#!/bin/bash # Get the user's home directory USER_HOME="$HOME" # Set up Unreal Engine paths UE_ROOT="/Users/Shared/Epic Games/UE_5.5" UE_EDITOR="$UE_ROOT/Engine/Binaries/Mac/UnrealEditor.app/Contents/MacOS/UnrealEditor" UE_UAT="$UE_ROOT/Engine/Build/BatchFiles/RunUAT.command" # Set up project paths PROJECT_ROOT="$(pwd)" PROJECT_FILE="$PROJECT_ROOT/LuckyWorld.uproject" ARCHIVE_DIR="$PROJECT_ROOT/Builds" # Check for entitlements file if [ -f "$PROJECT_ROOT/LuckyWorld.entitlements" ]; then ENTITLEMENTS_FILE="$PROJECT_ROOT/LuckyWorld.entitlements" elif [ -f "$PROJECT_ROOT/LuckyRobots.entitlements" ]; then ENTITLEMENTS_FILE="$PROJECT_ROOT/LuckyRobots.entitlements" else echo "Warning: No entitlements file found. This might affect notarization." ENTITLEMENTS_FILE="" fi # For debugging: print paths and config echo "Project root: $PROJECT_ROOT" echo "Project file: $PROJECT_FILE" echo "Archive directory: $ARCHIVE_DIR" echo "Entitlements file: $ENTITLEMENTS_FILE" # Clean up previous build artifacts rm -rf DerivedDataCache Intermediate Binaries Saved # Generate project files "$UE_ROOT/Engine/Build/BatchFiles/Mac/GenerateProjectFiles.sh" -project="$PROJECT_FILE" -game -engine # Run the build command "$UE_UAT" -ScriptsForProject="$PROJECT_FILE" Turnkey \ -command=VerifySdk \ -platform=Mac \ -UpdateIfNeeded \ -EditorIO \ -EditorIOPort=59484 \ -project="$PROJECT_FILE" \ BuildCookRun \ -nop4 \ -utf8output \ -cook \ -project="$PROJECT_FILE" \ -target=LuckyWorld \ -unrealexe="$UE_EDITOR" \ -platform=Mac \ -installed \ -stage \ -archive \ -package \ -build \ -iterativecooking \ -pak \ -iostore \ -compressed \ -prereqs \ -archivedirectory="$ARCHIVE_DIR" \ -CrashReporter \ -clientconfig=Shipping \ # -nocompile \ # -nocompileuat \ # -nocompileeditor \ # -skipbuildeditor \ # enable these if you want to test build without pak and iostore (you're just testing the build) # -skipiostore \ # -skippak \ (disable -pak and -iostore) echo "" echo "🦾 Build completed. Application path:" APP_PATH=$(find "$ARCHIVE_DIR" -name "*.app" -type d | head -n 1) echo "$APP_PATH" if [ -n "$APP_PATH" ]; then echo "" echo "🔍 Binary files that will need signing:" DYLIB_COUNT=$(find "$APP_PATH" -name "*.dylib" | wc -l) SO_COUNT=$(find "$APP_PATH" -name "*.so" | wc -l) FRAMEWORKS=$(find "$APP_PATH" -path "*.framework/*" -type f -perm +111 | wc -l) EXECUTABLES=$(find "$APP_PATH" -type f -perm +111 -not -path "*.framework/*" -not -name "*.dylib" -not -name "*.so" | wc -l) echo "- $DYLIB_COUNT .dylib libraries" echo "- $SO_COUNT .so libraries" echo "- $FRAMEWORKS framework executables" echo "- $EXECUTABLES other executables" echo "Total binary files: $((DYLIB_COUNT + SO_COUNT + FRAMEWORKS + EXECUTABLES))" echo "" echo "🔍 Checking for PhysX and other special libraries (often need special handling):" find "$APP_PATH" -name "*PhysX*" -o -name "*APEX*" fi # Bundle ID'yi proje ayarlarında güncelle echo "" echo "🔧 Updating bundle ID in UE config..." CONFIG_FILE="$PROJECT_ROOT/Config/DefaultGame.ini" if [ -f "$CONFIG_FILE" ]; then # Mevcut bölümü kontrol et veya ekle if grep -q "\[/Script/MacTargetPlatform\.MacTargetSettings\]" "$CONFIG_FILE"; then # Bölüm var, ayarı güncelleyebiliriz sed -i '' 's/BundleIdentifier=.*/BundleIdentifier=com.luckyrobots.luckyworld/g' "$CONFIG_FILE" else # Bölüm yok, eklememiz gerekiyor echo "" >> "$CONFIG_FILE" echo "[/Script/MacTargetPlatform.MacTargetSettings]" >> "$CONFIG_FILE" echo "BundleIdentifier=com.luckyrobots.luckyworld" >> "$CONFIG_FILE" fi echo "Updated bundle ID in project config" fi # Build sonrası işlemler - bundle ID ayarlama echo "" echo "🔧 Performing post-build fix for bundle ID..." if [ -n "$APP_PATH" ]; then INFO_PLIST="$APP_PATH/Contents/Info.plist" if [ -f "$INFO_PLIST" ]; then echo "Setting bundle identifier to com.luckyrobots.luckyworld" /usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier com.luckyrobots.luckyworld" "$INFO_PLIST" echo "Updated bundle ID: $(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "$INFO_PLIST")" else echo "⚠️ Info.plist not found at $INFO_PLIST" fi fi # Recursive imzalama fonksiyonu - tüm binary dosyaları imzalar function