-
Notifications
You must be signed in to change notification settings - Fork 1
/
Makefile
120 lines (92 loc) · 2.09 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#
# HOWTO:
#
# set target to be encrypted key/escrow file e.g., passwords.asc
# set key_file to filename containing list of public keys for those allowed
# to read the target file, e.g., pub_keys. See example pub_key_list for
# file format
#
target := passwords.asc
key_file := pub_key_list
# object is the file w/o the .asc file extension from gpg
object := $(subst .asc,,$(target))
# this will be used to create a backup copy of the current $(target), just in case...
old := $(target).old
# keys are from key_file and used to encrypt flie
keys := $(shell egrep -v '^\#' $(key_file) )
# portion of command line built from keys
recipients := $(foreach key, $(keys), --recipient $(key))
crypt_keys := $(foreach key, $(keys), $(key))
# command to encrypt escrow with multiple public keys
gpg_crypt := gpg --encrypt --armor $(recipients) $(object)
# command to grab keys from keyserver
gpg_getkeys := gpg --search-keys $(keys)
#
# default command is to create the .asc file, it should be rebuilt
# if the key_file is newer
#
$(target): $(key_file)
make $(object)
mv -f $(target) $(old)
$(gpg_crypt)
make forceclean
@echo "don't forget to check in your changes..."
#
# how to make the object if key_file changes
# best to use gpg-agent here...
#
$(object): $(key_file)
gpg $(target)
#
# view the unencrypted file
#
less:
gpg -d $(target) | less
clear
#
# assumes the $(object) exists already...
#
encrypt:
mv -f $(target) $(old)
$(gpg_crypt)
make forceclean
@echo "don't forget to check in your changes..."
#
# shorthand for creating the $(object) file
#
decrypt: $(object)
#
# force encryption, assumes $(object) does NOT already exist
#
force: $(object)
make encrypt
#
# decrypts file for editing, auto-re-encrypts
#
edit: $(object)
if [ "x$${EDITOR}" = "x" ]; \
then \
vi $(object); \
else \
$$EDITOR $(object); \
fi
make encrypt
#
# alias for the edit command...
#
vi: edit
#
# removes the unecrypted file for cleanliness
#
clean:
rm -i $(object)
forceclean:
rm -f $(object)
#
# stuffs keys before you encrypt
#
getkeys:
for K in $(keys); \
do \
gpg --search-keys $$K; \
done