-
-
Notifications
You must be signed in to change notification settings - Fork 6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
App Rejected due to ITMS-91065: Missing signature in SDWebImage #3709
Comments
Are you use CocoaPods, SPM or Manual build the XCFramework ? We have 3 package managers support actually I don't think this the SDK issue, seems a |
If you sign the XCFramework by yourself, maybe this can be solved. |
I guess this related to https://github.com/SDWebImage/SDWebImage/blob/master/Scripts/create-xcframework.sh We need to sign the XCFramework, not build only: https://developer.apple.com/documentation/xcode/creating-a-multi-platform-binary-framework-bundle |
We are using SDWebImage SDK using Carthage with XCFramework. |
Seems known issue. You can codesign yourself for the built XCFramework, see: https://stackoverflow.com/questions/27474751/how-can-i-codesign-an-app-without-being-in-the-mac-developer-program
And I'll remove the Carthage support later, we will build XCFramework ourselves and release on GitHub release pages. No longer source code level support for Carthage. The Carthage's pipeline design is wrong. It requires SDK client (you) to codesign, which is un-avoidable to cause the suply chain attacking. |
ITMS-91065: Missing signature - Your app includes “Frameworks/SDWebImage.framework/SDWebImage”, which includes SDWebImage, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. If a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a signature file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a signature. For details about verifying the code signature for a third-party SDK, visit: https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks.
We have used - https://github.com/SDWebImage/SDWebImage/releases/tag/5.18.12 version in our code.
Can you please look into why our app is rejected due to a Missing signature in SDWebImage.
The text was updated successfully, but these errors were encountered: