docs/ldid.1

   1 .\"-
   2 .\" Copyright (c) 2021-2022 ProcursusTeam
   3 .\" SPDX-License-Identifier: AGPL-3.0-or-later
   4 .\"
   5 .Dd October 8, 2021
   6 .Dt LDID 1
   7 .Os
   8 .Sh NAME
   9 .Nm ldid
  10 .Nd Link Identity Editor
  11 .Sh SYNOPSIS
  12 .Nm
  13 .Op Fl A Ns Ar cputype : Ns Ar subtype
  14 .Op Fl a
  15 .Op Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime
  16 .Op Fl D
  17 .Op Fl d
  18 .Op Fl E Ns Ar num : Ns Ar file
  19 .Op Fl e
  20 .Op Fl h
  21 .Op Fl K Ns Ar key.p12 Op Fl U Ns Ar password
  22 .Op Fl M
  23 .Op Fl P
  24 .Op Fl q
  25 .Op Fl r | Fl S Ns Ar file.xml | Fl s
  26 .Op Fl T Ns Ar timestamp
  27 .Op Fl u
  28 .Ar
  29 .Sh DESCRIPTION
  30 .Nm
  31 adds SHA1 and SHA256 hashes to a Mach-O file so that they can be run
  32 on a system that has validation but not signature verification.
  33 .Bl -tag -width -indent
  34 .It Fl a
  35 Print the CPU types and subtypes in hexadecimal.
  36 .It Fl A Ns Ar cputype : Ns Ar subtype
  37 When used with
  38 .Fl a , Fl D , Fl e , Fl h , Fl q ,
  39 or
  40 .Fl u ,
  41 only act on the slice specified by
  42 .Ar cputype
  43 and
  44 .Ar subtype .
  45 .Ar cputype
  46 and
  47 .Ar subtype
  48 should both be integers.
  49 .It Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime
  50 Specify the option flags to embed in the code signature.
  51 See
  52 .Xr codesign 1
  53 for details about these options.
  54 .It Fl D
  55 Reset the cryptid.
  56 .It Fl d
  57 Print the cryptid in the binaries if it exists.
  58 For compatibility reasons it also acts as
  59 .Fl h ,
  60 but this will be removed in the future.
  61 .It Fl E Ns Ar num : Ns Ar file
  62 Embed the hashes of
  63 .Ar file
  64 in the special codesign slot at
  65 .Ar num .
  66 .It Fl e
  67 Print the entitlements in each slice, or the slice specified by
  68 .Fl A ,
  69 to
  70 .Ar stdout .
  71 .It Fl h
  72 Print information about the signature, such as
  73 hash types, flags, CDHash, and CodeDirectory version to
  74 .Ar stdout .
  75 .It Fl K Ns Ar key.p12
  76 Sign using the identity in
  77 .Ar key.p12 .
  78 This will give the binary a valid signature so that it can be run
  79 on a system with signature validation.
  80 If
  81 .Ar key.p12
  82 has a password you will be prompted for it,
  83 or you can specify from the command line with
  84 .Fl U .
  85 .It Fl M
  86 When used with
  87 .Fl S ,
  88 merge the new and existing entitlements instead of replacing the existing
  89 entitlements, this is useful for adding a few specific entitlements to a
  90 handful of binaries.
  91 .It Fl P
  92 Mark the Mach-O as a platform binary.
  93 .It Fl Q Ns Ar file
  94 Embed the requirements found in
  95 .Ar file .
  96 .It Fl q
  97 Print embedded requirements of the binaries.
  98 .It Fl r
  99 Remove the signature from the Mach-O.
 100 .It Fl S Ns Op Ar file.xml
 101 Pseudo-sign the Mach-O binaries.
 102 If
 103 .Ar file.xml
 104 is specified then the entitlements found in
 105 .Ar file.xml
 106 will be embedded in the Mach-O.
 107 .It Fl s
 108 Resign the Mach-O binaries while keeping the existing entitlements.
 109 .It Fl T Ns Ar timestamp
 110 When signing a dylib, set the timestamp to
 111 .Ar timestamp .
 112 .Ar timestamp
 113 should be an UNIX timestamp in seconds, if
 114 .Ar timestamp
 115 is a single dash
 116 .Pq Sq Fl ,
 117 the timestamp will be set to a hash of the Mach-O header.
 118 .It Fl U Ns Ar password
 119 Use
 120 .Ar password
 121 as the password for the p12 certificate instead of prompting.
 122 .It Fl u
 123 If the binary was linked against UIKit, then print the UIKit version that the
 124 Mach-O binaries were linked against.
 125 .El
 126 .Sh EXAMPLES
 127 The command:
 128 .Pp
 129 .Dl "ldid -S file"
 130 .Pp
 131 will fakesign
 132 .Ar file
 133 with no entitlements.
 134 .Pp
 135 The command:
 136 .Pp
 137 .Dl "ldid -Cadhoc -K/path/to/key.p12 -Sent.xml file"
 138 .Pp
 139 will sign
 140 .Ar file
 141 using the key in
 142 .Ar /path/to/key.p12
 143 with the entitlements found in
 144 .Ar ent.xml ,
 145 and mark it as an adhoc signature.
 146 .Pp
 147 The command:
 148 .Pp
 149 .Dl "ldid -Sent.xml -M file"
 150 .Pp
 151 will add the entitlements in
 152 .Ar ent.xml
 153 to the entitlements already in
 154 .Ar file .
 155 .Pp
 156 The command:
 157 .Pp
 158 .Dl "ldid -e file > ent.xml"
 159 .Pp
 160 will save the entitlements found in each slice of
 161 .Ar file
 162 to
 163 .Ar ent.xml .
 164 .Sh SEE ALSO
 165 .Xr codesign 1
 166 .Sh HISTORY
 167 The
 168 .Nm
 169 utility was written by
 170 .An Jay \*qSaurik\*q Freeman .
 171 iPhoneOS 1.2.0 and 2.0 support was added on April 6, 2008.
 172 .Fl S
 173 was added on June 13, 2008.
 174 SHA256 support was added on August 25, 2016, fixing iOS 11 support.
 175 iOS 14 support was added on July 31, 2020 by
 176 .An Kabir Oberai .
 177 iOS 15 support was added on June 11, 2021.