App Rejected due to ITMS-91065: Missing signature in SDWebImage #3709
Comments
|
Are you use CocoaPods, SPM or Manual build the XCFramework ? We have 3 package managers support actually I don't think this the SDK issue, seems a |
|
If you sign the XCFramework by yourself, maybe this can be solved. |
|
I guess this related to https://github.com/SDWebImage/SDWebImage/blob/master/Scripts/create-xcframework.sh We need to sign the XCFramework, not build only: https://developer.apple.com/documentation/xcode/creating-a-multi-platform-binary-framework-bundle |
|
We are using SDWebImage SDK using Carthage with XCFramework. |
Seems known issue. You can codesign yourself for the built XCFramework, see: https://stackoverflow.com/questions/27474751/how-can-i-codesign-an-app-without-being-in-the-mac-developer-program And I'll remove the Carthage support later, we will build XCFramework ourselves and release on GitHub release pages. No longer source code level support for Carthage. The Carthage's pipeline design is wrong. It requires SDK client (you) to codesign, which is un-avoidable to cause the suply chain attacking. |
ITMS-91065: Missing signature - Your app includes “Frameworks/SDWebImage.framework/SDWebImage”, which includes SDWebImage, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. If a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a signature file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a signature. For details about verifying the code signature for a third-party SDK, visit: https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks.
We have used - https://github.com/SDWebImage/SDWebImage/releases/tag/5.18.12 version in our code.
Can you please look into why our app is rejected due to a Missing signature in SDWebImage.
The text was updated successfully, but these errors were encountered: