Index: /issm/trunk-jpl/packagers/mac/commit_for_signing-issm-mac-binaries-matlab.sh
===================================================================
--- /issm/trunk-jpl/packagers/mac/commit_for_signing-issm-mac-binaries-matlab.sh	(revision 25886)
+++ /issm/trunk-jpl/packagers/mac/commit_for_signing-issm-mac-binaries-matlab.sh	(revision 25886)
@@ -0,0 +1,216 @@
+#!/bin/bash
+
+################################################################################
+# Commits ISSM distributable package for macOS with MATLAB API to repository 
+# for signing. This repository is polled by a project running on a JPL 
+# Cybersecurity Jenkins server and performs the actual signing and 
+# notarization.
+#
+# Options:
+# -r/--resign			Skip ISSM compilation and packaging. Use to retrigger 
+#						signing/notarization if it fails but build and package 
+#						are valid.
+# -u/--unlock			Remove lock file from signed package repository. Use if 
+#						build is aborted to allow for subsequent fresh build.
+#
+# NOTE:
+# - Assumes that the following constants are defined,
+#
+#		COMPRESSED_PKG
+#		ISSM_BINARIES_REPO_PASS
+#		ISSM_BINARIES_REPO_USER
+#		SIGNED_REPO_COPY
+#		SIGNED_REPO_URL
+#
+# See also:
+# - packagers/mac/complete-issm-mac-binaries-matlab.sh
+# - packagers/mac/sign-issm-mac-binaries-matlab.sh
+################################################################################
+
+# Expand aliases within the context of this script
+shopt -s expand_aliases
+
+# From https://developer.apple.com/documentation/macos-release-notes/macos-catalina-10_15-release-notes,
+#
+#	Command line tool support for Subversion — including svn, git-svn, and 
+#	related commands — is no longer provided by Xcode. (50266910)
+#
+# which results in,
+#
+#	svn: error: The subversion command line tools are no longer provided by 
+#	Xcode.
+#
+# when calling svn, even when subversion is installed via Homebrew and its path 
+# is available in PATH.
+#
+# NOTE: May be able to remove this after updating macOS.
+#
+alias svn='/usr/local/bin/svn'
+
+## Override certain other aliases
+#
+alias cp=$(which cp)
+alias grep=$(which grep)
+
+## Constants
+#
+MAX_SIGNING_CHECK_ATTEMPTS=30
+NOTARIZATION_LOGFILE="notarization.log"
+RETRIGGER_SIGNING_FILE="retrigger.txt"
+SIGNING_CHECK_PERIOD=60 # in seconds
+SIGNING_LOCK_FILE="signing.lock"
+UNSIGNED_REPO_COPY="./unsigned"
+UNSIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/unsigned"
+
+## Functions
+#
+checkout_signed_repo_copy(){
+	echo "Checking out copy of repository for signed packages"
+
+	# NOTE: Get empty copy because we do not want to have to check out package 
+	#		from previous signing.
+	#
+	svn checkout \
+		--trust-server-cert \
+		--non-interactive \
+		--depth empty \
+		--username ${ISSM_BINARIES_REPO_USER} \
+		--password ${ISSM_BINARIES_REPO_PASS} \
+		${SIGNED_REPO_URL} \
+		${SIGNED_REPO_COPY} > /dev/null 2>&1
+}
+checkout_unsigned_repo_copy(){
+	echo "Checking out copy of repository for unsigned packages"
+	svn checkout \
+		--trust-server-cert \
+		--non-interactive \
+		--username ${ISSM_BINARIES_REPO_USER} \
+		--password ${ISSM_BINARIES_REPO_PASS} \
+		${UNSIGNED_REPO_URL} \
+		${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+}
+validate_signed_repo_copy(){
+	# Validate copy of repository for signed binaries (e.g. 
