App Sandbox & Missing Symbols for Nested PyInstaller App Bundle

App Structure: A native Swift/Obj-C wrapper app that launches a nested .app inside its Resources.

Can you elaborate on that? Can you describe the full structure of the top-level bundle?

You should definitely never put executable code in the "Resources" folder.

A native Swift/Obj-C wrapper app that launches a nested .app inside its Resources.

That’s not a good start )-: Contents/Resources is reserved for data. Nested code needs to be in some other location. I generally recommend Contents/MacOS for a nested app. See Placing Content in a Bundle.

It’s very likely that your nested app will have other bundle structure problems. While I don’t have specific experience with the tool you’re using, my general experience is that such tools tend to flout the rules in Placing Content in a Bundle [1]. In some cases you can get away with that but, quoting that doc, there’s a possibility you might “encounter hard-to-debug code signing and distribution problems” )-:

In your case specifically, it’s possible that the Xcode’s re-signing process, as expressed in the organiser window, won’t handle this structure. If that turns out to be the case, you might be able to resolve your problem by signing your code manually, as explained in Creating distribution-signed code for macOS. However, my general advice is:

• Follow the rules in Placing Content in a Bundle.

• If you can’t do that, check out Embedding nonstandard code structures in a bundle.

For Developer ID (not App Store), is sandboxing strictly required … ?

No. I suspect that you’re mixing up your distribution mechanisms. Are you clicking Validate App in the Xcode organiser? If so, be aware that that’s for App Store apps only. If you plan to distribute your app directly, it won’t yield useful results.

Rather, click Distribute App and follow the Direct Distribution workflow.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] To be fair, a lot of these tools were created before Placing Content in a Bundle was published, and the previous documentation about this stuff was significantly less clear.

Hello Quinn,

Though we have managed to solve that problem, we are still having issues while distributing the app via Xcode.

It would be great to have your advice on what would be the best possible architecture based on Apple's guidelines.

We are building a MacOS application which needs a face model (preferably Mediapipe) to identify certain landmarks on face and body, which we further use for calculations and provide an output on the GUI.

1. We have built a stand alone python application using PyQt that we are able to distribute as a .app file but is there a way to distribute this .app file via Mac app store without modifying the application?
2. In another test, we have built a GUI using Swift and the backend is in python. We have built this python application with a camera module and integrated with the GUI. At distribution we are stuck at the App sandbox issue.
3. In our 3rd method we gave the camera rights to the GUI built with Swift. With logic in python, the python app provides an output to the GUI. We tried with both Json and Stdin/stdout output to the GUI. On locally building the application on Xcode the app will start and turn on camera for 1-2 sec but the application will hang. We tried to distribute it via Xcode but we got a python package build error.
4. Also, we are open to importing the Mediapipe package on Xcode and building the entire app natively on Swift. Is this something that Apple supports? I tried to add the Mediapipe package but received the below error.
5. We are experimenting with swift + objective c by either converting python using cython or writing in c/cpp directly.

What is generally the best and simplest design to build an AI based application using 3rd party libraries and logic written in Python to deploy the app on the App store?

Thank you and have a wonderful day!

We are getting this error while using mediapipe

We have built a stand alone python application using PyQt … is there a way to distribute this .app file via Mac app store without modifying the application?

It’s hard for me to answer this. I’m happy to answer questions about App Store requirements — that is, the bundle structure and code signing that App Store enforces — but I can’t answer questions about third-party tools. You need to either investigate this yourself or discuss it with the tool’s vendor.

we are open to importing the Mediapipe package on Xcode and building the entire app natively on Swift. Is this something that Apple supports?

That depends on what you mean by “supports”. Speaking for Developer Technical Support, aka DTS, that is, the organisation I work for, we support Apple tools and APIs. When it comes to third-party packages, we support that up to a point. We certainly don’t support the third-party code in the package. From our perspective, that’s your code. OTOH, we do support folks creating packages and using them in Xcode.

If you’re asking about support in the App Store sense, I don’t see any specific problems with your overall goal. In general, App Store allows you to submit an app that uses third-party packages. However, you need to keep in mind that:

• From App Store’s perspective, you’re responsible for how the code behaves.

• And thus must ensure it follows the App Review Guidelines.

For example, App Store requires that all code be sandboxed, and that includes all the executables in your app, even ones that are based on third-party code.

I tried to add the Mediapipe package but received the below error.

Right. The term package is overloaded here. In Xcode, a package means a Swift package. That always has a Package.swift file at the top level. For example, in the GRDB package that’s this file.

When I look at the package that’s failing, I see no indicating that it has any Swift package support.

What is generally the best and simplest design … ?

I don’t think there’s a single answer to this. Different folks approach the problem different ways depending on their experience and requirements. All of the following are supported by the App Store:

• Write your entire app in Python and use a third-party tool to wrap that in something the user can double click.

• Put the Python code in a separate process and invoke that via some sort of IPC mechanism.

• Write a native app and, within that, load the Python runtime and use it to run Python code directly within your process.

And there are probably more. My Python experience is rather dated [1].

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] I dropped Python around the time that Python 3 was introduced, although that’s just a timing coincidence. I don’t have anything against Python 3 (-: