ITMS-90334 error when executing a Xcode Cloud TestFlight build

Same issue for us. Works fine manually via Xcode.

Trigger Xcode Cloud build. 2 of our packages result in the same error.

The packages are pure Swift. Our codebase is pure swift. It is an iOS app.

Hi, has anyone had any luck with this? I have the exact same problem.

I tried fetching the archive from the Xcode Cloud build artifacts, replace the "Frameworks" directory with one from a local build, tried the validation from the Xcode Organizer and it worked.

I also opened the framework binaries with an hex editor, and those built with Xcode Cloud have those bogus identifiers (which btw all begin with 55554944), whereas the ones built locally have my Team ID.

I have absolutely no idea how to change this when building from Xcode Cloud, but maybe it's a hint?

I also have same issue. My issues resulted by RxSwift from SPM.

For me it was related to static vs dynamic builds, detailed it here: https://stackoverflow.com/questions/72291080/itms-90334-invalid-code-signature-identifier-when-building-via-xcode-cloud/73653319#73653319

There is an issue with Ad-Hoc signing of dynamic libraries built either through a Swift Package, or through an Xcode target with a non-standard Bundle ID (i.e. one not using reverse DNS format), resulting in the ITMS-90334 error message. We'd appreciate getting reports of this filed through Feedback Assistant, and then posting the FB number here so that I can follow-up on the reports internally. Even if the following workaround information is helpful to you, we'd still appreciate getting the Feedback reports.

The best practice for Swift packages is to not explicitly specify the LibraryType in the Product. By not specifying this value, you let Xcode decide the best linkage type for your app's usage of the package. If you have a package that is explicitly marked as dynamic, removing the library type means Xcode will link the package statically if the package is only imported by one target, which will avoid the issue.

If the package is imported by more than one target, Xcode will choose dynamic linkage if the LibraryType is not specified; manually selecting static in this scenario is not a workaround, as it will introduce duplicate symbol issues into the app. To workaround the issue in this scenario, refactor how your targets are structured, reducing the reliance on the package to a single target, so that this becomes the first scenario I described where Xcode can safely link the library statically while avoiding the code signing error, as well as avoiding duplicate symbol issues.

macOS 13.1 beta 4 addresses the issue creating ITMS-90334: Invalid Code Signature Identifier in Xcode Cloud. No update to Xcode is necessary to address the issue. This beta was released yesterday, and is available in Xcode Cloud when you configure a workflow to specify the macOS version used to execute your build. As this version is currently a beta, it is only available as part of the "Latest Beta or Release" macOS configuration, or as a dedicated choice for the macOS version, at this time.

If you find this issue is not addressed with this configuration change to your Xcode Cloud workflow, continue to provide us feedback through Feedback Assistant, and share the FB numbers here so I can follow up on them.