0
0
forked from blender/blender
blender/release/darwin
Brecht Van Lommel 908ed661ee Fix Blender DMG bundling for macOS failing on buildbot
The change from D6462 caused a permission prompt. Setting the user and group
UID appears unnecessary to fix the issue, so leave just the mode.
2020-01-22 11:14:30 +01:00
..
Blender.app/Contents Fix T71342: macOS does not always use the discrete GPU for Blender 2019-12-06 19:21:02 +01:00
buildbot Buildbot: support building releases, make non-releases more consistent 2019-09-03 12:23:39 +02:00
background.tif Compress macOS DMG background image 2019-06-25 11:37:02 +02:00
blender.applescript macOS DMG bundle, codesign and notarization script 2019-06-21 20:30:17 +03:00
bundle.sh Fix Blender DMG bundling for macOS failing on buildbot 2020-01-22 11:14:30 +01:00
entitlements.plist Fix T66986: fix dylib plugins on macOS not working in code signed release 2019-07-15 22:22:50 +02:00
README.txt macOS: add missing info to code signing instructions regarding key files 2019-12-12 13:58:22 +01:00

macOS app bundling guide
========================

Install Code Signing Certificate
--------------------------------

* Go to https://developer.apple.com/account/resources/certificates/list
* Download the Developer ID Application certificate.
* Double click the file and add to key chain (default options).
* Delete the file from the Downloads folder.

* You will also need to install a .p12 public/private key file for the
  certificate. This is only available for the owner of the Blender account,
  or can be exported and copied from another system that already has code
  signing set up.

Find the codesigning identity by running:

$ security find-identity -v -p codesigning

"Developer ID Application: Stichting Blender Foundation" is the identity needed.
The long code at the start of the line is used as <identity> below.

Setup Apple ID
--------------

* The Apple ID must have two step verification enabled.
* Create an app specific password for the code signing app (label can be anything):
https://support.apple.com/en-us/HT204397
* Add the app specific password to keychain:

$ security add-generic-password -a <apple-id> -w <app-specific-password> -s altool-password

When running the bundle script, there will be a popup. To avoid that either:
* Click Always Allow in the popup
* In the Keychain Access app, change the Access Control settings on altool-password

Bundle
------

Then the bundle is created as follows:

$ ./bundle.sh --source <sourcedir> --dmg <dmg> --bundle-id <bundleid> --username <apple-id> --password "@keychain:altool-password" --codesign <identity>

<sourcedir>  directory where built Blender.app is
<dmg>	       location and name of the final disk image
<bundleid>   id on notarization, for example org.blenderfoundation.blender.release
<apple-id>   your appleid email
<identity>   codesigning identity

When specifying only --sourcedir and --dmg, the build will not be signed.

Example :
$ ./bundle.sh --source /data/build/bin --dmg /data/Blender-2.8-alpha-macOS-10.11.dmg --bundle-id org.blenderfoundation.blender.release --username "foo@mac.com" --password "@keychain:altool-password" --codesign AE825E26F12D08B692F360133210AF46F4CF7B97