Hi! I am currently trying to upload my iOS app to App Store Connect. Unfortunately, code signing fails with the following error: "Code object is not signed at all.", referencing a binary Metallib (created with metal-tt and an mtlp-json script). I am using Xcode's automatically managed signing and the binary metallib is located inside the "Resources" directory of a framework that I am including with "Embed and sign" in the app. Could anyone give some guidance on what I need to change to make code signing work? Thank you.
Code Signing an app including a binary Metallib
Update: Solved by including the binary Metallib in the "Resources" directory of the app instead of the framework.
Solved by including the binary Metallib in the "Resources" directory of the app instead of the framework.
Correct.
I talked with one of my colleagues who supports Metal and, yeah, from the perspective of code signing, a .metallib file can’t carry its own code signature and thus is signed as data. Placing Content in a Bundle says:
Code content is either executable code, like a helper tool, or another bundle that contains executable code, like an app extension. In this context, executable code means a Mach-O image. It doesn’t include things like shell scripts, Python scripts, and AppleScripts
You’d treat a .metallib file just like one of these scripts.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I am faced with the same problem, however it cannot be solved with the solution suggested by Quinn... It's even more sad, because I am trying to use an Apple library, MLX, in my xcode project (MacOS app)...
I am building the MLX library from source as described here:
- https://ml-explore.github.io/mlx/build/html/install.html
After building the MLX library, the following artifacts are produced:
- libmlx.dylib
- mlx.metallib
I then copy these into the xcode project for my MaxOS app, and configure the build phases as follows:
- libmlx.dylib - embed into Frameworks directory, and "code sign on copy" - this works fine
- mlx.metallib - according to the MLX requirements, this has to be located next to libmlx.dylib in the Frameworks directory, otherwise libmlx.dylib cannot find it - however, xcode doesn't let me deploy mlx.metallib into the Frameworks directory, because it doesn't sign it, and then signing the whole app fails (exactly like the original poster of this question)
However, if I deploy mlx.metallib to the Resources directory, then the whole app can be signed, but libmlx.dylib cannot find mlx.metallib, because it's located in a different directory within the app bundle.
Please help! Again, this is especially sad because MLX is an Apple library, but I cannot use it within my xcode MacOS project, because it comes in two parts, one of which cannot be deployed to the Frameworks directory.
I’m not an expert on Metal — as should be obvious by my earlier responses on this thread — but…
If this library is encouraging to you construct your app in a way that runs counter to the rules from Placing Content in a Bundle, I recommend that you file a bug [1] about that.
In the short term, however, there are two ways you might tackle this:
-
This is open source, right? So you could fix the code to load its resources from the right place.
-
Alternatively, you can do the symlink trick that I outlined at the bottom of Embedding nonstandard code structures in a bundle [2].
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Normally I’d point you to Bug Reporting: How and Why?, but I’m not sure what the right process for filing this bug would be. Regardless, I’d appreciate you posting your bug number (or link) just for the record
[2] I’m still chuffed that I managed to get gnarly into an official Apple document (-: