{
"name": "codesign",
"description": "Create and manipulate code signatures",
"options": [
{
"names": [
"--all-architectures"
],
"description": "When verifying a code signature on code that has a universal ('fat') Mach-O binary, separately verify each architecture contained. This is the default unless overridden with the -a (--architecture) op"
},
{
"names": [
"-a",
"--architecture"
],
"description": "When verifying or displaying signatures, explicitly select the Mach-O architecture given",
"takes_arg": true,
"arg": {
"name": "architecture"
}
},
{
"names": [
"--bundle-version"
],
"description": "When handling versioned bundles such as frameworks, explicitly specify the version to operate on",
"takes_arg": true,
"arg": {
"name": "version-string"
}
},
{
"names": [
"-d",
"--display"
],
"description": "Display information about the code at the path(s) given"
},
{
"names": [
"-D",
"--detached"
],
"description": "When signing, designates that a detached signature should be written to the specified file",
"takes_arg": true,
"arg": {
"name": "file",
"template": "filepaths"
}
},
{
"names": [
"--deep"
],
"description": "When signing a bundle, specifies that nested code content such as helpers, frameworks, and plug-ins, should be recursively signed in turn. Beware that all signing options you specify will apply, in tu"
},
{
"names": [
"--detached-database"
],
"description": "When signing, specifies that a detached signature should be generated as with the --detached option, but that the resulting signature should be written into a system database, from where it is made au"
},
{
"names": [
"-f",
"--force"
],
"description": "When signing, causes codesign to replace any existing signature on the path(s) given"
},
{
"names": [
"-h",
"--hosting"
],
"description": "Constructs and prints the hosting chain of a running program"
},
{
"names": [
"-i",
"--identifier"
],
"description": "During signing, explicitly specify the unique identifier string that is embedded in code signatures",
"takes_arg": true,
"arg": {
"name": "identifier"
}
},
{
"names": [
"-o",
"--options"
],
"description": "During signing, specifies a set of option flags to be embedded in the code signature",
"takes_arg": true,
"arg": {
"name": "version-string"
}
},
{
"names": [
"-P",
"--pagesize"
],
"description": "Indicates the granularity of code signing. Pagesize must be a power of two",
"takes_arg": true,
"arg": {
"name": "size"
}
},
{
"names": [
"-r",
"--requirements"
],
"description": "During signing, indicates that internal requirements should be embedded in the code path(s) as specified",
"takes_arg": true,
"arg": {
"name": "requirements"
}
},
{
"names": [
"-R",
"--test-requirement"
],
"description": "During verification, indicates that the path(s) given should be verified against the code requirement specified",
"takes_arg": true,
"arg": {
"name": "requirement"
}
},
{
"names": [
"-s",
"--sign"
],
"description": "Sign the code at the path(s) given using this identity",
"takes_arg": true,
"arg": {
"name": "identity"
}
},
{
"names": [
"-v",
"--verify"
],
"description": "Requests verification of code signatures"
},
{
"names": [
"--continue"
],
"description": "Instructs codesign to continue processing path arguments even if processing one fails"
},
{
"names": [
"--dryrun"
],
"description": "During signing, performs almost all signing operations, but does not actually write the result anywhere"
},
{
"names": [
"--entitlements"
],
"description": "When signing, take the file at the given path and embed its contents in the signature as entitlement data",
"takes_arg": true,
"arg": {
"name": "path"
}
},
{
"names": [
"--extract-certificates"
],
"description": "When displaying a signature, extract the certificates in the embedded certificate chain and write them to individual files",
"takes_arg": true,
"arg": {
"name": "prefix"
}
},
{
"names": [
"--file-list"
],
"description": "When signing or displaying a signature, codesign writes to the given path a list of files that may have been modified as part of the signing process",
"takes_arg": true,
"arg": {
"name": "file",
"is_variadic": true,
"template": "filepaths"
}
},
{
"names": [
"--ignore-resources"
],
"description": "During static validation, do not validate the contents of the code's resources"
},
{
"names": [
"--keychain"
],
"description": "During signing, only search for the signing identity in the keychain file specified",
"takes_arg": true,
"arg": {
"name": "filename"
}
},
{
"names": [
"--prefix"
],
"description": "If no explicit unique identifier is specified (using the -i option), and if the implicitly generated identifier does not contain any dot (.) characters, then the given string is prefixed to the identi",
"takes_arg": true,
"arg": {
"name": "prefix"
}
},
{
"names": [
"--preserve-metadata=list"
],
"description": "When re-signing code that is already signed, reuse some information from the old signature"
},
{
"names": [
"--resource-rules"
],
"description": "During signing, this option overrides the default rules for identifying and collecting bundle resources and nested code to be sealed into the signature",
"takes_arg": true,
"arg": {
"name": "file"
}
},
{
"names": [
"--timestamp"
],
"description": "During signing, requests that a timestamp authority server be contacted to authenticate the time of signing",
"takes_arg": true,
"arg": {
"name": "URL"
}
}
]
}