diff options
| author |   Cameron Katri <me@cameronkatri.com> | 2022-05-25 22:16:52 -0400 |
|---|---|---|
| committer | Cameron Katri <me@cameronkatri.com> | 2022-05-25 22:16:52 -0400 |
| commit | 35de91afe0ea4b09277b78c36e595ea6472643a4 (patch) | |
| tree | c04c24aaefe9e2351d7148c99c25bcd29d94675e | |
| parent | 4630d99a60f87144ecd9cb392c407a316f2da30f (diff) | |
| download | trustcache-35de91afe0ea4b09277b78c36e595ea6472643a4.tar.gz trustcache-35de91afe0ea4b09277b78c36e595ea6472643a4.tar.zst trustcache-35de91afe0ea4b09277b78c36e595ea6472643a4.zip | |
append: Allow specifying cdhash directly
| -rw-r--r-- | README.txt | 12 | ||||
| -rw-r--r-- | append.c | 24 | ||||
| -rw-r--r-- | tc.1 | 5 |
3 files changed, 34 insertions, 7 deletions
@@ -15,11 +15,13 @@ DESCRIPTION The following commands are supported by tc: append [-f flags] [-u uuid | 0] infile file ... - Modify the trustcache at infile to include each signed Mach-O in - the specified path. uuid is used to specify a custom uuid to be - used. If it is 0, the uuid will be left the same, otherwise, it - will be regenerated. If -f is specified, any new entries with - have the flags specified at flags. + Modify the trustcache at infile to include each signed Mach-O at + the specified paths. If file is both 40 characters and + hexadecimal, that hash will be added to the cache. uuid is used + to specify a custom uuid to be used. If it is 0, the uuid will + be left the same, otherwise, it will be regenerated. If -f is + specified, any new entries with have the flags specified at + flags. create [-u uuid] [-v version] outfile file ... Create a trustcache at outfile. Each Mach-O found in the @@ -25,6 +25,7 @@ * SUCH DAMAGE. */ +#include <ctype.h> #include <errno.h> #include <getopt.h> #include <stdbool.h> @@ -38,6 +39,14 @@ #include "compat.h" +static bool +ishexstring(const char *s) { + for (; *s != '\0'; s++) + if (!isxdigit(*s)) + return false; + return true; +} + int tcappend(int argc, char **argv) { @@ -83,7 +92,20 @@ tcappend(int argc, char **argv) }; for (int i = 1; i < argc; i++) { - append = cache_from_tree(argv[i], cache.version); + if (strlen(argv[i]) == 40 && ishexstring(argv[i])) { + append.num_entries = 1; + if (append.version == 0) { + append.hashes = calloc(1, sizeof(trust_cache_hash0)); + for (size_t j = 0; j < CS_CDHASH_LEN; j++) + sscanf(argv[i] + 2 * j, "%02hhx", &append.hashes[0][j]); + } else { + append.entries = calloc(1, sizeof(struct trust_cache_entry1)); + for (size_t j = 0; j < CS_CDHASH_LEN; j++) + sscanf(argv[i] + 2 * j, "%02hhx", &append.entries[0].cdhash[j]); + } + } else { + append = cache_from_tree(argv[i], cache.version); + } if (append.version == 0) { if ((cache.hashes = realloc(cache.hashes, sizeof(trust_cache_hash0) * (cache.num_entries + append.num_entries))) == NULL) @@ -69,7 +69,10 @@ The following commands are supported by .Xc Modify the trustcache at .Ar infile -to include each signed Mach-O in the specified path. +to include each signed Mach-O at the specified paths. +If +.Ar file +is both 40 characters and hexadecimal, that hash will be added to the cache. .Ar uuid is used to specify a custom uuid to be used. If it is |