foodoord/foodoor-update-keydb

#!/bin/bash
set -e

export PATH="/usr/bin:/bin:/usr/sbin:/sbin"
export GIT_SSH="/usr/sbin/foodoor-ssh-wrapper"

dest=/var/run/foodoor-keys

if [ ! -e "${dest}/.git/config" ]
then
    #echo "Repo does not exist, trying to clone..."
    ( cd /var/run && git clone --quiet --single-branch --depth=1 ssh://git.chaospott.de/Chaospott/foodoor-keys.git "${dest}" )
else
    #echo "Repo exists, updating..."
    ( cd "${dest}" && git fetch --quiet && git merge --quiet origin/master master )
fi

for action in open close
do
    outfile="${dest}/authorized_keys.${action}"
    rm -f ${outfile}
    find "${dest}/keys" -name '*.pub' | sort | \
        while read keyfile
        do
			ssh-keygen -l -f ${keyfile} &> /dev/null
			if [ $? -eq 0 ]; then
				key_length=`ssh-keygen -l -f ${keyfile} | cut -d" " -f1`
				if ssh-keygen -l -f id_ed25519.pub| cut -d" " -f4 == "(ED25519)"; then
					key_length += 3840
				if [ ${key_length} -lt 4096 ]; then
                    echo "Key size of key ${keyfile} not equal to 4096. Not adding it to key database." >&2
                    continue
                fi
            fi
            printf "command=\"/usr/sbin/foodoor ${action}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding " >> ${outfile}
            cat "${keyfile}" >> ${outfile}
            echo >> ${outfile}
        done
    install -d -o ${action} -g nogroup -m 0700 /var/lib/foodoor/${action}/.ssh
    install -b -S .last -o ${action} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${action}/.ssh/authorized_keys
done