From b6ae8c6ae999ba512d94ff14dec1bdd2db16943f Mon Sep 17 00:00:00 2001 From: DeckerSU Date: Wed, 15 Oct 2025 19:30:33 +0200 Subject: [PATCH 1/6] signing for all configurations in which it's needed not only in "Release", runtime flags for signing in "Release", "Release-production", etc. --- .../macos/komodo_defi_framework.podspec | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec index 13cdad6b..c258d7f7 100644 --- a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec +++ b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec @@ -101,14 +101,21 @@ A new Flutter FFI plugin project. thin_binary_to_archs "$FRAMEWORKS_DIR/libkdflib.dylib" "$TARGET_ARCHS" if [ -f "$FRAMEWORKS_DIR/libkdflib.dylib" ]; then install_name_tool -id "@rpath/libkdflib.dylib" "$FRAMEWORKS_DIR/libkdflib.dylib"; fi - - # Re-sign after modifications (best-effort) - if [ -n "$EXPANDED_CODE_SIGN_IDENTITY" ]; then - codesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" "$APP_SUPPORT_DIR/kdf" 2>/dev/null || true - codesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" "$FRAMEWORKS_DIR/libkdflib.dylib" 2>/dev/null || true - fi fi + # Re-sign after modifications (best-effort) + if [ -n "$EXPANDED_CODE_SIGN_IDENTITY" ]; then + RUNTIME_FLAGS="" + case "$CONFIGURATION" in + Release*) RUNTIME_FLAGS="--options runtime --timestamp" ;; + esac + + codesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" $RUNTIME_FLAGS "$APP_SUPPORT_DIR/kdf" 2>/dev/null || true + codesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" $RUNTIME_FLAGS "$FRAMEWORKS_DIR/libkdflib.dylib" 2>/dev/null || true + else + echo "Warning: EXPANDED_CODE_SIGN_IDENTITY is empty. Code signing skipped." + fi + # Fail if neither file was found if [ $FOUND_REQUIRED_FILE -eq 0 ]; then echo "Error: Neither kdf executable nor libkdflib.dylib was found. At least one is required." From 923f0308d7efa0b99eb48a27edec98ff84dd1110 Mon Sep 17 00:00:00 2001 From: DeckerSU Date: Wed, 15 Oct 2025 19:43:49 +0200 Subject: [PATCH 2/6] use thin_binary_to_archs for all Relase configurations not only just "Release" --- .../macos/komodo_defi_framework.podspec | 65 ++++++++++--------- 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec index c258d7f7..ac2d65a7 100644 --- a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec +++ b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec @@ -61,47 +61,48 @@ A new Flutter FFI plugin project. fi # Prune binary slices to match $ARCHS (preserve universals) in Release builds only - if [ "$CONFIGURATION" = "Release" ]; then - TARGET_ARCHS="${ARCHS:-$(arch)}" + case "$CONFIGURATION" in + Release*) + TARGET_ARCHS="${ARCHS:-$(arch)}" - thin_binary_to_archs() { - file="$1" - keep_archs="$2" + thin_binary_to_archs() { + file="$1" + keep_archs="$2" - [ -f "$file" ] || return 0 + [ -f "$file" ] || return 0 - # Only act on fat files (multi-arch) - if ! lipo -info "$file" | grep -q 'Architectures in the fat file'; then - return 0 - fi + # Only act on fat files (multi-arch) + if ! lipo -info "$file" | grep -q 'Architectures in the fat file'; then + return 0 + fi - bin_archs="$(lipo -archs "$file" 2>/dev/null || true)" - [ -n "$bin_archs" ] || return 0 + bin_archs="$(lipo -archs "$file" 2>/dev/null || true)" + [ -n "$bin_archs" ] || return 0 - dir="$(dirname "$file")" - base="$(basename "$file")" - work="$file" + dir="$(dirname "$file")" + base="$(basename "$file")" + work="$file" - for arch in $bin_archs; do - echo "$keep_archs" | tr ' ' '\n' | grep -qx "$arch" && continue - echo "Removing architecture $arch from $base" - next="$(mktemp "$dir/.${base}.XXXXXX")" - lipo "$work" -remove "$arch" -output "$next" - [ "$work" != "$file" ] && rm -f "$work" - work="$next" - done + for arch in $bin_archs; do + echo "$keep_archs" | tr ' ' '\n' | grep -qx "$arch" && continue + echo "Removing architecture $arch from $base" + next="$(mktemp "$dir/.