From ae73cd3c6c5cb8384e5a95ad17da2887d41f7dd3 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed, 13 May 2015 10:29:55 -0500
Subject: [PATCH] Add a bash script to import dev keys

This merely makes it easy and fun to import all developer keys used over
the past year to your local GPG keychain. This will make the task of
reviewing merge commits for signedness much easier, especially if you
use a nicelog alias such as this one:

https://github.com/todb-r7/junkdrawer/blob/master/dotfiles/git-repos/gitconfig#L40

This does not handle automating checking for signatures as part of
Travis-CI -- for that, see PR #5337, a work in progress.
---
 tools/dev/import-dev-keys.sh | 59 ++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100755 tools/dev/import-dev-keys.sh

diff --git a/tools/dev/import-dev-keys.sh b/tools/dev/import-dev-keys.sh
new file mode 100755
index 0000000000..370a156c84
--- /dev/null
+++ b/tools/dev/import-dev-keys.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Requires bash version 3 or so for regular expression pattern match
+
+COMMITTER_KEYS_URL='https://raw.githubusercontent.com/wiki/rapid7/metasploit-framework/Committer-Keys.md'
+KEYBASE_KEY_URLS=$(
+ \curl -sSL $COMMITTER_KEYS_URL |
+ \awk '$4 ~/https:\/\/keybase.io\//' |
+ \sed 's#.*\(https://keybase.io/[^)]*\).*#\1/key.asc#'
+)
+
+for key in $KEYBASE_KEY_URLS; do
+  echo Importing $key...
+  \curl -sSL $key | gpg --quiet --no-auto-check-trustdb --import -
+done
+
+# Exceptions -- keys that do show up in the logs, but aren't (yet) in Keybase:
+# This should cover every key since May of 2014.
+
+# Currently, one lone missing key:
+#
+# gpg: Signature made Mon 16 Feb 2015 02:09:53 PM CST using RSA key ID D5D50A02
+# gpg: Can't check signature: public key not found
+# 14da69c - Land #4757, adds RC for auto payload gen (3 months ago) <kernelsmith@github> []
+#
+# https://github.com/rapid7/metasploit-framework/commit/14da69c is
+# harmless, though. It's only an RC script, not run by default, and it
+# automates setting up a payload handler.
+
+
+echo Processing exceptions...
+
+MIT_KEYIDS="
+Brandont       0xA3EE1B07
+Ccatalan       0xC3953653
+Farias         0x01DF79A1
+Firefart       0x66BC32C7
+HDM            0xFA604913
+Jvennix        0x3E85A2B0
+Kernelsmith    0x3D609E33
+Lsanchez       0xFB80E8DD
+OJ             0x1FAA5749
+Sgonzalez      0xCA93BCE5
+Shuckins       0x8C03C944
+TheLightCosine 0x3A913DB2
+Wvu            0xC1629024
+"
+
+MIT_KEY_URL_BASE="https://pgp.mit.edu/pks/lookup?op=get&search="
+
+for key in $MIT_KEYIDS; do
+  if [[ $key =~ ^0x ]]
+  then
+    \curl -sSL $MIT_KEY_URL_BASE$key | gpg --quiet --no-auto-check-trustdb --import -
+  else
+    echo Importing key for $key...
+  fi
+done
+