#
# A Makefile to encrypt certain files to the right people.
#
# usage: make foo.pgp
#
# * If unencrypted file exists and is newer than the encrypted, it will
#   encrypt it.
# * If the unencrypted file exists and is not newer than the encrypted, it
#   will report "up to date" and won't encrypt it
# * If the unencrypted file doesn't exist, it will say you are dumb.
# 
# If you don't have one of the keys needed for encrypting:
#
#   gpg --recv-keys <fingerprint>
#   gpg --fingerprint --keyid-format long <fingerprint>
#
# IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT.
# gpg does not verify the fingerprint when you run --recv-keys.
#
# To add additional files to be encrypted:
#
#   files          := file_a file_b
#   file_a_readers := user1 user2
#   file_b_readers := user3 user4
#
# Files should be named without their suffix. The actual source file must
# always end in .txt, and the encrypted file will always end in .gpg.
#

##
## CONFIGURE HERE
##

chiiph      := 95E3881D9A753A6B
elijah      := 8688B48800440025
kwadronaut  := BD68C7AA997FA77F
makechanges := 57F8E5D4069A9F31
mcnair      := 1D52157B22532C5B
mcode       := DFFC14A4EC9A6FB1
micah       := 8CBF9A322861A790
sunbird     := D45523676ED610B7
varac       := 4CBCAE6A99575D06

files := accounts android dns financial legal vps

accounts_readers  := elijah mcnair
android_readers   := elijah chiiph mcode
dns_readers       := kwadronaut elijah micah varac
financial_readers := elijah sunbird makechanges
legal_readers     := elijah sunbird makechanges mcnair
vps_readers       := kwadronaut elijah micah varac

##
## NO NEED TO MODIFY BELOW HERE
##

GPG := gpg --sign --encrypt

plaintext_input  := $(addsuffix .txt, ${files})
encrypted_output := $(addsuffix .gpg, ${files})

empty :=
space := $(empty) $(empty)
comma := ,

all:
	@echo "USAGE: make FILE\n       where FILE is one of $(subst $(space),$(comma)$(space),${encrypted_output})"

$(encrypted_output): %.gpg : %.txt
	@echo "Encrypting '$<' to '$@' with these keys: $($(<:.txt=)_readers)"
	$(GPG) $(foreach reader,$($(<:.txt=)_readers),--recipient $($(reader))) --output $@ $<

$(plaintext_input):
	@echo "'$@' doesn't exist, why are you trying to encrypt it?"
	@exit 1