Metal backend: add export-time code signing for Hardened Runtime

[mergennachin]

The Metal AOTI backend extracts a compiled .so from the .pte at runtime
and dlopen's it. macOS Hardened Runtime rejects unsigned dlopen'd code,
making Metal-backend .pte files unusable in notarized apps.

Add a codesign_so hook to AotiBackend (no-op by default) that runs
after AOTInductor compilation and before the .so is packed into the .pte.
MetalBackend overrides it to run codesign when a codesign_identity
compile spec is provided. Wire --codesign-identity through the Voxtral
Realtime and Parakeet export scripts.

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/18768

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❗ 1 Active SEVs

There are 1 currently active SEVs. If your PR is affected, please view them below:

• Rolling out OSDC (ARC) runners on pull & trunk workflows in PyTorch main

❌ 3 New Failures, 4 Pending, 6 Unrelated Failures

As of commit ce84793 with merge base 3a62fac ():

NEW FAILURES - The following jobs have failed:

• Test CUDA Windows Export and E2E / export-model-cuda-windows-artifact (facebook, dinov2-small-imagenet1k-1-layer, non-quantized) / linux-job (gh)
  RuntimeError: Command docker exec -t 3e33f2265240b8122735f767a36117c0344bfa2c3f38b4034df485f8a012dccd /exec failed with exit code 1
• Test CUDA Windows Export and E2E / export-model-cuda-windows-artifact (nvidia, parakeet-tdt, non-quantized) / linux-job (gh)
  RuntimeError: Command docker exec -t ef8690dfeb90106bb3c6cb3677fe0d3bc5b2f4184bd35f28ddfdd0ecca3ecbc4 /exec failed with exit code 1
• Test CUDA Windows Export and E2E / export-model-cuda-windows-artifact (nvidia, parakeet-tdt, quantized-int4-weight-only) / linux-job (gh)
  RuntimeError: Command docker exec -t 0bb82675232993d20fe8eaf888ab2656ab6e80e572450541a62762b168e88860 /exec failed with exit code 1

FLAKY - The following jobs failed but were likely due to flakiness present on trunk:

• pull / test-coreml-bc-macos (macos-m2-stable) / macos-job (gh) (detected as infra flaky with no log or failing log classifier)
• pull / test-qnn-testsuite-linux / test-backend-linux (qnn, models) / linux-job (gh) (detected as infra flaky with no log or failing log classifier)

BROKEN TRUNK - The following jobs failed but were present on the merge base:

👉 Rebase onto the `viable/strict` branch to avoid these failures

• MLX / test-mlx-qwen35-moe / test-mlx-qwen35-moe (gh) (trunk failure)
  RuntimeError: Command bash /Users/runner/work/_temp/exec_script failed with exit code 1
• pull / unittest / windows / windows-job (gh) (trunk failure)
  ##[error]The operation was canceled.
• pull / unittest-editable / windows / windows-job (gh) (trunk failure)
  ##[error]The operation was canceled.
• Test Metal Backend / test-metal-qwen35-moe-tiny / macos-job (gh) (trunk failure)
  /Users/ec2-user/runner/_work/executorch/executorch/pytorch/executorch/examples/models/qwen3_5_moe/main.cpp:65:16: error: use of undeclared identifier 'cudaSuccess'

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[github-actions]

This PR needs a release notes: label

If your change should be included in the release notes (i.e. would users of this library care about this change?), please use a label starting with release notes:. This helps us keep track and include your important work in the next release notes.

To add a label, you can comment to pytorchbot, for example
@pytorchbot label "release notes: none"

For more information, see
https://github.com/pytorch/pytorch/wiki/PyTorch-AutoLabel-Bot#why-categorize-for-release-notes-and-how-does-it-work.

[Copilot]

Pull request overview

Adds an export-time code-signing hook for AOTInductor-produced shared libraries, enabling Metal backend .pte artifacts to work inside macOS Hardened Runtime / notarized apps (where dlopen rejects unsigned code).

Changes:

• Introduces a codesign_so() hook on AotiBackend and calls it during preprocess after compilation and before packing the .so.
• Implements MetalBackend.codesign_so() to run codesign when a codesign_identity compile spec is provided.
• Wires --codesign-identity through the Voxtral Realtime and Parakeet export scripts and adds Metal tests for signed/unsigned export paths.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
examples/models/voxtral_realtime/export_voxtral_rt.py	Adds --codesign-identity and passes it via a codesign_identity compile spec for Metal exports.
examples/models/parakeet/export_parakeet_tdt.py	Adds --codesign-identity and forwards it into Metal partitioner compile specs.
backends/apple/metal/tests/test_modules.py	Extends Metal export helper to accept codesign_identity and adds tests for signed/unsigned export.
backends/apple/metal/metal_backend.py	Implements Metal-specific .so signing via codesign when requested by compile spec.
backends/aoti/aoti_backend.py	Adds a backend hook (codesign_so) and invokes it before embedding the compiled .so into the output.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Since this backend now shells out to the codesign tool (see codesign_so further down), it would be good to defensively guard the signing path for non-macOS hosts and/or when codesign isn’t available on PATH. Without that, requesting signing can fail with a low-signal FileNotFoundError rather than a clear, actionable error message.