metasploit-framework/tools/dev/import-dev-keys.sh

#!/bin/bash

# Requires bash version 3 or so for regular expression pattern match

COMMITTER_KEYS_URL='https://raw.githubusercontent.com/wiki/rapid7/metasploit-framework/Committer-Keys.md'
KEYBASE_KEY_URLS=$(
 \curl -sSL $COMMITTER_KEYS_URL |
 \awk '$4 ~/https:\/\/keybase.io\//' |
 \sed 's#.*\(https://keybase.io/[^)]*\).*#\1/key.asc#'
)

for key in $KEYBASE_KEY_URLS; do
  echo Importing $key...
  \curl -sSL $key | gpg --quiet --no-auto-check-trustdb --import -
done

# Exceptions -- keys that do show up in the logs, but aren't (yet) in Keybase:
# This should cover every key since May of 2014.

# Currently, one lone missing key:
#
# gpg: Signature made Mon 16 Feb 2015 02:09:53 PM CST using RSA key ID D5D50A02
# gpg: Can't check signature: public key not found
# 14da69c - Land #4757, adds RC for auto payload gen (3 months ago) <kernelsmith@github> []
#
# https://github.com/rapid7/metasploit-framework/commit/14da69c is
# harmless, though. It's only an RC script, not run by default, and it
# automates setting up a payload handler.


echo Processing exceptions...

MIT_KEYIDS="
Brandont       0xA3EE1B07
Ccatalan       0xC3953653
Farias         0x01DF79A1
Firefart       0x66BC32C7
HDM            0xFA604913
Jvennix        0x3E85A2B0
Kernelsmith    0x3D609E33
Lsanchez       0xFB80E8DD
OJ             0x1FAA5749
Sgonzalez      0xCA93BCE5
Shuckins       0x8C03C944
TheLightCosine 0x3A913DB2
Wvu            0xC1629024
"

MIT_KEY_URL_BASE="https://pgp.mit.edu/pks/lookup?op=get&search="

for key in $MIT_KEYIDS; do
  if [[ $key =~ ^0x ]]
  then
    \curl -sSL $MIT_KEY_URL_BASE$key | gpg --quiet --no-auto-check-trustdb --import -
  else
    echo Importing key for $key...
  fi
done
Add a bash script to import dev keys This merely makes it easy and fun to import all developer keys used over the past year to your local GPG keychain. This will make the task of reviewing merge commits for signedness much easier, especially if you use a nicelog alias such as this one: https://github.com/todb-r7/junkdrawer/blob/master/dotfiles/git-repos/gitconfig#L40 This does not handle automating checking for signatures as part of Travis-CI -- for that, see PR #5337, a work in progress. 2015-05-13 17:29:55 +02:00			`#!/bin/bash`

			`# Requires bash version 3 or so for regular expression pattern match`

			`COMMITTER_KEYS_URL='https://raw.githubusercontent.com/wiki/rapid7/metasploit-framework/Committer-Keys.md'`
			`KEYBASE_KEY_URLS=$(`
			`\curl -sSL $COMMITTER_KEYS_URL \|`
			`\awk '$4 ~/https:\/\/keybase.io\//' \|`
			`\sed 's#.\(https://keybase.io/[^)]\).*#\1/key.asc#'`
			`)`

			`for key in $KEYBASE_KEY_URLS; do`
			`echo Importing $key...`
			`\curl -sSL $key \| gpg --quiet --no-auto-check-trustdb --import -`
			`done`

			`# Exceptions -- keys that do show up in the logs, but aren't (yet) in Keybase:`
			`# This should cover every key since May of 2014.`

			`# Currently, one lone missing key:`
			`#`
			`# gpg: Signature made Mon 16 Feb 2015 02:09:53 PM CST using RSA key ID D5D50A02`
			`# gpg: Can't check signature: public key not found`
			`# 14da69c - Land #4757, adds RC for auto payload gen (3 months ago) <kernelsmith@github> []`
			`#`
			`# https://github.com/rapid7/metasploit-framework/commit/14da69c is`
			`# harmless, though. It's only an RC script, not run by default, and it`
			`# automates setting up a payload handler.`


			`echo Processing exceptions...`

			`MIT_KEYIDS="`
			`Brandont 0xA3EE1B07`
			`Ccatalan 0xC3953653`
			`Farias 0x01DF79A1`
			`Firefart 0x66BC32C7`
			`HDM 0xFA604913`
			`Jvennix 0x3E85A2B0`
			`Kernelsmith 0x3D609E33`
			`Lsanchez 0xFB80E8DD`
			`OJ 0x1FAA5749`
			`Sgonzalez 0xCA93BCE5`
			`Shuckins 0x8C03C944`
			`TheLightCosine 0x3A913DB2`
			`Wvu 0xC1629024`
			`"`

			`MIT_KEY_URL_BASE="https://pgp.mit.edu/pks/lookup?op=get&search="`

			`for key in $MIT_KEYIDS; do`
			`if [[ $key =~ ^0x ]]`
			`then`
			`\curl -sSL $MIT_KEY_URL_BASE$key \| gpg --quiet --no-auto-check-trustdb --import -`
			`else`
			`echo Importing key for $key...`
			`fi`
			`done`