#
# A Makefile to encrypt certain files to the right people.
#
# usage: "make foo.gpg" will encrypt foo.txt
#
# * If unencrypted file exists and is newer than the encrypted, it will
#   encrypt it.
# * If the unencrypted file exists and is not newer than the encrypted, it
#   will report "up to date" and won't encrypt it
# * If the unencrypted file doesn't exist, it will say you are dumb.
# 
# If you don't have one of the keys needed for encrypting:
#
#   gpg --recv-keys <fingerprint>
#   gpg --fingerprint --keyid-format long <fingerprint>
#
# IT IS IMPERATIVE THAT YOU VERIFY THE FINGERPRINT.
# gpg does not verify the fingerprint when you run --recv-keys.
#
# To add additional files to be encrypted:
#
#   files          := file_a file_b
#   file_a_readers := user1 user2
#   file_b_readers := user3 user4
#
# Files should be named without their suffix. The actual source file must
# always end in .txt, and the encrypted file will always end in .gpg.
#
# After you change the x_readers list for a file, you will need to run
# `touch x.txt` in order for `make` to encrypt `x.gpg`.
#

##
## CONFIGURE HERE
##


kwadronaut  := BD68C7AA997FA77F

files := accounts refugees laden dns

accounts_readers  := kwadronaut
dns_readers       := kwadronaut 
refugees_readers  := kwadronaut
laden_readers     := kwadronaut

##
## NO NEED TO MODIFY BELOW HERE
##

GPG := gpg --sign --encrypt

plaintext_input  := $(addsuffix .txt, ${files})
encrypted_output := $(addsuffix .gpg, ${files})

empty :=
space := $(empty) $(empty)
comma := ,

all:
        @echo "USAGE: make FILE\n       where FILE is one of $(subst $(space),$(comma)$(space),${encrypted_output})"

$(encrypted_output): %.gpg : %.txt
        @echo "Encrypting '$<' to '$@' with these keys: $($(<:.txt=)_readers)"
        $(GPG) $(foreach reader,$($(<:.txt=)_readers),--recipient $($(reader))) --output $@ $<

$(plaintext_input):
        @echo "'$@' doesn't exist, why are you trying to encrypt it?"
        @exit 1