diff options
author | makechanges <makechanges@riseup.net> | 2016-09-15 14:12:08 -0700 |
---|---|---|
committer | makechanges <makechanges@riseup.net> | 2016-09-15 14:12:08 -0700 |
commit | 7dac708ad19abe24700f53dd24ca38995ed4c6ec (patch) | |
tree | 86c741fc062f2afb588108bb7691750a2da88ac5 | |
parent | 6b36e104648252d56e40bc99305746065e35c71d (diff) | |
parent | 33c972a120a833a3ef2aefa0ff4f0341423a45c9 (diff) |
Merge branch 'master' of ssh://leap.se/secrets
-rw-r--r-- | Makefile | 8 | ||||
-rw-r--r-- | README | 54 | ||||
-rw-r--r-- | android.gpg | bin | 2410 -> 1879 bytes | |||
-rw-r--r-- | apple/README | 26 | ||||
-rw-r--r-- | graphite.gpg | bin | 0 -> 2298 bytes |
5 files changed, 85 insertions, 3 deletions
@@ -40,21 +40,23 @@ makechanges := 57F8E5D4069A9F31 mcnair := 1D52157B22532C5B micah := 8CBF9A322861A790 sunbird := D45523676ED610B7 -varac := 4CBCAE6A99575D06 +varac := 5465E77E7876ED04 parmegv := E7BD709798449799 kali := 23638BF72C593BC1 +drebs := B2B397904D39F3B3D4BA511EA5E6BCA629BA4127 -files := accounts apple android dns financial jenkins legal vps distro +files := accounts apple android dns financial jenkins legal vps distro graphite accounts_readers := elijah mcnair micah kwadronaut apple_readers := elijah micah kali -android_readers := elijah parmegv +android_readers := elijah kwadronaut dns_readers := kwadronaut elijah micah varac financial_readers := elijah sunbird makechanges micah jenkins_readers := micah parmegv kwadronaut legal_readers := elijah sunbird makechanges mcnair vps_readers := kwadronaut elijah micah varac distro_readers := elijah micah varac kwadronaut +graphite_readers := kali varac drebs ## ## NO NEED TO MODIFY BELOW HERE @@ -0,0 +1,54 @@ +Usage summary +----------------------------------------------- + + git pull + gpg -d file.gpg > file.txt + edit file.txt + make file.gpg + rm file.txt + git commit file.gpg + git push + +Makefile configuration +----------------------------------------------- + + user1 := <key id> + user2 := <key id> + user3 := <key id> + files := file1 file2 + file2_readers := user1 user2 + file2_readers := user2 user3 + +Details +----------------------------------------------- + +The Makefile will encrypt certain files to the right people. + +usage: "make foo.gpg" will encrypt foo.txt + +* If unencrypted file exists and is newer than the encrypted, it will + encrypt it. +* If the unencrypted file exists and is not newer than the encrypted, it + will report "up to date" and won't encrypt it +* If the unencrypted file doesn't exist, it will say you are dumb. + +If you don't have one of the keys needed for encrypting: + + gpg --recv-keys <fingerprint> + gpg --fingerprint --keyid-format long <fingerprint> + +IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT. +gpg does not verify the fingerprint when you run --recv-keys. + +To add additional files to be encrypted: + + files := file_a file_b + file_a_readers := user1 user2 + file_b_readers := user3 user4 + +Files should be named without their suffix. The actual source file must +always end in .txt, and the encrypted file will always end in .gpg. + +After you change the x_readers list for a file, you will need to run +`touch x.txt` in order for `make` to encrypt `x.gpg`. + diff --git a/android.gpg b/android.gpg Binary files differindex 0c69d08..0d4993d 100644 --- a/android.gpg +++ b/android.gpg diff --git a/apple/README b/apple/README new file mode 100644 index 0000000..4ab3039 --- /dev/null +++ b/apple/README @@ -0,0 +1,26 @@ +This directory holds Apple developer certificates, and the corresponding +public/private keys. + +For example: + + certname.cer -- The final certificate signed by Apple. + + certname.csr -- The Certificate Signing Request, generated + with the Mac app "Keychain Access". + + certname.key.p12 -- The private key for this certificate, + created when the CSR is created. + exported from "Keychain Access". + + certname.pub.pem -- The public key for this certificate, + created when the CSR is created, + exported from "Keychain Access". + +The certificates: + +leap-developer-id-application + This is used for distributing the application outside the app store. + +leap-developer-id-installer + This is used for distributing an installer outside the app store. + diff --git a/graphite.gpg b/graphite.gpg Binary files differnew file mode 100644 index 0000000..8febdb9 --- /dev/null +++ b/graphite.gpg |