SERVER-64332 added macos binary signing to push task

(cherry picked from commit 8aee4d35ca04dce4d045dc366fc47bfd0d4c4a5e)

2 files changed, 14 insertions, 0 deletions

diff --git a/evergreen/functions/notary_client_credentials_setup.sh b/evergreen/functions/notary_client_credentials_setup.sh
index 71c08335d73..da4c929dc0a 100755
--- a/evergreen/functions/notary_client_credentials_setup.sh
+++ b/evergreen/functions/notary_client_credentials_setup.sh
@@ -9,6 +9,7 @@ cat << EOF > notary_env.sh
 export NOTARY_TOKEN=${signing_auth_token_50}
 export BARQUE_USERNAME=${barque_user}
 export BARQUE_API_KEY=${barque_api_key}
+export MACOS_NOTARY_TOKEN=${macos_notarization_secret}
 EOF
 
 echo "${signing_auth_token_50}" > signing_auth_token
diff --git a/evergreen/notary_client_run.sh b/evergreen/notary_client_run.sh
index 2ffd3ffeee3..90fb3366370 100644
--- a/evergreen/notary_client_run.sh
+++ b/evergreen/notary_client_run.sh
@@ -13,6 +13,19 @@ if [ "$long_ext" == "tgz" ]; then
   long_ext="tar.gz"
 fi
 
+if [[ "${push_name}" == "macos"* ]]; then
+  curl https://macos-notary-1628249594.s3.amazonaws.com/releases/client/v3.3.0/linux_amd64.zip -o linux_amd64.zip
+  unzip linux_amd64.zip
+  chmod +x ./linux_amd64/macnotary
+  bins=("mongo-binaries.tgz" "mongo-shell.tgz" "mongo-cryptd.tgz" "mh.tgz")
+  for archive in ${bins[@]}; do
+    TEMP_ARCHIVE="$(mktemp -p $PWD)"
+    mv "$archive" "$TEMP_ARCHIVE"
+    ./linux_amd64/macnotary -f "$TEMP_ARCHIVE" -m notarizeAndSign -u https://dev.macos-notary.build.10gen.cc/api -k server -s ${MACOS_NOTARY_TOKEN} -b server.mongodb.com -o "$archive"
+    rm -f "$TEMP_ARCHIVE"
+  done
+fi
+
 mv mongo-binaries.tgz mongodb-${push_name}-${push_arch}-${suffix}.${ext}
 mv mongo-shell.tgz mongodb-shell-${push_name}-${push_arch}-${suffix}.${ext}
 mv mongo-cryptd.tgz mongodb-cryptd-${push_name}-${push_arch}-${suffix}.${ext} || true