Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

csreq(1) [osx man page]

CSREQ(1)						    BSD General Commands Manual 						  CSREQ(1)

csreq -- Expert tool for manipulating Code Signing Requirement data SYNOPSIS
csreq [-v] -r requirement-input -t csreq [-v] -r requirement-input -b outputfile DESCRIPTION
The csreq command manipulates Code Signing Requirement data. It reads one requirement from a file or command arguments, converts it into internal form, checks it, and then optionally outputs it in a different form. The options are as follows: -b path Requests that the requirement read be written in binary form to the path given. -r requirement-input Specifies the input requirement. See "specifying requirements" below. This is exactly the same format as is accepted by the -r and -R options of the codesign(1) command. -t Requests that the requirement read be written as text to standard output. -v Increases the verbosity of output. Multiple instances of -v produce increasing levels of commentary output. In the first synopsis form, csreq reads a Code Requirement and writes it to standard output as canonical source text. Note that with text input, this actually compiles the requirement into internal form and then converts it back to text, giving you the system's view of the requirement code. In the second synopsis form, csreq reads a Code Requirement and writes its binary representation to a file. This is the same form produced by the SecRequirementCopyData API, and is readily acceptable as input to Code Signing verification APIs. It can also be used as input to subse- quent invocations of csreq by passing the filename to the -r option. SPECIFYING REQUIREMENTS
The requirement argument (-r) can be given in various forms. A plain text argument is taken to be a path to a file containing the require- ment. This program will accept both binary files containing properly compiled requirements code, and source files that are automatically com- piled for use. An argument of "-" requests that the requirement(s) are read from standard input. Again, standard input can contain either binary form or text. Finally, an argument that begins with an equal sign "=" is taken as a literal requirements source text, and is compiled accordingly for use. EXAMPLES
To compile an explicit requirement program and write its binary form to file "output": csreq -r="identifier" -b output.csreq To display the requirement program embedded at offset 1234 of file "foo": tail -b 1234 foo | csreq -r- -t FILES
The csreq program exits 0 on success or 1 on failure. Errors in arguments yield exit code 2. SEE ALSO
codesign(1) HISTORY
The csreq command first appeared in Mac OS 10.5.0 . BSD
June 1, 2006 BSD

Check Out this Related Man Page

asctl(1)						    BSD General Commands Manual 						  asctl(1)

asctl -- App Sandbox Control Tool SYNOPSIS
asctl [-p] [-l] command [arguments] DESCRIPTION
asctl is a facility for manipulating the filesystem container for an applications using App Sandbox. A container is a per-application filesytem hierarchy rooted in ~/Library/Containers. GENERAL COMMANDS
help Prints a summary of commands and their behaviours. sandbox check <app specification> Determines with the given application is signed with App Sandbox entitlements. In addition, if the application is specified by pid using the --pid syntax, prints out whether the application is actually running with App Sandbox enabled, a traditional sandbox, or no sandbox at all. CONTAINER MANAGEMENT COMMANDS
The following commands manage filesystem containers for sandboxed apps. container path <app specification> Print the path to the application's container. container create <app specification> Create and initialize the application's container. Containers are normally created automatically when sandboxed applications are run. This command creates the container for an application without running the application. container upgrade <app specification> Upgrade the application's container to the current container schema. Existing containers are normally automatically upgraded to the latest container schema when their associated applications are run. This command upgrades an existing container without running the associated application. container repair <app specification> Repair a container's structure by re-creating missing files and symlinks, repairing file permissions so that files are owned by and accessible to the current user, and rebuilding the application's sandbox information. This operation may require authorization by the user. CONTAINER ACL MANAGEMENT COMMANDS
Each container has an access control list comprised of code requirements. A sandboxed application must satify one or more of the code requirements on their container in order to run. The following commands manipulate the container's access control list: container acl add <app specification> Update the access control list for the application's container to include the application's designated code requirement. container acl add <app specification> <code requirement> Update the access control list for the application's container to include the specified code requirement. container acl update <app specification> Update the access control list for the application's container such that it consists of only the application's designated code requirement. Any other code requirements will be removed from the ACL. container acl list <app specification> Print list of code requirements in the access control list for the given application's container. container acl validate <app specification> Validate the application against each of the code requirements in its container's access control list. Each code requirement in the ACL is labeled with one of the following: [FAIL] application does not validate against code requirement. [VALID] application validates against code requirement. [EXACT] application validates against code requirement and code requirement is the same as the application's designated code requirement. container acl verify <app specification> Synonym for acl validate. SYMLINK SUPPORT COMMANDS
App Sandbox will follow any symlinks in the paths to users' home directories. In addition, it has a whitelist of other locations where it will acknowledge and honor symbolic links. Any symlinks not in this whitelist will not be followed and, as a result, App Sandboxed applica- tions will not have access to the paths that the symlinks refer to. The following command displays the whitelist of paths where App Sandbox will acknowledge symlinks at: symlink list <path ...> Display the list of paths that App Sandbox searches for symlinks and, for any paths that are symlinks, display where the symlinks currently resolve to. DIAGNOSTIC COMMAND
Collect diagnostic information related to Application Sandboxing and containers. The information is collected into a single file that can be sent to Apple to aid in diagnosing problems when an application runs inside of a sandbox. Should you choose to send the diagnostic informa- tion to Apple, then you must agree to this disclaimer: This diagnostic tool generates files that allow Apple to investigate issues with your computer and help Apple to improve its products. The generated files may contain some of your personal information, which may include, but not be limited to, the serial number or similar unique number for your device, your user name, your file names or your computer name. The information is used by Apple in accordance with its pri- vacy policy ( and is not shared with any third party. By enabling this diagnostic tool and sending a copy of the gen- erated files to Apple, you are consenting to Apple's use of the content of such files. Additional information concerning a specific application can be gathered via the app subcommand. This command must be run as 'root'. The following command collects diagnostic information: diagnose [--no-compress | --no-disclaimer | --no-reveal | --no-verbose] [app <app specification>] Collection diagnostic information. Outputs the path to the folder or file containing the information. Optional arguments: --no-compress Do not compress the folder containing the dianostic files into a Zip file. --no-disclaimer Do not show the disclaimer. Use of this option constitutes acceptance of the disclaimer. --no-reveal Do not reveal the resulting diagnostic file in Finder. --no-verbose Do not show verbose output while running the diagnostic. Optional subcommand: app <app specification> Specify an application for which additional information will be gathered. GLOBAL OPTIONS
-p By default, asctl displays paths relative to the user's home directory. This flag causes any paths in the output to be displayed as absolute paths instead. -l Write internal logging information to a temporary file. APPLICATION SPECIFIERS
Many commands require an application specification as one of their arguments. Applications can be specified any of the following ways: <name> The application name as it appears in the Applications folder, with or without the .app extension. For example, "TextEdit". <path> The path to the application binary or bundle. For example, /Applications/ --file <path> Explicitly indicate the following argument is to be interpreted as the path to the application binary or bundle. The --file flag removes ambiguity when an argument can be interpreted as either an application name or a valid path to an application. For example, --file /Applications/ --bundle <bundle Id> Interpret the following argument as the bunder identifier of the application. For example, --bundle --pid <process Id> Interpret the following argument as the process identifier of a running application. For example, --pid 1. --container-path <path to container> Interpret the following argument as a path to an existing container and determine the application for that container . For example, --container-path ~/Library/Containers/ FILES
~/Library/Containers The user's containers folder. SEE ALSO
codesign(1) HISTORY
The asctl command first appeared in Mac OS X Version 10.7. Darwin February 20, 2014 Darwin
Man Page

Featured Tech Videos