${base}.XXXXXX")" + lipo "$work" -remove "$arch" -output "$next" + [ "$work" != "$file" ] && rm -f "$work" + work="$next" + done - if [ "$work" != "$file" ]; then - mv -f "$work" "$file" - fi - } + if [ "$work" != "$file" ]; then + mv -f "$work" "$file" + fi + } - thin_binary_to_archs "$APP_SUPPORT_DIR/kdf" "$TARGET_ARCHS" - if [ -f "$APP_SUPPORT_DIR/kdf" ]; then chmod +x "$APP_SUPPORT_DIR/kdf"; fi + thin_binary_to_archs "$APP_SUPPORT_DIR/kdf" "$TARGET_ARCHS" + if [ -f "$APP_SUPPORT_DIR/kdf" ]; then chmod +x "$APP_SUPPORT_DIR/kdf"; fi - thin_binary_to_archs "$FRAMEWORKS_DIR/libkdflib.dylib" "$TARGET_ARCHS" - if [ -f "$FRAMEWORKS_DIR/libkdflib.dylib" ]; then install_name_tool -id "@rpath/libkdflib.dylib" "$FRAMEWORKS_DIR/libkdflib.dylib"; fi - fi + thin_binary_to_archs "$FRAMEWORKS_DIR/libkdflib.dylib" "$TARGET_ARCHS" + if [ -f "$FRAMEWORKS_DIR/libkdflib.dylib" ]; then install_name_tool -id "@rpath/libkdflib.dylib" "$FRAMEWORKS_DIR/libkdflib.dylib"; fi + esac # Re-sign after modifications (best-effort) if [ -n "$EXPANDED_CODE_SIGN_IDENTITY" ]; then From 2c696e1afb7d8e1ba879eb134a834084cc18111c Mon Sep 17 00:00:00 2001 From: DeckerSU Date: Wed, 15 Oct 2025 21:17:14 +0200 Subject: [PATCH 3/6] change code signing approach, using code_sign_if_enabled function --- .../macos/komodo_defi_framework.podspec | 36 +++++++++++-------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec index ac2d65a7..9b810ca7 100644 --- a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec +++ b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec @@ -103,20 +103,28 @@ A new Flutter FFI plugin project. thin_binary_to_archs "$FRAMEWORKS_DIR/libkdflib.dylib" "$TARGET_ARCHS" if [ -f "$FRAMEWORKS_DIR/libkdflib.dylib" ]; then install_name_tool -id "@rpath/libkdflib.dylib" "$FRAMEWORKS_DIR/libkdflib.dylib"; fi esac - - # Re-sign after modifications (best-effort) - if [ -n "$EXPANDED_CODE_SIGN_IDENTITY" ]; then - RUNTIME_FLAGS="" - case "$CONFIGURATION" in - Release*) RUNTIME_FLAGS="--options runtime --timestamp" ;; - esac - - codesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" $RUNTIME_FLAGS "$APP_SUPPORT_DIR/kdf" 2>/dev/null || true - codesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" $RUNTIME_FLAGS "$FRAMEWORKS_DIR/libkdflib.dylib" 2>/dev/null || true - else - echo "Warning: EXPANDED_CODE_SIGN_IDENTITY is empty. Code signing skipped." - fi - + + # Signs a framework with the provided identity + code_sign_if_enabled() { + if [ -n "${EXPANDED_CODE_SIGN_IDENTITY:-}" -a "${CODE_SIGNING_REQUIRED:-}" != "NO" -a "${CODE_SIGNING_ALLOWED}" != "NO" ]; then + # Use the current code_sign_identity + echo "Code Signing $1 with Identity ${EXPANDED_CODE_SIGN_IDENTITY_NAME}" + local code_sign_cmd="/usr/bin/codesign --force --sign ${EXPANDED_CODE_SIGN_IDENTITY} ${OTHER_CODE_SIGN_FLAGS:-} --preserve-metadata=identifier,entitlements '$1'" + + if [ "${COCOAPODS_PARALLEL_CODE_SIGN}" == "true" ]; then + code_sign_cmd="$code_sign_cmd &" + fi + echo "$code_sign_cmd" + eval "$code_sign_cmd" + else + echo "Code Signing DISABLED. Is this correct for your configuration?" + fi + } + + # Resign the code if required by the build settings to avoid unstable apps + code_sign_if_enabled "$APP_SUPPORT_DIR/kdf" || true + code_sign_if_enabled "$FRAMEWORKS_DIR/libkdflib.dylib" || true + # Fail if neither file was found if [ $FOUND_REQUIRED_FILE -eq 0 ]; then echo "Error: Neither kdf executable nor libkdflib.dylib was found. At least one is required." From c236a4418b85b0c5f10329e0609aada90127d5b5 Mon Sep 17 00:00:00 2001 From: DeckerSU Date: Wed, 15 Oct 2025 23:47:21 +0200 Subject: [PATCH 4/6] macos: move kdf binary from Resoures to Framework Helpers to avoid issues with unsigned resources ... we put SIGNED kdf binary to Contents/Frameworks/komodo_defi_framework.framework/Versions/Current/Helpers/kdf In case of using Resources - it will result with unsigned