CSREQ(1)                     General Commands Manual                    CSREQ(1)

     csreq – Expert tool for manipulating Code Signing Requirement data

     csreq [-v] -r requirement-input -t
     csreq [-v] -r requirement-input -b outputfile

     The csreq command manipulates Code Signing Requirement data.  It reads one
     requirement from a file or command arguments, converts it into internal
     form, checks it, and then optionally outputs it in a different form.

     The options are as follows:

     -b path
             Requests that the requirement read be written in binary form to the
             path given.

     -r requirement-input
             Specifies the input requirement. See "specifying requirements"
             below. This is exactly the same format as is accepted by the -r and
             -R options of the codesign(1) command.

     -t      Requests that the requirement read be written as text to standard

     -v      Increases the verbosity of output. Multiple instances of -v produce
             increasing levels of commentary output.

     In the first synopsis form, csreq reads a Code Requirement and writes it to
     standard output as canonical source text.  Note that with text input, this
     actually compiles the requirement into internal form and then converts it
     back to text, giving you the system's view of the requirement code.

     In the second synopsis form, csreq reads a Code Requirement and writes its
     binary representation to a file. This is the same form produced by the
     SecRequirementCopyData API, and is readily acceptable as input to Code
     Signing verification APIs. It can also be used as input to subsequent
     invocations of csreq by passing the filename to the -r option.

     The requirement argument (-r) can be given in various forms. A plain text
     argument is taken to be a path to a file containing the requirement. This
     program will accept both binary files containing properly compiled
     requirements code, and source files that are automatically compiled for
     use.  An argument of "-" requests that the requirement(s) are read from
     standard input.  Again, standard input can contain either binary form or
     text.  Finally, an argument that begins with an equal sign "=" is taken as
     a literal requirements source text, and is compiled accordingly for use.

     To compile an explicit requirement program and write its binary form to
     file "output":
           csreq -r="identifier com.foo.test" -b output.csreq

     To display the requirement program embedded at offset 1234 of file "foo":
           tail -b 1234 foo | csreq -r- -t

     The csreq program exits 0 on success or 1 on failure. Errors in arguments
     yield exit code 2.


     The csreq command first appeared in Mac OS 10.5.0 .

macOS 12.1                        June 1, 2006                        macOS 12.1