fix(macos): codesign KDF with hardened runtime and timestamp

[CharlVS]

This PR ensures KDF artifacts are properly codesigned for macOS notarization.

Available for testing in GLEECBTC/gleec-wallet#3175

Changes:

• Codesign KDF executable and libkdflib.dylib in all build configurations.
• Use --options runtime and --timestamp=auto on all signatures.
• Keep Release-only re-sign step after arch thinning (lipo) to maintain valid signature.

Result:

• All executable Mach-O files embedded by the plugin should verify with Apple timestamp in notarization checks.

---

Note

^{Cursor Bugbot is generating a summary for commit ffa7663. Configure here.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/kdf-signing

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR enhances macOS code signing for the KDF (Komodo DeFi Framework) executable and library to satisfy notarization requirements by adding hardened runtime and timestamp options to all codesign operations.

• Updates existing Release-only codesign operations to include --options runtime and --timestamp=auto
• Adds new codesign operations for all configurations (not just Release) with the same hardened runtime options
• Improves error messaging with additional troubleshooting instructions

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[github-actions]

Visit the preview URL for this PR (updated for commit ffa7663):

https://komodo-playground--pr240-fix-kdf-signing-beek61zp.web.app

_{(expires Wed, 22 Oct 2025 15:08:41 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

_{Sign: 2bfedd77fdea45b25ba7c784416e81f177aa5c47}

[github-actions]

Visit the preview URL for this PR (updated for commit ffa7663):

https://kdf-sdk--pr240-fix-kdf-signing-mq2hdvwh.web.app

_{(expires Wed, 22 Oct 2025 15:07:09 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

_{Sign: 9c1b6e6c010cf0b965c455ba7a69c4aedafa8a1d}

[CharlVS]

Fixes per review: codesign helper, newline formatting, avoid Release double-signing

• Implemented kdf_codesign to DRY codesign calls with --options runtime and --timestamp=auto.
• Use printf for proper newline formatting in missing-files error; removed backticks around the flutter command guidance line.
• Prevent double signing: generic signing only for non-Release; Release re-signs after lipo thinning.
• Changes in: sdk/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec
• Commit: ffa7663