mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
7a321c7350
This largely automates the process of importing developer keys, much like `import-dev-keys.sh`, but also takes the additional, sadly manual step of signing the key with your default key, and uploading those keys to https://sks-keyservers.net. In effect, you are stating that you trust keys published on keybase.io and are listed as such on the official Metasploit-Framework development wiki. If your own default key either has no passphrase, or has a passphrase cached in a keymanager, the process merely requires you hit `y` for every key, and `y` again for keys with multiple IDs. Otherwise, you will need to provide your passphrase for each signing. Temporarily removing the passphrase alleviates this pain. Of course, this assumes you actually trust the development wiki and keybase to do the right thing. The tradition is to individually verify each key through some personally invented means, such as in person with a government ID check. Note that `import-dev-keys.sh` currently lists a number of keys not on Keybase, and that functionality has not been carried over to this script.
27 lines
799 B
Bash
Executable File
27 lines
799 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Imports and signs dev keys fetched from Keybase, as asserted by the
|
|
# Metasploit-Framework development wiki. Requires bash version 3 or so for
|
|
# regular expression pattern match
|
|
|
|
COMMITTER_KEYS_URL='https://raw.githubusercontent.com/wiki/rapid7/metasploit-framework/Committer-Keys.md'
|
|
KEYBASE_KEY_URLS=$(
|
|
\curl -sSL $COMMITTER_KEYS_URL |
|
|
\awk '$4 ~/https:\/\/keybase.io\//' |
|
|
\sed 's#.*\(https://keybase.io/[^)]*\).*#\1/key.asc#'
|
|
)
|
|
|
|
for key in $KEYBASE_KEY_URLS; do
|
|
echo [*] Importing $key
|
|
THIS_KEY=$(
|
|
\curl -sSL $key |
|
|
\gpg --no-auto-check-trustdb --import - 2>&1 |
|
|
\head -1 | \cut -f 3 -d " " | \sed 's/://'
|
|
)
|
|
echo [*] Signing $THIS_KEY
|
|
\gpg --sign-key $THIS_KEY
|
|
echo [*] Sending $THIS_KEY
|
|
\gpg --keyserver sks-keyservers.net --send-key $THIS_KEY
|
|
done
|
|
|