fix(go-build): remove banned runtime from signing/codesign.go (AX-6)

pkg/build/signing/codesign.go used runtime.GOOS in Available() and Sign() to gate macOS-only signing. Swapped to core.Env("GOOS") == "darwin" matching the pattern applied to pkg/build/discovery.go in bada5b0. Dropped the runtime import. Closes tasks.lthn.sh/view.php?id=240 Co-authored-by: Codex <noreply@openai.com>
2026-04-24 19:46:36 +01:00 · 2026-04-24 19:46:36 +01:00 · 28a5f9f352
commit 28a5f9f352
parent bada5b0930
1 changed files with 4 additions and 4 deletions
--- a/pkg/build/signing/codesign.go
+++ b/pkg/build/signing/codesign.go
@ -2,9 +2,9 @@ package signing

 import (
 	"context"
-	"runtime"

 	"dappco.re/go/build/internal/ax"
+	"dappco.re/go/core"
 	"dappco.re/go/core/io"
 	coreerr "dappco.re/go/core/log"
 )
@ -37,7 +37,7 @@ func (s *MacOSSigner) Name() string {
 //
 // ok := s.Available() // → true if on macOS with identity set
 func (s *MacOSSigner) Available() bool {
-	if runtime.GOOS != "darwin" {
+	if core.Env("GOOS") != "darwin" {
 		return false
 	}
 	if s.config.Identity == "" {
@ -52,7 +52,7 @@ func (s *MacOSSigner) Available() bool {
 // err := s.Sign(ctx, io.Local, "dist/myapp")
 func (s *MacOSSigner) Sign(ctx context.Context, fs io.Medium, binary string) error {
 	if !s.Available() {
-		if runtime.GOOS != "darwin" {
+		if core.Env("GOOS") != "darwin" {
 			return coreerr.E("codesign.Sign", "codesign is only available on macOS", nil)
 		}
 		if s.config.Identity == "" {
@ -69,7 +69,7 @@ func (s *MacOSSigner) Sign(ctx context.Context, fs io.Medium, binary string) err
 	output, err := ax.CombinedOutput(ctx, "", nil, codesignCommand,
 		"--sign", s.config.Identity,
 		"--timestamp",
-		"--options", "runtime", // Hardened runtime for notarization
+		"--options", `runtime`, // Hardened runtime for notarization
 		"--force",
 		binary,
 	)