+	# 'Check-out Strategy' was set to 'Use 'svn update' as much as possible'; 
+	# initial checkout failed)
+	if [[ ! -d ${SIGNED_REPO_COPY} || ! -d ${SIGNED_REPO_COPY}/.svn ]]; then
+		rm -rf ${SIGNED_REPO_COPY}
+		checkout_signed_repo_copy
+	fi
+}
+
+## Parse options
+#
+if [ $# -gt 1 ]; then
+	echo "Can use only one option at a time"
+	exit 1
+fi
+
+retrigger_signing=0
+unlock=0
+
+if [ $# -eq 1 ]; then
+	case $1 in
+		-r|--resign)	retrigger_signing=1;	;;
+		-u|--unlock)	unlock=1;				;;
+		*) echo "Unknown parameter passed: $1"; exit 1	;;
+	esac
+fi
+
+validate_signed_repo_copy
+
+if [ ${unlock} -eq 1 ]; then
+	# Remove signing lock file from signed package repository so that a new 
+	# build can run
+	echo "Removing lock file from repository for signed packages"
+	svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+	svn delete ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+	svn commit \
+		--trust-server-cert \
+		--non-interactive \
+		--username ${ISSM_BINARIES_REPO_USER} \
+		--password ${ISSM_BINARIES_REPO_PASS} \
+		--message "DEL: Removing lock file after failed build" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+	svn cleanup ${SIGNED_REPO_COPY} > /dev/null 2>&1
+
+	echo "Remove -u/--unlock option from configuration and run again"
+	exit 1
+fi
+
+# If lock file exists, a signing build is still in process by JPL Cybersecurity
+svn up ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
+if [ -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
+	echo "Previous signing job still in process by JPL Cybersecurity. Please try again later."
+	exit 1
+fi
+
+# Commit lock file to repository for signed packages
+echo "Committing lock file to repository for signed packages"
+touch ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE}
+svn add ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} > /dev/null 2>&1
+svn commit \
+	--trust-server-cert \
+	--non-interactive \
+	--username ${ISSM_BINARIES_REPO_USER} \
+	--password ${ISSM_BINARIES_REPO_PASS} \
+	--message "ADD: New lock file" ${SIGNED_REPO_COPY} > /dev/null 2>&1
+
+# Check out copy of repository for unsigned packages
+checkout_unsigned_repo_copy
+
+if [ ${retrigger_signing} -eq 0 ]; then
+	# Commit new compressed package to repository for unsigned binaries
+	echo "Committing package to repository for unsigned packages"
+	cp ${COMPRESSED_PKG} ${UNSIGNED_REPO_COPY}
+	svn add ${UNSIGNED_REPO_COPY}/${COMPRESSED_PKG} > /dev/null 2>&1
+	svn commit \
+		--trust-server-cert \
+		--non-interactive \
+		--username ${ISSM_BINARIES_REPO_USER} \
+		--password ${ISSM_BINARIES_REPO_PASS} \
+		--message "CHG: New unsigned package" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+else
+	# NOTE: If notarize_only == 1, we commit a dummy file as we do not want to 
+	#		have to commit the entire compressed package again simply to 
+	#		retrigger the signing build on the remote JPL Cybersecurity Jenkins 
+	#		server.
+	#
+	echo "Attempting to sign existing package again"
+	echo $(date +'%Y-%m-%d-%H-%M-%S') > ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} # Write datetime stamp to file to ensure modification is made
+	svn add ${UNSIGNED_REPO_COPY}/${RETRIGGER_SIGNING_FILE} > /dev/null 2>&1
+	svn commit \
+		--trust-server-cert \
+		--non-interactive \
+		--username ${ISSM_BINARIES_REPO_USER} \
+		--password ${ISSM_BINARIES_REPO_PASS} \
+		--message "ADD: Retriggering signing with same package (previous attempt failed)" ${UNSIGNED_REPO_COPY} > /dev/null 2>&1
+fi
+
+# Check status of signing
+echo "Checking progress of signing..."
+SIGNING_CHECK_ATTEMPT=0
+while [ ${SIGNING_CHECK_ATTEMPT} -lt ${MAX_SIGNING_CHECK_ATTEMPTS} ]; do
+	echo "...in progress still; checking again in ${SIGNING_CHECK_PERIOD} seconds"
+	sleep ${SIGNING_CHECK_PERIOD}
+	svn up ${SIGNED_REPO_COPY}
+
+	if [ ! -f ${SIGNED_REPO_COPY}/${SIGNING_LOCK_FILE} ]; then
+		# Retrieve notarization lock file
+		svn up ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE}
+
+		# Check status
+		STATUS=$(grep 'Status:' ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE} | sed -e 's/[[:space:]]*Status: //')
+		if [[ "${STATUS}" == "success" ]]; then
+			echo "Notarization successful!"
+		else
+			echo "Notarization failed!"
