Add a bash script to import dev keys

Tod Beardsley · Tod Beardsley · commit ae73cd3c6c5c · 2015-05-13T10:29:55.000-05:00
This merely makes it easy and fun to import all developer keys used over the past year to your local GPG keychain. This will make the task of reviewing merge commits for signedness much easier, especially if you use a nicelog alias such as this one: https://github.com/todb-r7/junkdrawer/blob/master/dotfiles/git-repos/gitconfig#L40 This does not handle automating checking for signatures as part of Travis-CI -- for that, see PR rapid7#5337, a work in progress.
diff --git a/tools/dev/import-dev-keys.sh b/tools/dev/import-dev-keys.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Requires bash version 3 or so for regular expression pattern match
+
+COMMITTER_KEYS_URL='https://raw.githubusercontent.com/wiki/rapid7/metasploit-framework/Committer-Keys.md'
+KEYBASE_KEY_URLS=$(
+ \curl -sSL $COMMITTER_KEYS_URL |
+ \awk '$4 ~/https:\/\/keybase.io\//' |
+ \sed 's#.*\(https://keybase.io/[^)]*\).*#\1/key.asc#'
+)
+
+for key in $KEYBASE_KEY_URLS; do
+  echo Importing $key...
+  \curl -sSL $key | gpg --quiet --no-auto-check-trustdb --import -
+done
+
+# Exceptions -- keys that do show up in the logs, but aren't (yet) in Keybase:
+# This should cover every key since May of 2014.
+
+# Currently, one lone missing key:
+#
+# gpg: Signature made Mon 16 Feb 2015 02:09:53 PM CST using RSA key ID D5D50A02
+# gpg: Can't check signature: public key not found
+# 14da69c - Land #4757, adds RC for auto payload gen (3 months ago) <kernelsmith@github> []
+#
+# https://github.com/rapid7/metasploit-framework/commit/14da69c is
+# harmless, though. It's only an RC script, not run by default, and it
+# automates setting up a payload handler.
+
+
+echo Processing exceptions...
+
+MIT_KEYIDS="
+Brandont       0xA3EE1B07
+Ccatalan       0xC3953653
+Farias         0x01DF79A1
+Firefart       0x66BC32C7
+HDM            0xFA604913
+Jvennix        0x3E85A2B0
+Kernelsmith    0x3D609E33
+Lsanchez       0xFB80E8DD
+OJ             0x1FAA5749
+Sgonzalez      0xCA93BCE5
+Shuckins       0x8C03C944
+TheLightCosine 0x3A913DB2
+Wvu            0xC1629024
+"
+
+MIT_KEY_URL_BASE="https://pgp.mit.edu/pks/lookup?op=get&search="
+
+for key in $MIT_KEYIDS; do
+  if [[ $key =~ ^0x ]]
+  then
+    \curl -sSL $MIT_KEY_URL_BASE$key | gpg --quiet --no-auto-check-trustdb --import -
+  else
+    echo Importing key for $key...
+  fi
+done
+
