3 changed files with 21 additions and 19 deletions
--- a/buildbot/worker/blender/compile.py
+++ b/buildbot/worker/blender/compile.py
@ -151,8 +151,8 @@ def get_cmake_options(builder: worker.blender.CodeBuilder) -> worker.utils.CmdSe
                linker_file_path="C:/Program Files/LLVM/bin/lld-link.exe"
            else:
                vs_tool_install_dir_suffix = "bin/Hostx64/x64"
-                compiler_file_path = vc_tool_install_path / f"{vs_tool_install_dir_suffix}/cl.exe"
-                linker_file_path = vc_tool_install_path / f"{vs_tool_install_dir_suffix}/link.exe"
+                compiler_file_path = str(vc_tool_install_path / f"{vs_tool_install_dir_suffix}/cl.exe")
+                linker_file_path = str(vc_tool_install_path / f"{vs_tool_install_dir_suffix}/link.exe")

            options += ["-G", "Ninja"]
            # -DWITH_WINDOWS_SCCACHE=On
--- a/buildbot/worker/blender/pack.py
+++ b/buildbot/worker/blender/pack.py
@ -129,7 +129,7 @@ def pack_mac(builder: worker.blender.CodeBuilder) -> None:
    )

    # Sign
-    worker.blender.sign.sign_darwin_files(builder, [package_file_path])
+    worker.blender.sign.sign_darwin_files(builder, [package_file_path], "entitlements.plist")

    # Notarize
    worker_config = builder.get_worker_config()
--- a/buildbot/worker/blender/sign.py
+++ b/buildbot/worker/blender/sign.py
@ -32,14 +32,16 @@ def sign_windows_files(
        worker.utils.warning("Performing dry run on LOCAL service environment")
        dry_run = True

-    cmd: worker.utils.CmdSequence = [
+    cmd_args = [
        sys.executable,
        "C:\\tools\\codesign.py",
        "--server-url",
        worker.utils.HiddenArgument(server_url),
    ]
    if description:
-        cmd += ["--description", description]
+        cmd_args += ["--description", description]
+
+    cmd: worker.utils.CmdSequence = cmd_args

    # Signing one file at a time causes a stampede on servers, resulting in blocking.
    # Instead sign in chunks of multiple files.
@ -93,9 +95,12 @@ def sign_windows(service_env_id: str, install_path: pathlib.Path) -> None:


 def sign_darwin_files(
-    builder: worker.blender.CodeBuilder, file_paths: Sequence[pathlib.Path]
+    builder: worker.blender.CodeBuilder,
+    file_paths: Sequence[pathlib.Path],
+    entitlements_file_name: str
 ) -> None:
-    entitlements_path = builder.code_path / "release" / "darwin" / "entitlements.plist"
+    entitlements_path = builder.code_path / "release" / "darwin" / entitlements_file_name
+
    if not entitlements_path.exists():
        raise Exception(f"File {entitlements_path} not found, aborting")

@ -155,17 +160,14 @@ def sign_darwin(builder: worker.blender.CodeBuilder) -> None:
    # Executables
    sign_path = bundle_path / "Contents" / "MacOS"
    worker.utils.info(f"Collecting files to process in {sign_path}")
-    sign_darwin_files(builder, list(sign_path.rglob("*")))
+    sign_darwin_files(builder, list(sign_path.rglob("*")), "entitlements.plist")

-    # App extensions in plugins.
-    plugins_path = bundle_path / "Contents" / "PlugIns"
-    if plugins_path.exists():
-        for appex_path in plugins_path.iterdir():
-            if not appex_path.is_dir():
-                continue
-            sign_path = appex_path / "Contents" / "MacOS"
-            worker.utils.info(f"Collecting files to process in {sign_path}")
-            sign_darwin_files(builder, list(sign_path.rglob("*")))
+    # Thumbnailer app extension.
+    thumbnailer_appex_path = bundle_path / "Contents" / "PlugIns" / "blender-thumbnailer.appex"
+    if thumbnailer_appex_path.exists():
+        sign_path = thumbnailer_appex_path / "Contents" / "MacOS"
+        worker.utils.info(f"Collecting files to process in {sign_path}")
+        sign_darwin_files(builder, list(sign_path.rglob("*")), "thumbnailer_entitlements.plist")

    # Shared librarys and Python
    sign_path = bundle_path / "Contents" / "Resources"
@ -175,11 +177,11 @@ def sign_darwin(builder: worker.blender.CodeBuilder) -> None:
        | set(sign_path.rglob("*.so"))
        | set(sign_path.rglob("python3.*"))
    )
-    sign_darwin_files(builder, file_paths)
+    sign_darwin_files(builder, file_paths, "entitlements.plist")

    # Bundle
    worker.utils.info(f"Signing app bundle {bundle_path}")
-    sign_darwin_files(builder, [bundle_path])
+    sign_darwin_files(builder, [bundle_path], "entitlements.plist")


 def sign(builder: worker.blender.CodeBuilder) -> None: