diff options
| author | elijah <elijah@riseup.net> | 2016-07-29 12:23:35 -0700 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2016-07-29 12:23:35 -0700 |
| commit | 8b25136ac49a09e08cda782605700f8e3e10d3b7 (patch) | |
| tree | 9c61a26340233d6bea84c5fcd92c41c96f29fcff | |
| parent | aaaae09084edf89272d31066f035a1753ba79400 (diff) | |
updated README
| -rw-r--r-- | README | 54 | ||||
| -rw-r--r-- | apple/README | 26 |
2 files changed, 80 insertions, 0 deletions
@@ -0,0 +1,54 @@ +Usage summary +----------------------------------------------- + + git pull + gpg -d file.gpg > file.txt + edit file.txt + rake file.gpg + rm file.txt + git commit file.gpg + git push + +Makefile configuration +----------------------------------------------- + + user1 := <key id> + user2 := <key id> + user3 := <key id> + files := file1 file2 + file2_readers := user1 user2 + file2_readers := user2 user3 + +Details +----------------------------------------------- + +The Makefile will encrypt certain files to the right people. + +usage: "make foo.gpg" will encrypt foo.txt + +* If unencrypted file exists and is newer than the encrypted, it will + encrypt it. +* If the unencrypted file exists and is not newer than the encrypted, it + will report "up to date" and won't encrypt it +* If the unencrypted file doesn't exist, it will say you are dumb. + +If you don't have one of the keys needed for encrypting: + + gpg --recv-keys <fingerprint> + gpg --fingerprint --keyid-format long <fingerprint> + +IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT. +gpg does not verify the fingerprint when you run --recv-keys. + +To add additional files to be encrypted: + + files := file_a file_b + file_a_readers := user1 user2 + file_b_readers := user3 user4 + +Files should be named without their suffix. The actual source file must +always end in .txt, and the encrypted file will always end in .gpg. + +After you change the x_readers list for a file, you will need to run +`touch x.txt` in order for `make` to encrypt `x.gpg`. + diff --git a/apple/README b/apple/README new file mode 100644 index 0000000..4ab3039 --- /dev/null +++ b/apple/README @@ -0,0 +1,26 @@ +This directory holds Apple developer certificates, and the corresponding +public/private keys. + +For example: + + certname.cer -- The final certificate signed by Apple. + + certname.csr -- The Certificate Signing Request, generated + with the Mac app "Keychain Access". + + certname.key.p12 -- The private key for this certificate, + created when the CSR is created. + exported from "Keychain Access". + + certname.pub.pem -- The public key for this certificate, + created when the CSR is created, + exported from "Keychain Access". + +The certificates: + +leap-developer-id-application + This is used for distributing the application outside the app store. + +leap-developer-id-installer + This is used for distributing an installer outside the app store. + |