#!/bin/bash # Parametreleri al SIGNING_IDENTITY="$1" APP_PATH="$2" ENTITLEMENTS_PATH="$3" CRASH_ENTITLEMENTS_PATH="$4" # Sertifika hash'ini ayıkla (varsa) CERT_HASH=$(echo "$SIGNING_IDENTITY" | grep -o '[0-9A-F]\{40\}') if [ -n "$CERT_HASH" ]; then echo "📝 Using certificate hash: $CERT_HASH" SIGNING_ID="$CERT_HASH" else echo "📝 Using certificate identity: $SIGNING_IDENTITY" SIGNING_ID="$SIGNING_IDENTITY" fi echo "📝 Comprehensive signing starting..." echo "App Path: $APP_PATH" echo "Signing Identity: $SIGNING_ID" echo "Entitlements: $ENTITLEMENTS_PATH" echo "CrashReporter Entitlements: $CRASH_ENTITLEMENTS_PATH" # Step 1: Tüm dylib dosyalarını imzala (küçük gruplar halinde) echo "🔍 Signing all dylib files..." find "$APP_PATH" -name "*.dylib" | while read -r dylib; do echo "Signing: $dylib" codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$dylib" || echo "⚠️ Failed to sign: $dylib" done # Step 2: Tüm .so dosyalarını imzala echo "🔍 Signing all .so files..." find "$APP_PATH" -name "*.so" | while read -r so; do echo "Signing: $so" codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$so" || echo "⚠️ Failed to sign: $so" done # Step 3: Tüm yürütülebilir dosyaları imzala echo "🔍 Signing all executable files..." find "$APP_PATH" -type f -perm +111 -not -path "*.framework/*" -not -name "*.dylib" -not -name "*.so" | while read -r exe; do echo "Signing: $exe" codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$exe" || echo "⚠️ Failed to sign: $exe" done # Step 4: Tüm framework'leri imzala echo "🔍 Signing all frameworks..." find "$APP_PATH" -path "*.framework" -type d | while read -r framework; do echo "Signing framework: $framework" codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$framework" || echo "⚠️ Failed to sign: $framework" done # Step 5: CrashReportClient'ı özel olarak imzala echo "🔍 Looking for CrashReportClient.app..." CRASH_REPORTER_PATHS=$(find "$APP_PATH" -path "*CrashReportClient.app" -type d) if [ -n "$CRASH_REPORTER_PATHS" ]; then echo "✅ Found CrashReportClient apps:" echo "$CRASH_REPORTER_PATHS" for CRASH_REPORTER in $CRASH_REPORTER_PATHS; do echo "🔐 Special signing for CrashReportClient: $CRASH_REPORTER" # CrashReporter içindeki executable'ları imzala find "$CRASH_REPORTER" -type f -perm +111 | while read -r crash_exe; do echo "Signing CrashReporter binary: $crash_exe" codesign --force --options runtime --timestamp --entitlements "$CRASH_ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$crash_exe" || echo "⚠️ Failed to sign: $crash_exe" done # CrashReporter bundle'ı imzala echo "Signing CrashReporter bundle: $CRASH_REPORTER" codesign --force --deep --options runtime --timestamp --entitlements "$CRASH_ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$CRASH_REPORTER" || echo "⚠️ Failed to sign CrashReportClient bundle" # İmzayı doğrula echo "Verifying CrashReportClient signature..." codesign -vvv "$CRASH_REPORTER" || echo "⚠️ CrashReporter signature verification failed" done else echo "⚠️ No CrashReportClient.app found in $APP_PATH" fi # Step 6: Boost kütüphaneleri özellikle imzala echo "🔍 Looking for Boost libraries..." BOOST_LIBS=$(find "$APP_PATH" -path "*/UE/LuckyWorld/Binaries/Mac/*.dylib") if [ -n "$BOOST_LIBS" ]; then echo "✅ Found Boost libs, specifically signing them..." for lib in $BOOST_LIBS; do echo "Signing boost lib: $lib" codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$lib" || echo "⚠️ Failed to sign: $lib" done else echo "⚠️ No Boost libraries found" fi # Step 7: Engine ThirdParty kütüphanelerini imzala echo "🔍 Looking for Engine ThirdParty libraries..." THIRD_PARTY_PATHS=$(find "$APP_PATH" -path "*/Engine/Binaries/ThirdParty" -type d) if [ -n "$THIRD_PARTY_PATHS" ]; then echo "✅ Found ThirdParty directories:" echo "$THIRD_PARTY_PATHS" for THIRD_PARTY in $THIRD_PARTY_PATHS; do echo "Processing ThirdParty directory: $THIRD_PARTY" find "$THIRD_PARTY" -name "*.dylib" | while read -r engine_lib; do echo "Signing ThirdParty lib: $engine_lib" codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$engine_lib" || echo "⚠️ Failed to sign: $engine_lib" done done else echo "⚠️ No ThirdParty directories found" fi # Step 8: Plugin kütüphanelerini imzala echo "🔍 Looking for Plugin libraries..." PLUGIN_PATHS=$(find "$APP_PATH" -path "*/Engine/Plugins" -type d) if [ -n "$PLUGIN_PATHS" ]; then echo "✅ Found Plugin directories:" echo "$PLUGIN_PATHS" for PLUGIN_PATH in $PLUGIN_PATHS; do echo "Processing Plugin directory: $PLUGIN_PATH" find "$PLUGIN_PATH" -name "*.dylib" | while read -r plugin_lib; do echo "Signing Plugin lib: $plugin_lib" codesign --force --options runtime --timestamp --sign "$SIGNING_ID" "$plugin_lib" || echo "⚠️ Failed to sign: $plugin_lib" done done else echo "⚠️ No Plugin directories found" fi # Step 9: Diğer nested app bundles imzala echo "🔍 Signing nested app bundles..." find "$APP_PATH" -path "*.app" -type d | grep -v CrashReportClient | while read -r nested_app; do if [ "$nested_app" != "$APP_PATH" ]; then echo "Signing nested app: $nested_app" codesign --force --deep --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$nested_app" || echo "⚠️ Failed to sign: $nested_app" fi done # Step 10: Ana uygulamayı imzala echo "🔐 Final signing of the main app bundle..." codesign --force --deep --options runtime --timestamp --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_ID" "$APP_PATH" || { echo "❌ ERROR: Main app signing failed"; exit 1; } # İmzalamayı doğrula echo "🔍 Verifying main app signature..." codesign -dvv "$APP_PATH" || { echo "❌ ERROR: Main app signature verification failed"; exit 1; } echo "✅ Comprehensive signing completed successfully" exit 0