fix(cli): use ditto instead of fs::copy to preserve macOS code signing

[DorianZheng]

Summary

• Replace Rust's fs::copy() with macOS ditto command in build.rs to preserve code signing metadata when copying runtime files
• Use cp -R -T on Linux for similar behavior

Problem

CLI and shim binaries were killed with SIGKILL (exit 137) on macOS because fs::copy() creates new files that lose code signing extended attributes, causing "Invalid Page" code signature validation failures at dyld load time.

The crash report showed:

"signal":"SIGKILL (Code Signature Invalid)"
"termination":{"namespace":"CODESIGNING","indicator":"Invalid Page"}

Root Cause

• fs::copy() creates a new file that doesn't preserve macOS code signing metadata
• When binaries are copied from target/boxlite-runtime/ to ~/.local/share/boxlite/, the code signatures become invalid
• macOS kills the process at dyld load time before any code executes

Solution

Use ditto on macOS which preserves extended attributes, resource forks, and code signing metadata.

Test plan

• Clean rebuild: rm -rf ~/.local/share/boxlite && make cli
• Test CLI: ./target/debug/boxlite -h shows help
• Test shim: ~/.local/share/boxlite/boxlite-shim --help shows help

[DorianZheng]

@shayne-snap Hi, I found a bug when use rust std::fs::copy didn't preserve signing. Would you like to review?

[shayne-snap]

Hi @DorianZheng I haven't came across this problem on my laptop(Apple chip M2). Which platform are you on?

bcz I'm using runtime-debug?

boxlite/Makefile

Line 91 in 7d662d7

cli: runtime-debug

[DorianZheng]

Hi @DorianZheng I haven't came across this problem on my laptop(Apple chip M2). Which platform are you on?

bcz I'm using runtime-debug?

boxlite/Makefile

Line 91 in 7d662d7

cli: runtime-debug

Hi, my mac chip is Apple M1 Pro. I think maybe it's the cache thing. Can you try make clean and make cli?

[shayne-snap]

After executing make clean and make cli on different branches (twice), both version work on my laptop(./target/debug/boxlite -h works).

[shayne-snap]

LGTM

[DorianZheng]

After executing make clean and make cli on different branches (twice), both version work on my laptop(./target/debug/boxlite -h works).

@shayne-snap Ahhh, that's weird. I will paste the reproduce steps here in some time. Before that, I will leave this PR open and won't merge it.

[uran0sH]

I test on M2 chip and macOS Sequoia. It also works for me.

[shayne-snap]

After executing make clean and make cli on different branches (twice), both version work on my laptop(./target/debug/boxlite -h works).

@shayne-snap Ahhh, that's weird. I will paste the reproduce steps here in some time. Before that, I will leave this PR open and won't merge it.

I came across the same problem on my laptop after I created two dirs inboxlite-cliand move some files into the dirs. Don't know why make clean doesn't work.

[shayne-snap]

This PR works for me. Could you merge it into main? @DorianZheng