0
0
forked from blender/blender
blender/release/darwin/README.txt
Brecht Van Lommel 77d82ed1fd macOS: add missing info to code signing instructions regarding key files
The instructions for this part are not exactly clear, but better to document
what took us a while to figure out to get a new system set up for signing.
2019-12-12 13:58:22 +01:00

56 lines
2.1 KiB
Plaintext

macOS app bundling guide
========================
Install Code Signing Certificate
--------------------------------
* Go to https://developer.apple.com/account/resources/certificates/list
* Download the Developer ID Application certificate.
* Double click the file and add to key chain (default options).
* Delete the file from the Downloads folder.
* You will also need to install a .p12 public/private key file for the
certificate. This is only available for the owner of the Blender account,
or can be exported and copied from another system that already has code
signing set up.
Find the codesigning identity by running:
$ security find-identity -v -p codesigning
"Developer ID Application: Stichting Blender Foundation" is the identity needed.
The long code at the start of the line is used as <identity> below.
Setup Apple ID
--------------
* The Apple ID must have two step verification enabled.
* Create an app specific password for the code signing app (label can be anything):
https://support.apple.com/en-us/HT204397
* Add the app specific password to keychain:
$ security add-generic-password -a <apple-id> -w <app-specific-password> -s altool-password
When running the bundle script, there will be a popup. To avoid that either:
* Click Always Allow in the popup
* In the Keychain Access app, change the Access Control settings on altool-password
Bundle
------
Then the bundle is created as follows:
$ ./bundle.sh --source <sourcedir> --dmg <dmg> --bundle-id <bundleid> --username <apple-id> --password "@keychain:altool-password" --codesign <identity>
<sourcedir> directory where built Blender.app is
<dmg> location and name of the final disk image
<bundleid> id on notarization, for example org.blenderfoundation.blender.release
<apple-id> your appleid email
<identity> codesigning identity
When specifying only --sourcedir and --dmg, the build will not be signed.
Example :
$ ./bundle.sh --source /data/build/bin --dmg /data/Blender-2.8-alpha-macOS-10.11.dmg --bundle-id org.blenderfoundation.blender.release --username "foo@mac.com" --password "@keychain:altool-password" --codesign AE825E26F12D08B692F360133210AF46F4CF7B97