#
# A Makefile to encrypt certain files to the right people.
#
# usage: "make foo.gpg" will encrypt foo.txt
#
# * If unencrypted file exists and is newer than the encrypted, it will
#   encrypt it.
# * If the unencrypted file exists and is not newer than the encrypted, it
#   will report "up to date" and won't encrypt it
# * If the unencrypted file doesn't exist, it will say you are dumb.
#
# If you don't have one of the keys needed for encrypting:
#
#   gpg --recv-keys <fingerprint>
#   gpg --fingerprint --keyid-format long <fingerprint>
#
# IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT.
# gpg does not verify the fingerprint when you run --recv-keys.
#
# To add additional files to be encrypted:
#
#   files          := file_a file_b
#   file_a_readers := user1 user2
#   file_b_readers := user3 user4
#
# Files should be named without their suffix. The actual source file must
# always end in .txt, and the encrypted file will always end in .gpg.
#
# After you change the x_readers list for a file, you will need to run
# `touch x.txt` in order for `make` to encrypt `x.gpg`.
#

##
## CONFIGURE HERE
##

anjan       := 67AFF2EDA74669B1D9E6B95524EF5FFED28CA2B3
cyberta     := 838EEC04AFDCC8E9C46AB0EFDF32A57F8D3C3B20
drebs       := B2B397904D39F3B3D4BA511EA5E6BCA629BA4127
elijah      := 8688B48800440025
kali        := 23638BF72C593BC1
kwadronaut  := BD68C7AA997FA77F
#makechanges := 57F8E5D4069A9F31
makechanges := 5F9236638A53EDA21FF914AA25CA7AFB8D07C1EB
mcnair      := 1D52157B22532C5B
micah       := 9621C386
varac       := 5465E77E7876ED04
meskio      := 07948FFA64160A425BCD27EAC732B1D1C28F4E2F

files := accounts apple android dns financial jenkins legal panoramix twitter vps distro graphite snap thunderbird windoze windozecert microsoft reports archivesign

accounts_readers  	:= cyberta mcnair micah kwadronaut
apple_readers     	:= anjan kali micah makechanges kwadronaut
android_readers   	:= kwadronaut cyberta micah makechanges
archivesign_readers	:= micah cyberta kwadronaut
dns_readers       	:= kwadronaut micah makechanges
financial_readers 	:= makechanges micah
graphite_readers  	:= kali varac 
jenkins_readers   	:= micah kwadronaut
legal_readers     	:= makechanges mcnair
panoramix_readers 	:= kwadronaut kali micah
distro_readers    	:= micah kwadronaut
microsoft_readers       := micah makechanges kwadronaut
twitter_readers   	:= kali kwadronaut micah mcnair
snap_readers	  	:= kali meskio kwadronaut
thunderbird_readers	:= meskio kali
reports_readers         := cyberta makechanges mcnair kwadronaut
vps_readers       	:= kwadronaut micah
windoze_readers         := anjan micah kali kwadronaut
windozecert_readers     := anjan micah kali kwadronaut

##
## NO NEED TO MODIFY BELOW HERE
##

GPG := gpg --sign --encrypt

plaintext_input  := $(addsuffix .txt, ${files})
encrypted_output := $(addsuffix .gpg, ${files})

empty :=
space := $(empty) $(empty)
comma := ,

all:
	@echo "USAGE: make FILE\n       where FILE is one of $(subst $(space),$(comma)$(space),${encrypted_output})"

$(encrypted_output): %.gpg : %.txt
	@echo "Encrypting '$<' to '$@' with these keys: $($(<:.txt=)_readers)"
	$(GPG) $(foreach reader,$($(<:.txt=)_readers),--recipient $($(reader))) --output $@ $<

$(plaintext_input):
	@echo "'$@' doesn't exist, why are you trying to encrypt it?"
	@exit 1