If a file is already signed, there is no way to add it to the database, since the enrolling only happens when the file is successfully signed.
Previous issue on this topic: #359
In this previous issue an linked PR, the behavior was changed such that enrolling happens before signing. However, in this other issue #457, it was pointed out that failing to sign also enrolls files, and so the behavior was reverted.
The current workaround is to reinstall/regenerate the files before running sbctl sign -s <file> in order to add it to the database.
Suggestion: add a sbctl enroll-file command that manually enrolls files into the database.
If a file is already signed, there is no way to add it to the database, since the enrolling only happens when the file is successfully signed.
Previous issue on this topic: #359
In this previous issue an linked PR, the behavior was changed such that enrolling happens before signing. However, in this other issue #457, it was pointed out that failing to sign also enrolls files, and so the behavior was reverted.
The current workaround is to reinstall/regenerate the files before running
sbctl sign -s <file>in order to add it to the database.Suggestion: add a
sbctl enroll-filecommand that manually enrolls files into the database.