Welcome to mirror list, hosted at ThFree Co, Russian Federation.

README.md « buildbot « build_files - git.blender.org/blender.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/build_files/buildbot/README.md
blob: cf129f83b395e9798993837d726ec913f8e4e5b0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

Blender Buildbot
================

Code signing
------------

Code signing is done as part of INSTALL target, which makes it possible to sign
files which are aimed into a bundle and coming from a non-signed source (such as
libraries SVN).

This is achieved by specifying `slave_codesign.cmake` as a post-install script
run by CMake. This CMake script simply involves an utility script written in
Python which takes care of an actual signing.

### Configuration

Client configuration doesn't need anything special, other than variable
`SHARED_STORAGE_DIR` pointing to a location which is watched by a server.
This is done in `config_builder.py` file and is stored in Git (which makes it
possible to have almost zero-configuration buildbot machines).

Server configuration requires copying `config_server_template.py` under the
name of `config_server.py` and tweaking values, which are platform-specific.

#### Windows configuration

There are two things which are needed on Windows in order to have code signing
to work:

- `TIMESTAMP_AUTHORITY_URL` which is most likely set http://timestamp.digicert.com
- `CERTIFICATE_FILEPATH` which is a full file path to a PKCS #12 key (.pfx).

## Tips

### Self-signed certificate on Windows

It is easiest to test configuration using self-signed certificate.

The certificate manipulation utilities are coming with Windows SDK.
Unfortunately, they are not added to PATH. Here is an example of how to make
sure they are easily available:

```
set PATH=C:\Program Files (x86)\Windows Kits\10\App Certification Kit;%PATH%
set PATH=C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64;%PATH%
```

Generate CA:

```
makecert -r -pe -n "CN=Blender Test CA" -ss CA -sr CurrentUser -a sha256 ^
         -cy authority -sky signature -sv BlenderTestCA.pvk BlenderTestCA.cer
```

Import the generated CA:

```
certutil -user -addstore Root BlenderTestCA.cer
```

Create self-signed certificate and pack it into PKCS #12:

```
makecert -pe -n "CN=Blender Test SPC" -a sha256 -cy end ^
         -sky signature ^
         -ic BlenderTestCA.cer -iv BlenderTestCA.pvk ^
         -sv BlenderTestSPC.pvk BlenderTestSPC.cer

pvk2pfx -pvk BlenderTestSPC.pvk -spc BlenderTestSPC.cer -pfx BlenderTestSPC.pfx
```
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 01:19:29 +0300