One of our apps got hit by the ITMS-91065: Missing Signature issue when we attempted to distribute it to externally via TestFlight. The email said FirebaseCore is missing the signature file within our own framework. After investigation, I realized our recent update to the version of Firebase that has the proper signatures and privacy manifest wasn't enough by itself.
Similar to Apple's own instructions on embedding static frameworks since Xcode 15, Firebase instructs us to select the Embed & Sign option. After making the appropriate changes though, we're getting the error in Transporter:
Asset validation failed (90085): No architectures in the binary
Our setup is as follows:
We have an analytics dynamic framework, which depends on Firebase's static framework. The Firebase related frameworks are embedded and signed in our analytics framework.
Our app depends on the analytics dynamic framework, which now includes Firebase frameworks within its framework. Since the Firebase frameworks are static, only the Info.plist and the resource bundle with privacy manifest and another Info.plist are included.
After searching online, some suggest it's because of the Info.plist included. For example, FirebaseCore.framework, which specifies CFBundleExecutable
yet it's not included within the framework itself. I don't expect the executable to get included here though.
I opened an issue on Firebase's Github, which has more information. I am not sure how to proceed from here. Is there something I am missing? I would appreciate assistance. Thank you.