summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-07-29 12:23:35 -0700
committerelijah <elijah@riseup.net>2016-07-29 12:23:35 -0700
commit8b25136ac49a09e08cda782605700f8e3e10d3b7 (patch)
tree9c61a26340233d6bea84c5fcd92c41c96f29fcff
parentaaaae09084edf89272d31066f035a1753ba79400 (diff)
updated README
-rw-r--r--README54
-rw-r--r--apple/README26
2 files changed, 80 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..67d2a50
--- /dev/null
+++ b/README
@@ -0,0 +1,54 @@
+Usage summary
+-----------------------------------------------
+
+ git pull
+ gpg -d file.gpg > file.txt
+ edit file.txt
+ rake file.gpg
+ rm file.txt
+ git commit file.gpg
+ git push
+
+Makefile configuration
+-----------------------------------------------
+
+ user1 := <key id>
+ user2 := <key id>
+ user3 := <key id>
+ files := file1 file2
+ file2_readers := user1 user2
+ file2_readers := user2 user3
+
+Details
+-----------------------------------------------
+
+The Makefile will encrypt certain files to the right people.
+
+usage: "make foo.gpg" will encrypt foo.txt
+
+* If unencrypted file exists and is newer than the encrypted, it will
+ encrypt it.
+* If the unencrypted file exists and is not newer than the encrypted, it
+ will report "up to date" and won't encrypt it
+* If the unencrypted file doesn't exist, it will say you are dumb.
+
+If you don't have one of the keys needed for encrypting:
+
+ gpg --recv-keys <fingerprint>
+ gpg --fingerprint --keyid-format long <fingerprint>
+
+IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT.
+gpg does not verify the fingerprint when you run --recv-keys.
+
+To add additional files to be encrypted:
+
+ files := file_a file_b
+ file_a_readers := user1 user2
+ file_b_readers := user3 user4
+
+Files should be named without their suffix. The actual source file must
+always end in .txt, and the encrypted file will always end in .gpg.
+
+After you change the x_readers list for a file, you will need to run
+`touch x.txt` in order for `make` to encrypt `x.gpg`.
+
diff --git a/apple/README b/apple/README
new file mode 100644
index 0000000..4ab3039
--- /dev/null
+++ b/apple/README
@@ -0,0 +1,26 @@
+This directory holds Apple developer certificates, and the corresponding
+public/private keys.
+
+For example:
+
+ certname.cer -- The final certificate signed by Apple.
+
+ certname.csr -- The Certificate Signing Request, generated
+ with the Mac app "Keychain Access".
+
+ certname.key.p12 -- The private key for this certificate,
+ created when the CSR is created.
+ exported from "Keychain Access".
+
+ certname.pub.pem -- The public key for this certificate,
+ created when the CSR is created,
+ exported from "Keychain Access".
+
+The certificates:
+
+leap-developer-id-application
+ This is used for distributing the application outside the app store.
+
+leap-developer-id-installer
+ This is used for distributing an installer outside the app store.
+