Skip to content

Commit d9264a9

Browse files
rvaggrvagg
committed
doc: add macos release builder setup notes
Closes: #2199
1 parent dd60fbe commit d9264a9

File tree

1 file changed

+43
-0
lines changed

1 file changed

+43
-0
lines changed

doc/non-ansible-configuration-notes.md

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,46 @@ certbot --nginx run -d iojs.org -m [email protected] --agree-tos --no-redirect
1616
certbot --nginx run -d www.iojs.org -m [email protected] --agree-tos --no-redirect
1717
certbot --nginx run -d roadmap.iojs.org -m [email protected] --agree-tos --no-redirect
1818
```
19+
20+
## macOS release servers
21+
22+
Previous notes: [#1393](https://github.com/nodejs/build/issues/1393)
23+
24+
### Full Xcode
25+
26+
Xcode Command-line tools are not enough to perform a full notarization cycle, full Xcode must be installed manually.
27+
28+
As root:
29+
30+
* Download Xcode: https://developer.apple.com/download/more/ - find non-beta version, open Developer Tools in browser, Networking tab, start download (then cancel), in Networking tab "Copy as cURL" (available in Chrome & FF)
31+
* Download onto release machine using the copied curl command (may need `-o xcode.xip` appended to curl command) to `/tmp`
32+
* Extract: `xip --extract xcode.xip`
33+
* Move `Xcode.app` directory to `/Applications`
34+
* `xcode-select --switch /Applications/Xcode.app`
35+
* `xcode-select -r` - accept license
36+
37+
### Signing certificates
38+
39+
* Extract from secrets/build/release: `dotgpg cat Apple\ Developer\ ID\ Node.js\ Foundation.p12.base64 | base64 -d > /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12`
40+
* Transfer to release machine (scp to /tmp)
41+
* `sudo security import /tmp/Apple\ Developer\ ID\ Node.js\ Foundation.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign -T /usr/bin/productsign -P 'XXXX'` (where XXXX is found in secrets/build/release/apple.md) (`security unlock-keychain -u /Library/Keychains/System.keychain` _may_ be required prior to running this command).
42+
43+
### SSH
44+
45+
(This step is identical for all release machines.)
46+
47+
As iojs:
48+
49+
* `mkdir .ssh`
50+
* Add `.ssh/config`:
51+
52+
```
53+
Host node-www
54+
HostName direct.nodejs.org
55+
User staging
56+
IdentityFile ~/.ssh/id_rsa
57+
```
58+
59+
* Add `.ssh/id_rsa` with release SSH key.
60+
* `chown 700 .ssh && chmod 600 .ssh/*`
61+
* `ssh node-www` to set up known_hosts entry and check that it works

0 commit comments

Comments
 (0)