The following commands are supported by tc:
append [-f flags] [-u uuid | 0] infile file ...
- Modify the trustcache at infile to include each signed Mach-O in
- the specified path. uuid is used to specify a custom uuid to be
- used. If it is 0, the uuid will be left the same, otherwise, it
- will be regenerated. If -f is specified, any new entries with
- have the flags specified at flags.
+ Modify the trustcache at infile to include each signed Mach-O at
+ the specified paths. If file is both 40 characters and
+ hexadecimal, that hash will be added to the cache. uuid is used
+ to specify a custom uuid to be used. If it is 0, the uuid will
+ be left the same, otherwise, it will be regenerated. If -f is
+ specified, any new entries with have the flags specified at
+ flags.
create [-u uuid] [-v version] outfile file ...
Create a trustcache at outfile. Each Mach-O found in the
* SUCH DAMAGE.
*/
+#include <ctype.h>
#include <errno.h>
#include <getopt.h>
#include <stdbool.h>
#include "compat.h"
+static bool
+ishexstring(const char *s) {
+ for (; *s != '\0'; s++)
+ if (!isxdigit(*s))
+ return false;
+ return true;
+}
+
int
tcappend(int argc, char **argv)
{
};
for (int i = 1; i < argc; i++) {
- append = cache_from_tree(argv[i], cache.version);
+ if (strlen(argv[i]) == 40 && ishexstring(argv[i])) {
+ append.num_entries = 1;
+ if (append.version == 0) {
+ append.hashes = calloc(1, sizeof(trust_cache_hash0));
+ for (size_t j = 0; j < CS_CDHASH_LEN; j++)
+ sscanf(argv[i] + 2 * j, "%02hhx", &append.hashes[0][j]);
+ } else {
+ append.entries = calloc(1, sizeof(struct trust_cache_entry1));
+ for (size_t j = 0; j < CS_CDHASH_LEN; j++)
+ sscanf(argv[i] + 2 * j, "%02hhx", &append.entries[0].cdhash[j]);
+ }
+ } else {
+ append = cache_from_tree(argv[i], cache.version);
+ }
if (append.version == 0) {
if ((cache.hashes = realloc(cache.hashes, sizeof(trust_cache_hash0) *
(cache.num_entries + append.num_entries))) == NULL)
.Xc
Modify the trustcache at
.Ar infile
-to include each signed Mach-O in the specified path.
+to include each signed Mach-O at the specified paths.
+If
+.Ar file
+is both 40 characters and hexadecimal, that hash will be added to the cache.
.Ar uuid
is used to specify a custom uuid to be used.
If it is