+			echo "----------------------- Contents of notarization logfile -----------------------"
+			cat ${SIGNED_REPO_COPY}/${NOTARIZATION_LOGFILE}
+			echo "--------------------------------------------------------------------------------"
+
+			exit 1
+		fi
+	else
+		((++SIGNING_CHECK_ATTEMPT))
+	fi
+done
Index: /issm/trunk-jpl/packagers/mac/complete-issm-mac-binaries-matlab.sh
===================================================================
--- /issm/trunk-jpl/packagers/mac/complete-issm-mac-binaries-matlab.sh	(revision 25886)
+++ /issm/trunk-jpl/packagers/mac/complete-issm-mac-binaries-matlab.sh	(revision 25886)
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+################################################################################
+# Wrapper script to build, package, send for signing, and transfer to ISSM Web 
+# site ISSM distributable package for macOS with MATLAB API.
+#
+# Normally, we would put this directly into the project configuration under 
+# 'Build' -> 'Excute shell', but becasue it is a bit more involved, it is a 
+# good idea to version it.
+#
+# When no failures/errors occur, performs the following:
+# - Builds ISSM according to configuration.
+# - Packages and compresses executables and libraries.
+# - Runs test suite against package.
+# - Commits compressed package to repository to be signed by JPL Cybersecurity.
+# - Retrieves signed package and transmits it to ISSM Web site for 
+#	distribution.
+#
+# Options:
+# -b/--skipbuild		Skip ISSM compilation.
+# -r/--resign			Skip ISSM compilation and packaging. Use to retrigger 
+#						signing/notarization if it fails but build and package 
+#						are valid.
+# -s/--skiptests		Skip ISSM compilation and testing during packaging 
+#						step. Use if 
+# -t/--transferonly		Transfer package to ISSM Web site only. Use if transfer 
+#						fails for some reason to skip building, packaging, and 
+#						signing.
+# -u/--unlock			Remove lock file from signed package repository. Use if 
+#						build is aborted to allow for subsequent fresh build.
+#
+# Debugging:
+# - Relies on a very tight handshake with project on remote JPL Cybersecurity 
+#	Jenkins server. Debugging may be perfomed locally by running,
+#
+#		packagers/mac/sign-issm-mac-binaries-matlab.sh
+#
+#	with "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" hardcoded to Apple 
+#	Developer credentials.
+# - Removing stdout/stderr redirections to null device (> /dev/null 2>&1) can 
+#	help debug potential SVN issues.
+#
+# NOTE:
+# - Use only *one* of the above options at a time, and make sure it is removed 
+#	again after a single run.
+# - Builds will fail when any of the above options are used on a clean 
+#	workspace. For example, if 'Source Code Management' -> 'Check-out Strategy' 
+#	select menu is set to "Always check out a fresh copy".
+# - Assumes that "ISSM_BINARIES_USER" and "ISSM_BINARIES_PASS" are set up in 
+#	the 'Bindings' section under a 'Username and password (separated)' binding 
+#	(requires 'Credentials Binding Plugin') with 'Credentials' select menu set 
+#	to "jenkins/****** (SVN repository for ISSM binaries)".
+################################################################################
+
+## Constants
+#
+PKG="ISSM-macOS-MATLAB" # Name of directory to copy distributable files to
+SIGNED_REPO_COPY="./signed"
+SIGNED_REPO_URL="https://issm.ess.uci.edu/svn/issm-binaries/mac/matlab/signed"
+
+COMPRESSED_PKG="${PKG}.zip"
+
+## Environment
+#
+export COMPRESSED_PKG
+export ISSM_BINARIES_REPO_PASS
+export ISSM_BINARIES_REPO_USER
+export PKG
+export SIGNED_REPO_COPY
+export SIGNED_REPO_URL
+
+## Parse options
+#
+if [ $# -gt 1 ]; then
+	echo "Can only use one option at a time"
+	exit 1
+fi
+
+# NOTE: We could do this with binary switching (i.e. 0011 to sign and transfer, 
+#		but the following is self-documenting).
