CSREQ(1) | General Commands Manual | CSREQ(1) |
csreq
— Expert
tool for manipulating Code Signing Requirement data
csreq |
[-v ] -r requirement-input
-t |
csreq |
[-v ] -r requirement-input
-b outputfile |
The csreq
command manipulates Code Signing
Requirement data. It reads one requirement from a file or command arguments,
converts it into internal form, checks it, and then optionally outputs it in
a different form.
The options are as follows:
-b
path-r
requirement-input-t
-v
In the first synopsis form, csreq
reads a
Code Requirement and writes it to standard output as canonical source text.
Note that with text input, this actually compiles the requirement into
internal form and then converts it back to text, giving you the system's
view of the requirement code.
In the second synopsis form, csreq
reads a
Code Requirement and writes its binary representation to a file. This is the
same form produced by the SecRequirementCopyData API, and is readily
acceptable as input to Code Signing verification APIs. It can also be used
as input to subsequent invocations of csreq
by
passing the filename to the -r option.
The requirement argument (-r) can be given in various forms. A plain text argument is taken to be a path to a file containing the requirement. This program will accept both binary files containing properly compiled requirements code, and source files that are automatically compiled for use. An argument of "-" requests that the requirement(s) are read from standard input. Again, standard input can contain either binary form or text. Finally, an argument that begins with an equal sign "=" is taken as a literal requirements source text, and is compiled accordingly for use.
To compile an explicit requirement program and write its binary form to file "output":
csreq -r="identifier
com.foo.test" -b output.csreq
To display the requirement program embedded at offset 1234 of file "foo":
tail -b 1234 foo | csreq -r-
-t
The csreq
program exits 0 on success or 1
on failure. Errors in arguments yield exit code 2.
The csreq
command first appeared in Mac OS
10.5.0 .
June 1, 2006 | macOS 15.0 |