binary (!) TODO: May be this should be reworked, but we shouldn't store the binaries in resources, to avoid issues. --- .../lib/src/native/kdf_executable_finder.dart | 20 ++++++++++++++----- .../macos/komodo_defi_framework.podspec | 10 +++++++++- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart b/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart index 3d7a27d5..b4582653 100644 --- a/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart +++ b/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart @@ -22,9 +22,7 @@ enum BuildMode { /// Helper class for locating the KDF executable across different platforms class KdfExecutableFinder { - KdfExecutableFinder({ - required this.logCallback, - }); + KdfExecutableFinder({required this.logCallback}); final void Function(String) logCallback; @@ -36,7 +34,8 @@ class KdfExecutableFinder { /// Attempts to find the KDF executable in standard and platform-specific /// locations Future findExecutable({String executableName = 'kdf'}) async { - final macosKdfResourcePath = p.joinAll([ + // TODO: do we really neeed to leave legacy path here? + final macosLegacyBundlePath = p.joinAll([ p.dirname(p.dirname(Platform.resolvedExecutable)), 'Frameworks', 'komodo_defi_framework.framework', @@ -47,6 +46,16 @@ class KdfExecutableFinder { executableName, ]); + final macosHelpersInFrameworkPath = p.joinAll([ + p.dirname(p.dirname(Platform.resolvedExecutable)), + 'Frameworks', + 'komodo_defi_framework.framework', + 'Versions', + 'Current', + 'Helpers', + executableName, + ]); + final files = [ '/usr/local/bin/$executableName', '/usr/bin/$executableName', @@ -54,7 +63,8 @@ class KdfExecutableFinder { p.join(Directory.current.path, '$executableName.exe'), p.join(Directory.current.path, 'lib/$executableName'), p.join(Directory.current.path, 'lib/$executableName.exe'), - macosKdfResourcePath, + macosLegacyBundlePath, + macosHelpersInFrameworkPath, constructWindowsBuildArtifactPath( mode: currentBuildMode, executableName: executableName, diff --git a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec index 9b810ca7..ea1892bb 100644 --- a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec +++ b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec @@ -16,9 +16,11 @@ A new Flutter FFI plugin project. s.dependency 'FlutterMacOS' s.resource_bundles = { - 'kdf_resources' => ['bin/kdf', 'lib/*.dylib'].select { |f| Dir.exist?(File.dirname(f)) } + 'kdf_resources' => ['lib/*.dylib'].select { |f| Dir.exist?(File.dirname(f)) } } + # s.preserve_paths = ['bin/kdf'] + s.script_phase = { :name => 'Install kdf executable and/or dylib', :execution_position => :before_compile, @@ -36,6 +38,9 @@ A new Flutter FFI plugin project. if [ ! -d "$FRAMEWORKS_DIR" ]; then mkdir -p "$FRAMEWORKS_DIR" fi + + # Create Helpers directory in current (komodo_defi_framework) framework + mkdir -p "${TARGET_BUILD_DIR}/${CONTENTS_FOLDER_PATH}/Helpers" # Track if we found at least one of the required files FOUND_REQUIRED_FILE=0 @@ -123,6 +128,9 @@ A new Flutter FFI plugin project. # Resign the code if required by the build settings to avoid unstable apps code_sign_if_enabled "$APP_SUPPORT_DIR/kdf" || true + # Move signed kdf binary to the Framework Helpers + # TODO: do we really need this binary in APP_SUPPORT_DIR and FRAMEWORKS_DIR ??? Need tests (!!!) + if [ -f "$APP_SUPPORT_DIR/kdf" ]; then cp "$APP_SUPPORT_DIR/kdf" "${TARGET_BUILD_DIR}/${CONTENTS_FOLDER_PATH}/Helpers/kdf"; fi code_sign_if_enabled "$FRAMEWORKS_DIR/libkdflib.dylib" || true # Fail if neither file was found From fb8cb575ef265681632499726f98700bf03a0e0e Mon Sep 17 00:00:00 2001 From: DeckerSU Date: Thu, 16 Oct 2025 21:11:36 +0200 Subject: [PATCH 5/6] refactor(kdf_executable_finder): remove legacy macOS path for KDF executable Eliminated the legacy path for the KDF executable in macOS to streamline the executable finding process. This