#!/bin/bash
#
# repair_and_sign.sh — PUBLIC‑SAFE VERSION
#
# Purpose:
#   Repairs framework structure (if needed) and signs all internal components.
#
# Notes for public sharing:
#   - Replace certificate placeholder with your own Developer ID name when using privately.
#   - Framework names here are generic; adjust to your environment.
#

set -euo pipefail
source &#34;$(dirname &#34;$0&#34;)/build_config.sh&#34;

cd &#34;$APP_ROOT&#34;

FWKS=(
  &#34;FMWrapper.framework&#34;
  &#34;FMEngine.framework&#34;
  &#34;DBEngine.framework&#34;
  &#34;Support.framework&#34;
)

echo &#34;=== Repairing frameworks (only if needed) ===&#34;

for FWK in &#34;${FWKS[@]}&#34;; do
  FWK_PATH=&#34;$APP/Contents/Frameworks/$FWK&#34;
  NAME=&#34;$(basename &#34;$FWK&#34; .framework)&#34;

  EXEC_A=&#34;$FWK_PATH/Versions/A/$NAME&#34;
  PLIST_A=&#34;$FWK_PATH/Versions/A/Resources/Info.plist&#34;

  EXEC_TOP=&#34;$FWK_PATH/$NAME&#34;
  PLIST_TOP=&#34;$FWK_PATH/Info.plist&#34;

  echo &#34;&#34;
  echo &#34;→ Checking $FWK&#34;

  if [[ -f &#34;$EXEC_A&#34; &amp;&amp; -f &#34;$PLIST_A&#34; ]]; then
      echo &#34;   Detected original structure — repairing…&#34;

      rm -f &#34;$EXEC_TOP&#34; &#34;$PLIST_TOP&#34;
      cp &#34;$EXEC_A&#34; &#34;$EXEC_TOP&#34;
      cp &#34;$PLIST_A&#34; &#34;$PLIST_TOP&#34;

      mkdir -p &#34;$FWK_PATH/_CodeSignature&#34;

      codesign --force --deep --options runtime \
        --sign &#34;Developer ID Application: YOUR NAME (TEAMID)&#34; \
        &#34;$FWK_PATH&#34;

      echo &#34;   Repaired and signed.&#34;
  else
      echo &#34;   Already repaired — skipping.&#34;
  fi
done

echo &#34;&#34;
echo &#34;=== Signing internal binaries ===&#34;

sign_if_exists() {
  local path=&#34;$1&#34;
  if [[ -f &#34;$path&#34; ]]; then
    echo &#34;   Signing $path&#34;
    codesign --force --options runtime \
      --sign &#34;Developer ID Application: YOUR NAME (TEAMID)&#34; \
      &#34;$path&#34;
  else
    echo &#34;   Skipping $path (not found)&#34;
  fi
}

sign_if_exists &#34;$APP/Contents/Frameworks/FMWrapper.framework/Versions/A/FMWrapper&#34;
sign_if_exists &#34;$APP/Contents/Frameworks/FMEngine.framework/Versions/A/FMEngine&#34;
sign_if_exists &#34;$APP/Contents/Frameworks/DBEngine.framework/Versions/A/DBEngine&#34;
sign_if_exists &#34;$APP/Contents/Frameworks/Support.framework/Versions/A/Support&#34;

echo &#34;&#34;
echo &#34;=== Signing XPC service ===&#34;
sign_if_exists &#34;$APP/Contents/XPCServices/PSConversionHelper.xpc&#34;

echo &#34;&#34;
echo &#34;=== Signing top-level app ===&#34;
codesign --force --deep --options runtime \
  --sign &#34;Developer ID Application: YOUR NAME (TEAMID)&#34; \
  &#34;$APP&#34;

echo &#34;&#34;
echo &#34;=== Verifying signature ===&#34;
codesign --verify --deep --strict --verbose=4 &#34;$APP&#34;

echo &#34;&#34;
echo &#34;=== repair_and_sign.sh complete ===&#34;