Land rapid7#5342, import dev keys script

Author: kernelsmith

tools/dev/import-dev-keys.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Requires bash version 3 or so for regular expression pattern match
+
+COMMITTER_KEYS_URL='https://raw.githubusercontent.com/wiki/rapid7/metasploit-framework/Committer-Keys.md'
+KEYBASE_KEY_URLS=$(
+ \curl -sSL $COMMITTER_KEYS_URL |
+ \awk '$4 ~/https:\/\/keybase.io\//' |
+ \sed 's#.*\(https://keybase.io/[^)]*\).*#\1/key.asc#'
+)
+
+for key in $KEYBASE_KEY_URLS; do
+  echo Importing $key...
+  \curl -sSL $key | gpg --quiet --no-auto-check-trustdb --import -
+done
+
+# Exceptions -- keys that do show up in the logs, but aren't (yet) in Keybase:
+# This should cover every key since May of 2014.
+
+# Currently, one lone missing key:
+#
+# gpg: Signature made Mon 16 Feb 2015 02:09:53 PM CST using RSA key ID D5D50A02
+# gpg: Can't check signature: public key not found
+# 14da69c - Land #4757, adds RC for auto payload gen (3 months ago) <kernelsmith@github> []
+#
+# https://github.com/rapid7/metasploit-framework/commit/14da69c is
+# harmless, though. It's only an RC script, not run by default, and it
+# automates setting up a payload handler.
+
+
+echo Processing exceptions...
+
+MIT_KEYIDS="
+Brandont       0xA3EE1B07
+Ccatalan       0xC3953653
+Farias         0x01DF79A1
+Firefart       0x66BC32C7
+HDM            0xFA604913
+Jvennix        0x3E85A2B0
+Kernelsmith    0x3D609E33
+Lsanchez       0xFB80E8DD
+OJ             0x1FAA5749
+Sgonzalez      0xCA93BCE5
+Shuckins       0x8C03C944
+TheLightCosine 0x3A913DB2
+Wvu            0xC1629024
+"
+
+MIT_KEY_URL_BASE="https://pgp.mit.edu/pks/lookup?op=get&search="
+
+for key in $MIT_KEYIDS; do
+  if [[ $key =~ ^0x ]]
+  then
+    \curl -sSL $MIT_KEY_URL_BASE$key | gpg --quiet --no-auto-check-trustdb --import -
+  else
+    echo Importing key for $key...
+  fi
+done
+