change aligns with the recent restructuring of binary locations to avoid issues with unsigned resources. --- .../lib/src/native/kdf_executable_finder.dart | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart b/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart index b4582653..9029babf 100644 --- a/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart +++ b/packages/komodo_defi_framework/lib/src/native/kdf_executable_finder.dart @@ -34,18 +34,6 @@ class KdfExecutableFinder { /// Attempts to find the KDF executable in standard and platform-specific /// locations Future findExecutable({String executableName = 'kdf'}) async { - // TODO: do we really neeed to leave legacy path here? - final macosLegacyBundlePath = p.joinAll([ - p.dirname(p.dirname(Platform.resolvedExecutable)), - 'Frameworks', - 'komodo_defi_framework.framework', - 'Resources', - 'kdf_resources.bundle', - 'Contents', - 'Resources', - executableName, - ]); - final macosHelpersInFrameworkPath = p.joinAll([ p.dirname(p.dirname(Platform.resolvedExecutable)), 'Frameworks', @@ -63,7 +51,6 @@ class KdfExecutableFinder { p.join(Directory.current.path, '$executableName.exe'), p.join(Directory.current.path, 'lib/$executableName'), p.join(Directory.current.path, 'lib/$executableName.exe'), - macosLegacyBundlePath, macosHelpersInFrameworkPath, constructWindowsBuildArtifactPath( mode: currentBuildMode, From 342ca1fff35bc93f60369cdc7e42e93942948a61 Mon Sep 17 00:00:00 2001 From: DeckerSU Date: Thu, 16 Oct 2025 21:45:46 +0200 Subject: [PATCH 6/6] refactor(podspec): streamline macOS directory creation for KDF binary Consolidated the creation of application support, frameworks, and helpers directories into a single command to simplify the build process. --- .../macos/komodo_defi_framework.podspec | 22 ++++++------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec index ea1892bb..25fdac50 100644 --- a/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec +++ b/packages/komodo_defi_framework/macos/komodo_defi_framework.podspec @@ -28,19 +28,10 @@ A new Flutter FFI plugin project. # Get the application support directory for macOS APP_SUPPORT_DIR="${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.app/Contents/Library/Application Support" FRAMEWORKS_DIR="${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.app/Contents/Frameworks" + HELPERS_DIR="${TARGET_BUILD_DIR}/${CONTENTS_FOLDER_PATH}/Helpers" - # Ensure the application support directory exists - if [ ! -d "$APP_SUPPORT_DIR" ]; then - mkdir -p "$APP_SUPPORT_DIR" - fi - - # Ensure the frameworks directory exists - if [ ! -d "$FRAMEWORKS_DIR" ]; then - mkdir -p "$FRAMEWORKS_DIR" - fi - - # Create Helpers directory in current (komodo_defi_framework) framework - mkdir -p "${TARGET_BUILD_DIR}/${CONTENTS_FOLDER_PATH}/Helpers" + # Create all required directories in one go + mkdir -p "$APP_SUPPORT_DIR" "$FRAMEWORKS_DIR" "$HELPERS_DIR" # Track if we found at least one of the required files FOUND_REQUIRED_FILE=0 @@ -128,9 +119,10 @@ A new Flutter FFI plugin project. # Resign the code if required by the build settings to avoid unstable apps code_sign_if_enabled "$APP_SUPPORT_DIR/kdf" || true - # Move signed kdf binary to the Framework Helpers - # TODO: do we really need this binary in APP_SUPPORT_DIR and FRAMEWORKS_DIR ??? Need tests (!!!) - if [ -f "$APP_SUPPORT_DIR/kdf" ]; then cp "$APP_SUPPORT_DIR/kdf" "${TARGET_BUILD_DIR}/${CONTENTS_FOLDER_PATH}/Helpers/kdf"; fi + # Helpers in komodo_defi_framework is now the ONLY place where KdfExecutableFinder.findExecutable() + # will look for the kdf binary on macOS. The APP_SUPPORT_DIR copy is redundant but kept for + # backward compatibility with older builds. + if [ -f "$APP_SUPPORT_DIR/kdf" ]; then cp "$APP_SUPPORT_DIR/kdf" "$HELPERS_DIR/kdf"; fi code_sign_if_enabled "$FRAMEWORKS_DIR/libkdflib.dylib" || true # Fail if neither file was found