Describe the bug
When distributing an iOS app that depends on kotlinx-rpc-grpc-core (via Kotlin Multiplatform), the gRPC C Core native static library (libkgrpc.a) is statically linked into the app's framework. Apple's App Store submission rejects the build with:
ITMS-91065: Missing signature — Your app includes xyz, which includes BoringSSL / openssl_grpc, an SDK that was identified as a commonly used third-party SDK. The SDK must include a signature file. Please contact the provider of the SDK.
Versions:
- kotlinx-rpc: 0.11.0-grpc-185 (also reproduced with 0.11.0-grpc-187)
- The iosArm64Cinterop-libkgrpcMain klib (grpc-185) / grpc-core-shim Cinterop-grpcCoreInteropMain klib (grpc-187) embeds ~7MB of gRPC C Core + BoringSSL that gets linked into the final XCFramework
Apple requires the provider of BoringSSL/openssl_grpc to sign the SDK. Please sign the kotlinx-rpc-grpc-core-shim native artifact (or its successor) with an Apple Developer certificate so the openssl_grpc symbols satisfy ITMS-91065.
Reference: https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks
To Reproduce
Steps to reproduce the behavior:
- Kotlin version
- Gradle version
- OS (Or at least KMP platform)
- Minimal reproducer in code
- Error description
- And so on
Expected behavior
Apple requires the provider of BoringSSL/openssl_grpc to sign the SDK. Please sign the kotlinx-rpc-grpc-core-shim native artifact (or its successor) with an Apple Developer certificate so the openssl_grpc symbols satisfy ITMS-91065.
Reference: https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks
Additional context
Add any other context about the problem here.
Describe the bug
When distributing an iOS app that depends on kotlinx-rpc-grpc-core (via Kotlin Multiplatform), the gRPC C Core native static library (libkgrpc.a) is statically linked into the app's framework. Apple's App Store submission rejects the build with:
ITMS-91065: Missing signature — Your app includes xyz, which includes BoringSSL / openssl_grpc, an SDK that was identified as a commonly used third-party SDK. The SDK must include a signature file. Please contact the provider of the SDK.
Versions:
Apple requires the provider of BoringSSL/openssl_grpc to sign the SDK. Please sign the kotlinx-rpc-grpc-core-shim native artifact (or its successor) with an Apple Developer certificate so the openssl_grpc symbols satisfy ITMS-91065.
Reference: https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Apple requires the provider of BoringSSL/openssl_grpc to sign the SDK. Please sign the kotlinx-rpc-grpc-core-shim native artifact (or its successor) with an Apple Developer certificate so the openssl_grpc symbols satisfy ITMS-91065.
Reference: https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks
Additional context
Add any other context about the problem here.