LuckyWorld/scripts/sign_all.sh

#!/bin/bash

# Parametreleri al
SIGNING_IDENTITY="$1"
APP_PATH="$2" 
ENTITLEMENTS_PATH="$3"
CRASH_ENTITLEMENTS_PATH="$4"

# Sertifika hash'ini ayıkla (varsa)
CERT_HASH=$(echo "$SIGNING_IDENTITY" | grep -o '[0-9A-F]\{40\}')
if [ -n "$CERT_HASH" ]; then
  echo "📝 Using certificate hash: $CERT_HASH"
  SIGNING_ID="$CERT_HASH"
else
  echo "📝 Using certificate identity: $SIGNING_IDENTITY"
  SIGNING_ID="$SIGNING_IDENTITY"
fi

echo "📝 Comprehensive signing starting..."
echo "App Path: $APP_PATH"
echo "Signing Identity: $SIGNING_ID"
echo "Entitlements: $ENTITLEMENTS_PATH"
echo "CrashReporter Entitlements: $CRASH_ENTITLEMENTS_PATH"

# Step 1: Tüm dylib dosyalarını imzala (küçük gruplar halinde)
echo "🔍 Signing all dylib files..."
find "$APP_PATH" -name "*.dylib" | while read -r dylib; do
  echo "Signing: $dylib"
  codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$dylib" || echo "⚠️ Failed to sign: $dylib"
done

# Step 2: Tüm .so dosyalarını imzala
echo "🔍 Signing all .so files..."
find "$APP_PATH" -name "*.so" | while read -r so; do
  echo "Signing: $so"
  codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$so" || echo "⚠️ Failed to sign: $so"
done

# Step 3: Tüm yürütülebilir dosyaları imzala
echo "🔍 Signing all executable files..."
find "$APP_PATH" -type f -perm +111 -not -path "*.framework/*" -not -name "*.dylib" -not -name "*.so" | while read -r exe; do
  echo "Signing: $exe"
  codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$exe" || echo "⚠️ Failed to sign: $exe"
done

# Step 4: Tüm framework'leri imzala
echo "🔍 Signing all frameworks..."
find "$APP_PATH" -path "*.framework" -type d | while read -r framework; do
  echo "Signing framework: $framework"
  codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$framework" || echo "⚠️ Failed to sign: $framework"
done

# Step 5: CrashReportClient'ı özel olarak imzala
echo "🔍 Looking for CrashReportClient.app..."
CRASH_REPORTER_PATHS=$(find "$APP_PATH" -path "*CrashReportClient.app" -type d)
if [ -n "$CRASH_REPORTER_PATHS" ]; then
  echo "✅ Found CrashReportClient apps:"
  echo "$CRASH_REPORTER_PATHS"
  
  for CRASH_REPORTER in $CRASH_REPORTER_PATHS; do
    echo "🔐 Special signing for CrashReportClient: $CRASH_REPORTER"
    
    # CrashReporter içindeki executable'ları imzala
    find "$CRASH_REPORTER" -type f -perm +111 | while read -r crash_exe; do
      echo "Signing CrashReporter binary: $crash_exe"
      codesign --force --options runtime --timestamp --entitlements "$CRASH_ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$crash_exe" || echo "⚠️ Failed to sign: $crash_exe"
    done
    
    # CrashReporter bundle'ı imzala
    echo "Signing CrashReporter bundle: $CRASH_REPORTER"
    codesign --force --deep --options runtime --timestamp --entitlements "$CRASH_ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$CRASH_REPORTER" || echo "⚠️ Failed to sign CrashReportClient bundle"
    
    # İmzayı doğrula
    echo "Verifying CrashReportClient signature..."
    codesign -vvv "$CRASH_REPORTER" || echo "⚠️ CrashReporter signature verification failed"
  done
else
  echo "⚠️ No CrashReportClient.app found in $APP_PATH"
fi

# Step 6: Boost kütüphaneleri özellikle imzala
echo "🔍 Looking for Boost libraries..."
BOOST_LIBS=$(find "$APP_PATH" -path "*/UE/LuckyWorld/Binaries/Mac/*.dylib")
if [ -n "$BOOST_LIBS" ]; then
  echo "✅ Found Boost libs, specifically signing them..."
  for lib in $BOOST_LIBS; do
    echo "Signing boost lib: $lib"
    codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$lib" || echo "⚠️ Failed to sign: $lib"
  done
else
  echo "⚠️ No Boost libraries found"
fi

# Step 7: Engine ThirdParty kütüphanelerini imzala
echo "🔍 Looking for Engine ThirdParty libraries..."
THIRD_PARTY_PATHS=$(find "$APP_PATH" -path "*/Engine/Binaries/ThirdParty" -type d)
if [ -n "$THIRD_PARTY_PATHS" ]; then
  echo "✅ Found ThirdParty directories:"
  echo "$THIRD_PARTY_PATHS"
  
  for THIRD_PARTY in $THIRD_PARTY_PATHS; do
    echo "Processing ThirdParty directory: $THIRD_PARTY"
    find "$THIRD_PARTY" -name "*.dylib" | while read -r engine_lib; do
      echo "Signing ThirdParty lib: $engine_lib"
      codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$engine_lib" || echo "⚠️ Failed to sign: $engine_lib"
    done
  done
else
  echo "⚠️ No ThirdParty directories found"
fi

# Step 8: Plugin kütüphanelerini imzala
echo "🔍 Looking for Plugin libraries..."
PLUGIN_PATHS=$(find "$APP_PATH" -path "*/Engine/Plugins" -type d)
if [ -n "$PLUGIN_PATHS" ]; then
  echo "✅ Found Plugin directories:"
  echo "$PLUGIN_PATHS"
  
  for PLUGIN_PATH in $PLUGIN_PATHS; do
    echo "Processing Plugin directory: $PLUGIN_PATH"
    find "$PLUGIN_PATH" -name "*.dylib" | while read -r plugin_lib; do
      echo "Signing Plugin lib: $plugin_lib"
      codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$plugin_lib" || echo "⚠️ Failed to sign: $plugin_lib"
    done
  done
else
  echo "⚠️ No Plugin directories found"
fi

# Step 9: Diğer nested app bundles imzala
echo "🔍 Signing nested app bundles..."
find "$APP_PATH" -path "*.app" -type d | grep -v CrashReportClient | while read -r nested_app; do
  if [ "$nested_app" != "$APP_PATH" ]; then
    echo "Signing nested app: $nested_app"
    codesign --force --deep --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$nested_app" || echo "⚠️ Failed to sign: $nested_app"
  fi
done

# Step 10: Ana uygulamayı imzala
echo "🔐 Final signing of the main app bundle..."
codesign --force --deep --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$APP_PATH" || { echo "❌ ERROR: Main app signing failed"; exit 1; }

# İmzalamayı doğrula
echo "🔍 Verifying main app signature..."
codesign -dvv "$APP_PATH" || { echo "❌ ERROR: Main app signature verification failed"; exit 1; }

echo "✅ Comprehensive signing completed successfully"
exit 0