn): # ignore any path that contains dodgy characters continue keyname = ffn[5:] p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), stdout=subprocess.PIPE, stderr=subprocess.PIPE) newkey = p.communicate()[0] if p.wait() == 0: klines = [l.strip() for l in newkey.split("\n")] else: # Conversion failed, read it directly. kf = open(ffn) try: klines = [l.strip() for l in kf] finally: kf.close() for l in klines: if len(l): akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l))akeys.close()os.rename(akeyfile + "_new", akeyfile)