+#
+build=1
+package=1
+sign=1
+transfer=1
+
+if [ $# -eq 1 ]; then
+	case $1 in
+		-b|--skipbuild)		build=0;							shift	;;
+		-r|--resign)		build=0;	package=0;						;;
+		-s|--skiptests)		build=0;									;;
+		-t|--transferonly)	build=0;	package=0;	sign=0;				;;
+		-u|--unlock)		build=0;	package=0;	transfer=0;			;;
+		*) echo "Unknown parameter passed: $1"; exit 1 					;;
+	esac
+fi
+
+# Build
+if [ ${build} -eq 1 ]; then
+	./jenkins/jenkins.sh ./jenkins/pine_island-mac-binaries-matlab
+fi
+
+# Package
+if [ ${package} -eq 1 ]; then
+	./packagers/mac/package-issm-mac-binaries-matlab.sh $1
+	shift # Clear $1 so that it is not passed to commit_for_signing script
+fi
+
+# Commit for signing
+if [ ${sign} -eq 1 ]; then
+	./packagers/mac/commit_for_signing-issm-mac-binaries-matlab.sh $1
+fi
+
+# Transfer distributable package to ISSM Web site
+if [ ${transfer} -eq 1 ]; then
+	./packagers/mac/transfer-issm-mac-binaries-matlab.sh
+fi
+
Index: /issm/trunk-jpl/packagers/mac/transfer-issm-mac-binaries-matlab.sh
===================================================================
--- /issm/trunk-jpl/packagers/mac/transfer-issm-mac-binaries-matlab.sh	(revision 25886)
+++ /issm/trunk-jpl/packagers/mac/transfer-issm-mac-binaries-matlab.sh	(revision 25886)
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+################################################################################
+# Transfers ISSM distributable package for macOS with MATLAB API to ISSM Web 
+# site.
+#
+# NOTE:
+# - Assumes that the following constants are defined,
+#
+#		COMPRESSED_PKG
+#		ISSM_BINARIES_REPO_PASS
+#		ISSM_BINARIES_REPO_USER
+#		SIGNED_REPO_COPY
+#		SIGNED_REPO_URL
+#
+# See also:
+# - packagers/mac/complete-issm-mac-binaries-matlab.sh
+################################################################################
+
+# Expand aliases within the context of this script
+shopt -s expand_aliases
+
+# From https://developer.apple.com/documentation/macos-release-notes/macos-catalina-10_15-release-notes,
+#
+#	Command line tool support for Subversion — including svn, git-svn, and 
+#	related commands — is no longer provided by Xcode. (50266910)
+#
+# which results in,
+#
+#	svn: error: The subversion command line tools are no longer provided by 
+#	Xcode.
+#
+# when calling svn, even when subversion is installed via Homebrew and its path 
+# is available in PATH.
+#
+# NOTE: May be able to remove this after updating macOS.
+#
+alias svn='/usr/local/bin/svn'
+
+## Override certain other aliases
+#
+alias cp=$(which cp)
+alias grep=$(which grep)
+
+## Functions
+#
+checkout_signed_repo_copy(){
+	echo "Checking out copy of repository for signed packages"
+
+	# NOTE: Get empty copy because we do not want to have to check out package 
+	#		from previous signing.
+	#
+	svn checkout \
+		--trust-server-cert \
+		--non-interactive \
+		--depth empty \
+		--username ${ISSM_BINARIES_REPO_USER} \
+		--password ${ISSM_BINARIES_REPO_PASS} \
+		${SIGNED_REPO_URL} \
+		${SIGNED_REPO_COPY} > /dev/null 2>&1
+}
+validate_signed_repo_copy(){
+	# Validate copy of repository for signed binaries (e.g. 
+	# 'Check-out Strategy' was set to 'Use 'svn update' as much as possible'; 
+	# initial checkout failed)
+	if [[ ! -d ${SIGNED_REPO_COPY} || ! -d ${SIGNED_REPO_COPY}/.svn ]]; then
+		rm -rf ${SIGNED_REPO_COPY}
+		checkout_signed_repo_copy
+	fi
+}
+
+# Check if working copy of repository for signed packages is missing
+validate_signed_repo_copy
+
+# Retrieve signed and notarized package
+svn up ${SIGNED_REPO_COPY}/${COMPRESSED_PKG}
+
+# Transfer signed package to ISSM Web site
+echo "Transferring signed package to ISSM Web site"
+scp -i ~/.ssh/pine_island_to_ross ${SIGNED_REPO_COPY}/${COMPRESSED_PKG} jenkins@ross.ics.uci.edu:/var/www/html/${COMPRESSED_PKG}
+
+if [ $? -ne 0 ]; then
+	echo "Transfer failed! Verify connection then build this project again (with -t/--transferonly option to skip building, packaging, and signing)."
+	exit 1
+fi
