From 35de91afe0ea4b09277b78c36e595ea6472643a4 Mon Sep 17 00:00:00 2001
From: Cameron Katri <me@cameronkatri.com>
Date: Wed, 25 May 2022 22:16:52 -0400
Subject: append: Allow specifying cdhash directly

---
 README.txt | 12 +++++++-----
 append.c   | 24 +++++++++++++++++++++++-
 tc.1       |  5 ++++-
 3 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/README.txt b/README.txt
index 295f66f..54c313d 100644
--- a/README.txt
+++ b/README.txt
@@ -15,11 +15,13 @@ DESCRIPTION
      The following commands are supported by tc:
 
      append [-f flags] [-u uuid | 0] infile file ...
-             Modify the trustcache at infile to include each signed Mach-O in
-             the specified path.  uuid is used to specify a custom uuid to be
-             used.  If it is 0, the uuid will be left the same, otherwise, it
-             will be regenerated.  If -f is specified, any new entries with
-             have the flags specified at flags.
+             Modify the trustcache at infile to include each signed Mach-O at
+             the specified paths.  If file is both 40 characters and
+             hexadecimal, that hash will be added to the cache.  uuid is used
+             to specify a custom uuid to be used.  If it is 0, the uuid will
+             be left the same, otherwise, it will be regenerated.  If -f is
+             specified, any new entries with have the flags specified at
+             flags.
 
      create [-u uuid] [-v version] outfile file ...
              Create a trustcache at outfile.  Each Mach-O found in the
diff --git a/append.c b/append.c
index cf8dc83..764ab3f 100644
--- a/append.c
+++ b/append.c
@@ -25,6 +25,7 @@
  * SUCH DAMAGE.
  */
 
+#include <ctype.h>
 #include <errno.h>
 #include <getopt.h>
 #include <stdbool.h>
@@ -38,6 +39,14 @@
 
 #include "compat.h"
 
+static bool
+ishexstring(const char *s) {
+	for (; *s != '\0'; s++)
+		if (!isxdigit(*s))
+			return false;
+	return true;
+}
+
 int
 tcappend(int argc, char **argv)
 {
@@ -83,7 +92,20 @@ tcappend(int argc, char **argv)
 	};
 
 	for (int i = 1; i < argc; i++) {
-		append = cache_from_tree(argv[i], cache.version);
+		if (strlen(argv[i]) == 40 && ishexstring(argv[i])) {
+			append.num_entries = 1;
+			if (append.version == 0) {
+				append.hashes = calloc(1, sizeof(trust_cache_hash0));
+				for (size_t j = 0; j < CS_CDHASH_LEN; j++)
+					sscanf(argv[i] + 2 * j, "%02hhx", &append.hashes[0][j]);
+			} else {
+				append.entries = calloc(1, sizeof(struct trust_cache_entry1));
+				for (size_t j = 0; j < CS_CDHASH_LEN; j++)
+					sscanf(argv[i] + 2 * j, "%02hhx", &append.entries[0].cdhash[j]);
+			}
+		} else {
+			append = cache_from_tree(argv[i], cache.version);
+		}
 		if (append.version == 0) {
 			if ((cache.hashes = realloc(cache.hashes, sizeof(trust_cache_hash0) *
 							(cache.num_entries + append.num_entries))) == NULL)
diff --git a/tc.1 b/tc.1
index 030eaf1..8c5431b 100644
--- a/tc.1
+++ b/tc.1
@@ -69,7 +69,10 @@ The following commands are supported by
 .Xc
 Modify the trustcache at
 .Ar infile
-to include each signed Mach-O in the specified path.
+to include each signed Mach-O at the specified paths.
+If
+.Ar file
+is both 40 characters and hexadecimal, that hash will be added to the cache.
 .Ar uuid
 is used to specify a custom uuid to be used.
 If it is
-- 
cgit v1.2.3-56-ge451