append: Allow specifying cdhash directly

diff --git a/README.txt b/README.txt
index 295f66fcfaa0aba2ae607cd13ea3701f0656efd7..54c313d99b1a1f77dd26ce7ba8371dd4aa898f66 100644 (file)
--- a/README.txt
+++ b/README.txt
@@ -15,11 +15,13 @@ DESCRIPTION
      The following commands are supported by tc:
 
      append [-f flags] [-u uuid | 0] infile file ...
-             Modify the trustcache at infile to include each signed Mach-O in
-             the specified path.  uuid is used to specify a custom uuid to be
-             used.  If it is 0, the uuid will be left the same, otherwise, it
-             will be regenerated.  If -f is specified, any new entries with
-             have the flags specified at flags.
+             Modify the trustcache at infile to include each signed Mach-O at
+             the specified paths.  If file is both 40 characters and
+             hexadecimal, that hash will be added to the cache.  uuid is used
+             to specify a custom uuid to be used.  If it is 0, the uuid will
+             be left the same, otherwise, it will be regenerated.  If -f is
+             specified, any new entries with have the flags specified at
+             flags.
 
      create [-u uuid] [-v version] outfile file ...
              Create a trustcache at outfile.  Each Mach-O found in the

diff --git a/append.c b/append.c
index cf8dc83d3c30ed8fe49bbc13363a2f4484ca4329..764ab3fb6708d1c069124241305242fa446b2f20 100644 (file)
--- a/append.c
+++ b/append.c
@@ -25,6 +25,7 @@
  * SUCH DAMAGE.
  */
 
+#include <ctype.h>
 #include <errno.h>
 #include <getopt.h>
 #include <stdbool.h>
@@ -38,6 +39,14 @@
 
 #include "compat.h"
 
+static bool
+ishexstring(const char *s) {
+       for (; *s != '\0'; s++)
+               if (!isxdigit(*s))
+                       return false;
+       return true;
+}
+
 int
 tcappend(int argc, char **argv)
 {
@@ -83,7 +92,20 @@ tcappend(int argc, char **argv)
        };
 
        for (int i = 1; i < argc; i++) {
-               append = cache_from_tree(argv[i], cache.version);
+               if (strlen(argv[i]) == 40 && ishexstring(argv[i])) {
+                       append.num_entries = 1;
+                       if (append.version == 0) {
+                               append.hashes = calloc(1, sizeof(trust_cache_hash0));
+                               for (size_t j = 0; j < CS_CDHASH_LEN; j++)
+                                       sscanf(argv[i] + 2 * j, "%02hhx", &append.hashes[0][j]);
+                       } else {
+                               append.entries = calloc(1, sizeof(struct trust_cache_entry1));
+                               for (size_t j = 0; j < CS_CDHASH_LEN; j++)
+                                       sscanf(argv[i] + 2 * j, "%02hhx", &append.entries[0].cdhash[j]);
+                       }
+               } else {
+                       append = cache_from_tree(argv[i], cache.version);
+               }
                if (append.version == 0) {
                        if ((cache.hashes = realloc(cache.hashes, sizeof(trust_cache_hash0) *
                                                        (cache.num_entries + append.num_entries))) == NULL)

diff --git a/tc.1 b/tc.1
index 030eaf1282c9e50556db65d81ded1a56cfa11904..8c5431bb0f9e2ddb7499d310012a308a2c779496 100644 (file)
--- a/tc.1
+++ b/tc.1
@@ -69,7 +69,10 @@ The following commands are supported by
 .Xc
 Modify the trustcache at
 .Ar infile
-to include each signed Mach-O in the specified path.
+to include each signed Mach-O at the specified paths.
+If
+.Ar file
+is both 40 characters and hexadecimal, that hash will be added to the cache.
 .Ar uuid
 is used to specify a custom uuid to be used.
 If it is