From ab38ae8f24ff1bd89ce8f7bb05589e07fc5ce609 Mon Sep 17 00:00:00 2001 From: Rafael Kitover Date: Sat, 14 Sep 2024 08:37:36 +0000 Subject: [PATCH] doc: add keychain/notarization for Mac in dev man Add information on unlocking the keychain for codesigning and setting up credentials for notarization to the macOS binary section in the release process section of the developer manual. Signed-off-by: Rafael Kitover --- DEVELOPER-MANUAL.md | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/DEVELOPER-MANUAL.md b/DEVELOPER-MANUAL.md index b0bbb539..530ccb50 100644 --- a/DEVELOPER-MANUAL.md +++ b/DEVELOPER-MANUAL.md @@ -326,10 +326,29 @@ certificate of the type 'Developer ID Application' stored in your login keychain. If you are not using a GUI session, you will need to use a method to unlock your -login keychain before building. Adding the certificate and key to the System -keychain is also a method that some people use. +login keychain before building so that your codesigning certificate can be used. +Adding the certificate and key to the System keychain is also a method that some +people use. -Then run: +To unlock your keychain on login, you can add something like this to your +`~/.zshrc`: + +```bash +security unlock-keychain -p "$(cat ~/.login-keychain-password)" login.keychain +``` +, with your login password in that file. + +For notarization to work, you will need to create an app-specific password on +https://appleid.apple.com , get your Team ID from your Apple Developer account, +and store them with this command: + +```bash +xcrun notarytool store-credentials AC_PASSWORD \ + --apple-id you@domain.com \ + --team-id \ + --password +``` +. Once all of this is set up, run: ```bash tools/osx/builder