Add manpage

2 files changed, 177 insertions, 4 deletions

diff --git a/ldid.1 b/ldid.1
new file mode 100644
index 0000000..55efe4e
--- /dev/null
+++ b/ldid.1
@@ -0,0 +1,164 @@
+.\"-
+.\" Copyright (c) 2021 Cameron Katri
+.\" SPDX-License-Identifier: AGPL-3.0-or-later
+.\"
+.Dd October 8, 2021
+.Dt LDID 1
+.Os
+.Sh NAME
+.Nm ldid
+.Nd Link Identity Editor
+.Sh SYNOPSIS
+.Nm
+.Op Fl A Ns Ar cputype : Ns Ar subtype
+.Op Fl a
+.Op Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime
+.Op Fl D
+.Op Fl d
+.Op Fl e
+.Op Fl h
+.Op Fl K Ns Ar key.p12 Op Fl U Ns Ar password
+.Op Fl M
+.Op Fl P
+.Op Fl q
+.Op Fl r | Fl S Ns Ar file.xml | Fl s
+.Op Fl T Ns Ar timestamp
+.Op Fl u
+.Ar
+.Sh DESCRIPTION
+.Nm
+adds SHA1 and SHA256 hashes to a Mach-O file so that they can be run on a system that has validation but not signature verification.
+.Bl -tag -width -indent
+.It Fl a
+Print the CPU types and subtypes in hexadecimal.
+.It Fl A Ns Ar cputype : Ns Ar subtype
+When used with
+.Fl a , Fl D , Fl e , Fl h , Fl q ,
+or
+.Fl u ,
+only act on the slice specified by
+.Ar cputype
+and
+.Ar subtype .
+.Ar cputype
+and
+.Ar subtype
+should both be integers.
+.It Fl C Ns Op Ar adhoc | Ar enforcement | Ar expires | Ar hard | Ar host | Ar kill | Ar library-validation | Ar restrict | Ar runtime
+Specify the option flags to embed in the code signature.
+See
+.Xr codesign 1
+for details about these options.
+.It Fl D
+Reset the cryptid.
+.It Fl d
+Print the cryptid in the binaries if it exists.
+For compatibility reasons it also acts as
+.Fl h ,
+but this will be removed in the future.
+.It Fl e
+Print the entitlements in each slice, or the slice specified by
+.Fl A ,
+to
+.Ar stdout .
+.It Fl h
+Print information about the signature, such as hash types, flags, CDHash, and CodeDirectory version to
+.Ar stdout .
+.It Fl K Ns Ar key.p12
+Sign using the identity in
+.Ar key.p12 .
+This will give the binary a valid signature so that it can be run on a system with signature validation.
+If
+.Ar key.p12
+has a password you will be prompted for it, or you can specify from the command line with
+.Fl U .
+.It Fl M
+When used with
+.Fl S ,
+merge the new and existing entitlements instead of replacing the existing entitlements, this is useful for adding a few specific entitlements to a handful of binaries.
+.It Fl P
+Mark the Mach-O as a platform binary.
+.It Fl Q Ns Ar file
+Embed the requirements found in
+.Ar file .
+.It Fl q
+Print embedded requirements of the binaries.
+.It Fl r
+Remove the signature from the Mach-O.
+.It Fl S Ns Op Ar file.xml
+Pseudo-sign the Mach-O binaries.
+If
+.Ar file.xml
+is specified then the entitlements found in
+.Ar file.xml
+will be embedded in the Mach-O.
+.It Fl s
+Resign the Mach-O binaries while keeping the existing entitlements.
+.It Fl T Ns Ar timestamp
+When signing a dylib, set the timestamp to
+.Ar timestamp .
+.Ar timestamp
+should be an UNIX timestamp in seconds, if
+.Ar timestamp
+is a single dash
+.Pq Sq Fl ,
+the timestamp will be set to a hash of the Mach-O header.
+.It Fl U Ns Ar password
+Use
+.Ar password
+as the password for the p12 certificate instead of prompting.
+.It Fl u
+If the binary was linked against UIKit, then print the UIKit version that the Mach-O binaries was linked against.
+.El
+.Sh EXAMPLES
+The command:
+.Pp
+.Dl "ldid -S file"
+.Pp
+will fakesign
+.Ar file
+with no entitlements.
+.Pp
+The command:
+.Pp
+.Dl "ldid -Cadhoc -K/path/to/key.p12 -Sent.xml file"
+.Pp
+will sign
+.Ar file
+using the key in
+.Ar /path/to/key.p12
+with the entitlements found in
+.Ar ent.xml ,
+and mark it as an adhoc signature.
+.Pp
+The command:
+.Pp
+.Dl "ldid -Sent.xml -M file"
+.Pp
+will add the entitlements in
+.Ar ent.xml
+to the entitlements already in
+.Ar file .
+.Pp
+The command:
+.Pp
+.Dl "ldid -e file > ent.xml"
+.Pp
+will save the entitlements found in each slice of
+.Ar file
+to
+.Ar ent.xml .
+.Sh SEE ALSO
+.Xr codesign 1
+.Sh HISTORY
+The
+.Nm
+utility was written by
+.An Jay \*qSaurik\*q Freeman .
+iPhoneOS 1.2.0 and 2.0 support was added on April 6, 2008.
+.Fl S
+was added on June 13, 2008.
+SHA256 support was added on August 25, 2016, fixing iOS 11 support.
+iOS 14 support was added on July 31, 2020 by
+.An Kabir Oberai .
+iOS 15 support was added on June 11, 2021.
diff --git a/ldid.cpp b/ldid.cpp
index b664441..f8360d3 100644
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -3102,10 +3102,19 @@ std::string Hex(const uint8_t *data, size_t size) {
 }
 
 static void usage(const char *argv0) {
-    fprintf(stderr, "usage: %s -S[entitlements.xml] <binary>\n", argv0);
-    fprintf(stderr, "   %s -e MobileSafari\n", argv0);
-    fprintf(stderr, "   %s -S cat\n", argv0);
-    fprintf(stderr, "   %s -Stfp.xml gdb\n", argv0);
+    fprintf(stderr, "Link Identity Editor %s\n\n", LDID_VERSION);
+    fprintf(stderr, "usage: %s [-Acputype:subtype] [-a]\n", argv0);
+    fprintf(stderr, "          [-C[adhoc | enforcement | expires | hard |\n");
+    fprintf(stderr, "          host | kill | library-validation | restrict | runtime]] [-D] [-d]\n");
+    fprintf(stderr, "          [-e] [-h] [-Kkey.p12 [-Upassword]] [-M] [-P] [-q] [-r | -Sfile | -s]\n");
+    fprintf(stderr, "          [-Ttimestamp] [-u] file ...\n\n");
+    fprintf(stderr, "Options:\n");
+    fprintf(stderr, "   -S[file.xml]  Pseudo-sign using the entitlements in file.xml\n");
+    fprintf(stderr, "   -Kkey.p12     Sign using private key in key.p12\n");
+    fprintf(stderr, "   -Upassword    Use password to unlock key.p12\n");
+    fprintf(stderr, "   -M            Merge entitlements with any existing\n");
+    fprintf(stderr, "   -h            Print CDHash of file\n\n");
+    fprintf(stderr, "More information: 'man ldid'\n");
 }
 
 #ifndef LDID_NOTOOLS