-
Notifications
You must be signed in to change notification settings - Fork 165
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: add macos release builder setup notes
Closes: #2199
- Loading branch information
Showing
1 changed file
with
43 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,3 +16,46 @@ certbot --nginx run -d iojs.org -m [email protected] --agree-tos --no-redirect | |
| certbot --nginx run -d www.iojs.org -m [email protected] --agree-tos --no-redirect | ||
| certbot --nginx run -d roadmap.iojs.org -m [email protected] --agree-tos --no-redirect | ||
| ``` | ||
|
|
||
| ## macOS release servers | ||
|
|
||
| Previous notes: [#1393](https://github.com/nodejs/build/issues/1393) | ||
|
|
||
| ### Full Xcode | ||
|
|
||
| Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually. | ||
|
|
||
| As root: | ||
|
|
||
| * Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF) | ||
| * Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp` | ||
| * Extract: `xip --extract xcode.xip` | ||
| * Move `Xcode.app` directory to `/Applications` | ||
| * `xcode-select --switch /Applications/Xcode.app` | ||
| * `xcode-select -r` - accept license | ||
|
|
||
| ### Signing certificates | ||
|
|
||
| * Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12` | ||
| * Transfer to release machine (scp to /tmp) | ||
| * `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command). | ||
|
|
||
| ### SSH | ||
|
|
||
| (This step is identical for all release machines.) | ||
|
|
||
| As iojs: | ||
|
|
||
| * `mkdir .ssh` | ||
| * Add `.ssh/config`: | ||
|
|
||
| ``` | ||
| Host node-www | ||
| HostName direct.nodejs.org | ||
| User staging | ||
| IdentityFile ~/.ssh/id_rsa | ||
| ``` | ||
|
|
||
| * Add `.ssh/id_rsa` with release SSH key. | ||
| * `chown 700 .ssh && chmod 600 .ssh/*` | ||
| * `ssh node-www` to set up known_hosts entry and check that it works | ||