diff -r 5d81ec164e5d -r 9d2ae2841bf2 src/do-refresh-auth
--- a/src/do-refresh-auth	Fri Mar 06 12:46:22 2009 +0000
+++ b/src/do-refresh-auth	Fri Mar 06 12:51:07 2009 +0000
@@ -7,66 +7,10 @@
 # WARNING
 
 import sys
-import os
-import os.path
-import pwd
-import subprocess
-from mercurialserver import ruleset, paths
+from mercurialserver import refreshauth
 
 if len(sys.argv) != 1:
     sys.stderr.write("refresh-auth: must be called with no arguments (%s)\n" % sys.argv)
     sys.exit(-1)
 
-pentry = pwd.getpwuid(os.geteuid())
-if pentry.pw_name != "hg":
-    # FIXME: re-execute
-    print >>sys.stderr, "Must be run as the 'hg' user"
-
-akeyfile = pentry.pw_dir + "/.ssh/authorized_keys"
-wrappercommand = paths.getEtcPath() + "/hg-ssh-wrapper"
-keydirs = [paths.getEtcPath() + "/keys", pentry.pw_dir + "/repos/hgadmin/keys"]
-prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='
-
-if os.path.exists(akeyfile):
-    f = open(akeyfile)
-    try:
-        for l in f:
-            if not l.startswith(prefix):
-                raise Exception("Safety check failed, delete %s to continue" % akeyfile)
-    finally:
-        f.close()
-
-akeys = open(akeyfile + "_new", "w")
-for keyroot in keydirs:
-    kr = keyroot + "/"
-    #print "Processing keyroot", keyroot
-    for root, dirs, files in os.walk(keyroot):
-        for fn in files:
-            ffn = os.path.join(root, fn)
-            if not ffn.startswith(kr):
-                raise Exception("Inconsistent behaviour in os.walk, bailing")
-            #print "Processing file", ffn
-            keyname = ffn[len(kr):]
-            if not ruleset.goodpath(keyname):
-                # ignore any path that contains dodgy characters
-                #print "Ignoring file", ffn
-                continue
-            p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
-                stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-            newkey = p.communicate()[0]
-            if p.wait() == 0:
-                klines = [l.strip() for l in newkey.split("\n")]
-            else:
-                # Conversion failed, read it directly.
-                kf = open(ffn)
-                try:
-                    klines = [l.strip() for l in kf]
-                finally:
-                    kf.close()
-            for l in klines:
-                if len(l):
-                    akeys.write('%s"%s %s" %s\n' % (prefix, wrappercommand, keyname, l))
-
-akeys.close()
-
-os.rename(akeyfile + "_new", akeyfile)
+refreshauth.refreshAuth()