sign_recursively() { local app_path="$1" local entitlements_file="$2" local counter=0 local total=0 local failed=0 # Önce toplam dosya sayısını hesapla # Tüm binary dosyaları bul (executable, dylib, so, çerçeveler) echo "Scanning for binary files..." # Executable binary files (libraries, executables) binaries=$(find "$app_path" -type f \( -name "*.dylib" -o -name "*.so" -o -perm +111 \) | sort) total=$(echo "$binaries" | wc -l) echo "Found $total binary files to sign" # Helper binary dosyaları imzala (tercih sırasına göre) echo "Signing all binary files (libraries and executables)..." echo "$binaries" | while read -r binary; do counter=$((counter + 1)) # Her 20 dosyada bir ilerleme göster if [ $((counter % 20)) -eq 0 ] || [ $counter -eq 1 ] || [ $counter -eq $total ]; then echo "Progress: $counter/$total - Signing: $binary" fi # Skip if not a regular file (symbolic links etc) if [ ! -f "$binary" ]; then continue fi # Dosya türünü kontrol et file_info=$(file "$binary") # Sadece Mach-O dosyalarını imzala if ! echo "$file_info" | grep -q "Mach-O"; then continue fi if [[ "$binary" == *CrashReportClient* ]]; then echo "🛠️ Special handling for CrashReportClient: $binary" fi # Timestamp ve runtime options ile imzala codesign --force --options runtime --deep --sign - --timestamp --entitlements "$entitlements_file" "$binary" 2>&1 || { echo "⚠️ Failed to sign: $binary" failed=$((failed + 1)) } done # Başvuru için ENTITLEMENTS içeriğini göster echo "Using entitlements file for signatures:" cat "$entitlements_file" # Tüm nested app'leri bul ve imzala nested_apps=$(find "$app_path" -name "*.app" -type d) if [ -n "$nested_apps" ]; then echo "Signing nested applications..." echo "$nested_apps" | while read -r nested_app; do if [ "$nested_app" != "$app_path" ]; then echo "Signing nested app: $nested_app" # İmzalamadan önce Info.plist varsa Bundle ID ayarla nested_info="$nested_app/Contents/Info.plist" if [ -f "$nested_info" ]; then echo "Setting bundle identifier for nested app" /usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier com.luckyrobots.luckyworld.nested" "$nested_info" 2>/dev/null || true fi codesign --force --options runtime --deep --sign - --timestamp --entitlements "$entitlements_file" "$nested_app" 2>&1 || { echo "⚠️ Failed to sign nested app: $nested_app" failed=$((failed + 1)) } fi done fi # Asıl uygulamayı imzala echo "Signing main application: $app_path" codesign --force --options runtime --deep --sign - --timestamp --entitlements "$entitlements_file" "$app_path" 2>&1 || { echo "⚠️ Failed to sign main app: $app_path" failed=$((failed + 1)) } echo "✅ Signing completed: $counter files processed, $failed failures" # İmzalama durumunu kontrol et echo "Verifying signatures..." codesign -vvv --deep --strict "$app_path" # Hardened Runtime ve diğer güvenlik ayarları kontrol et echo "Checking security settings (Hardened Runtime, etc.):" codesign -d --entitlements - "$app_path" | grep -i "runtime\|hardened\|security" # Spesifik olarak CrashReportClient'i kontrol et (sorunlu dosya) crash_reporter=$(find "$app_path" -path "*CrashReportClient.app/Contents/MacOS/CrashReportClient" -type f | head -1) if [ -n "$crash_reporter" ]; then echo "Checking CrashReportClient specifically:" codesign -d --entitlements - "$crash_reporter" | grep -i "runtime\|hardened\|security" fi } # Kütüphaneleri kontrol et ve gerekirse post-processing yap echo "" echo "🔍 Performing comprehensive signing and hardening of all binaries..." if [ -n "$APP_PATH" ] && [ -n "$ENTITLEMENTS_FILE" ]; then # Recursive olarak tüm binary dosyaları imzala sign_recursively "$APP_PATH" "$ENTITLEMENTS_FILE" # Son olarak ana uygulamayı tekrar imzala echo "Final signing of main app bundle" codesign --force --options runtime --deep --sign - --timestamp --entitlements "$ENTITLEMENTS_FILE" "$APP_PATH" echo "✅ All binaries signed successfully with Hardened Runtime enabled" else echo "❌ App path or entitlements file not found, cannot perform comprehensive signing" echo "App path: $APP_PATH" echo "Entitlements file: $ENTITLEMENTS_FILE" fi echo "" echo "✅ Build and post-processing completed successfully!"