Codesign: Add codesign for macOS worker

Works similarly to Windows configuration where buildbot worker and codesign machines are communicating with each other using network drive.
2020-02-03 17:03:51 +01:00
parent 59e1c2f629
commit 3125cfceec
15 changed files with 1223 additions and 28 deletions
--- a/build_files/buildbot/codesign/config_server_template.py
+++ b/build_files/buildbot/codesign/config_server_template.py
@@ -27,8 +27,43 @@ from pathlib import Path

 from codesign.config_common import *

+CODESIGN_DIRECTORY = Path(__file__).absolute().parent
+BLENDER_GIT_ROOT_DIRECTORY = CODESIGN_DIRECTORY.parent.parent.parent
+
+################################################################################
+# Common configuration.
+
+# Directory where folders for codesign requests and signed result are stored.
+# For example, /data/codesign
+SHARED_STORAGE_DIR: Path
+
+################################################################################
+# macOS-specific configuration.
+
+MACOS_ENTITLEMENTS_FILE = \
+    BLENDER_GIT_ROOT_DIRECTORY / 'release' / 'darwin' / 'entitlements.plist'
+
+# Identity of the Developer ID Application certificate which is to be used for
+# codesign tool.
+# Use `security find-identity -v -p codesigning` to find the identity.
+#
+# NOTE: This identity is just an example from release/darwin/README.txt.
+MACOS_CODESIGN_IDENTITY = 'AE825E26F12D08B692F360133210AF46F4CF7B97'
+
+# User name (Apple ID) which will be used to request notarization.
+MACOS_XCRUN_USERNAME = 'me@example.com'
+
+# One-time application password which will be used to request notarization.
+MACOS_XCRUN_PASSWORD = '@keychain:altool-password'
+
+# Timeout in seconds within which the notarial office is supposed to reply.
+MACOS_NOTARIZE_TIMEOUT_IN_SECONDS = 60 * 60
+
+################################################################################
+# Windows-specific configuration.
+
 # URL to the timestamping authority.
-TIMESTAMP_AUTHORITY_URL = 'http://timestamp.digicert.com'
+WIN_TIMESTAMP_AUTHORITY_URL = 'http://timestamp.digicert.com'

 # Full path to the certificate used for signing.
 #
@@ -36,7 +71,10 @@ TIMESTAMP_AUTHORITY_URL = 'http://timestamp.digicert.com'
 #
 # On Windows it is usually is a PKCS #12 key (.pfx), so the path will look
 # like Path('C:\\Secret\\Blender.pfx').
-CERTIFICATE_FILEPATH: Path
+WIN_CERTIFICATE_FILEPATH: Path
+
+################################################################################
+# Logging configuration, common for all platforms.

 # https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema
 LOGGING = {