Merge branch 'master' of ssh://leap.se/secrets

5 files changed, 85 insertions, 3 deletions

diff --git a/Makefile b/Makefile
index 9e4a831..3e9e36d 100644
--- a/Makefile
+++ b/Makefile
@@ -40,21 +40,23 @@ makechanges := 57F8E5D4069A9F31
 mcnair      := 1D52157B22532C5B
 micah       := 8CBF9A322861A790
 sunbird     := D45523676ED610B7
-varac       := 4CBCAE6A99575D06
+varac       := 5465E77E7876ED04
 parmegv     := E7BD709798449799
 kali        := 23638BF72C593BC1
+drebs       := B2B397904D39F3B3D4BA511EA5E6BCA629BA4127
 
-files := accounts apple android dns financial jenkins legal vps distro
+files := accounts apple android dns financial jenkins legal vps distro graphite
 
 accounts_readers  := elijah mcnair micah kwadronaut
 apple_readers     := elijah micah kali
-android_readers   := elijah parmegv
+android_readers   := elijah kwadronaut
 dns_readers       := kwadronaut elijah micah varac
 financial_readers := elijah sunbird makechanges micah
 jenkins_readers   := micah parmegv kwadronaut
 legal_readers     := elijah sunbird makechanges mcnair
 vps_readers       := kwadronaut elijah micah varac
 distro_readers    := elijah micah varac kwadronaut
+graphite_readers  := kali varac drebs
 
 ##
 ## NO NEED TO MODIFY BELOW HERE
diff --git a/README b/README
new file mode 100644
index 0000000..58f32e7
--- /dev/null
+++ b/README
@@ -0,0 +1,54 @@
+Usage summary
+-----------------------------------------------
+
+    git pull
+    gpg -d file.gpg > file.txt
+    edit file.txt
+    make file.gpg
+    rm file.txt
+    git commit file.gpg
+    git push
+
+Makefile configuration
+-----------------------------------------------
+
+    user1 := <key id>
+    user2 := <key id>
+    user3 := <key id>
+    files := file1 file2
+    file2_readers := user1 user2
+    file2_readers := user2 user3
+
+Details
+-----------------------------------------------
+
+The Makefile will encrypt certain files to the right people.
+
+usage: "make foo.gpg" will encrypt foo.txt
+
+* If unencrypted file exists and is newer than the encrypted, it will
+  encrypt it.
+* If the unencrypted file exists and is not newer than the encrypted, it
+  will report "up to date" and won't encrypt it
+* If the unencrypted file doesn't exist, it will say you are dumb.
+ 
+If you don't have one of the keys needed for encrypting:
+
+   gpg --recv-keys <fingerprint>
+   gpg --fingerprint --keyid-format long <fingerprint>
+
+IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT.
+gpg does not verify the fingerprint when you run --recv-keys.
+
+To add additional files to be encrypted:
+
+   files          := file_a file_b
+   file_a_readers := user1 user2
+   file_b_readers := user3 user4
+
+Files should be named without their suffix. The actual source file must
+always end in .txt, and the encrypted file will always end in .gpg.
+
+After you change the x_readers list for a file, you will need to run
+`touch x.txt` in order for `make` to encrypt `x.gpg`.
+
diff --git a/android.gpg b/android.gpg
index 0c69d08..0d4993d 100644
--- a/android.gpg
+++ b/android.gpg
diff --git a/apple/README b/apple/README
new file mode 100644
index 0000000..4ab3039
--- /dev/null
+++ b/apple/README
@@ -0,0 +1,26 @@
+This directory holds Apple developer certificates, and the corresponding
+public/private keys.
+
+For example:
+
+  certname.cer     -- The final certificate signed by Apple.
+
+  certname.csr     -- The Certificate Signing Request, generated
+                      with the Mac app "Keychain Access".
+                    
+  certname.key.p12 -- The private key for this certificate,
+                      created when the CSR is created.
+                      exported from "Keychain Access".
+                    
+  certname.pub.pem -- The public key for this certificate,
+                      created when the CSR is created,
+                      exported from "Keychain Access".
+
+The certificates:
+
+leap-developer-id-application
+  This is used for distributing the application outside the app store.
+
+leap-developer-id-installer
+  This is used for distributing an installer outside the app store.
+
diff --git a/graphite.gpg b/graphite.gpg
new file mode 100644
index 0000000..8febdb9
--- /dev/null
+++ b/graphite.gpg