CSREQ(1) BSD General Commands Manual CSREQ(1)NAME
csreq — Expert tool for manipulating Code Signing Requirement data
SYNOPSIS
csreq [-v] -r requirement-input -t
csreq [-v] -r requirement-input -b outputfile
DESCRIPTION
The csreq command manipulates Code Signing Requirement data. It reads
one requirement from a file or command arguments, converts it into inter‐
nal form, checks it, and then optionally outputs it in a different form.
The options are as follows:
-b path
Requests that the requirement read be written in binary form to
the path given.
-r requirement-input
Specifies the input requirement. See "specifying requirements"
below. This is exactly the same format as is accepted by the -r
and -R options of the codesign(1) command.
-t Requests that the requirement read be written as text to standard
output.
-v Increases the verbosity of output. Multiple instances of -v pro‐
duce increasing levels of commentary output.
In the first synopsis form, csreq reads a Code Requirement and writes it
to standard output as canonical source text. Note that with text input,
this actually compiles the requirement into internal form and then con‐
verts it back to text, giving you the system's view of the requirement
code.
In the second synopsis form, csreq reads a Code Requirement and writes
its binary representation to a file. This is the same form produced by
the SecRequirementCopyData API, and is readily acceptable as input to
Code Signing verification APIs. It can also be used as input to subse‐
quent invocations of csreq by passing the filename to the -r option.
SPECIFYING REQUIREMENTS
The requirement argument (-r) can be given in various forms. A plain text
argument is taken to be a path to a file containing the requirement. This
program will accept both binary files containing properly compiled
requirements code, and source files that are automatically compiled for
use. An argument of "-" requests that the requirement(s) are read from
standard input. Again, standard input can contain either binary form or
text. Finally, an argument that begins with an equal sign "=" is taken
as a literal requirements source text, and is compiled accordingly for
use.
EXAMPLES
To compile an explicit requirement program and write its binary form to
file "output":
csreq -r="identifier com.foo.test" -b output.csreq
To display the requirement program embedded at offset 1234 of file "foo":
tail -b 1234 foo | csreq -r- -t
FILESDIAGNOSTICS
The csreq program exits 0 on success or 1 on failure. Errors in arguments
yield exit code 2.
SEE ALSOcodesign(1)HISTORY
The csreq command first appeared in Mac OS 10.5.0 .
BSD June 1, 2006 BSD