So we finally seem to have solved our problem with a post-build script that moves all embedded frameworks to "APP.app/Frameworks" (and re-signs everything):
cd "${CODESIGNING_FOLDER_PATH}/Frameworks/"
for framework in *; do
if [ -d "$framework" ]; then
if [ -d "${framework}/Frameworks" ]; then
echo "Moving embedded frameworks from ${framework} to ${PRODUCT_NAME}.app/Frameworks"
cp -R "${framework}/Frameworks/" .
rm -rf "${framework}/Frameworks"
fi
fi
done
if [ [ "${CONFIGURATION}" == "Debug" ] & [ "${SDKROOT}" != *Simulator* ] ] ; then
find "${CODESIGNING_FOLDER_PATH}" -name "*.framework" -print0 | while read -d $'\\0' framework
do
if [ "${framework}" != "NULL" ] ; then
codesign --force --deep --sign "${EXPANDED_CODE_SIGN_IDENTITY}" --preserve-metadata=identifier,entitlements --timestamp=none "${framework}"
fi
done
echo "Resigning ${PRODUCT_NAME}.app after moving frameworks"
codesign --force --deep --sign "${EXPANDED_CODE_SIGN_IDENTITY}" --preserve-metadata=identifier,entitlements --timestamp=none "${CODESIGNING_FOLDER_PATH}"
else
echo "Info: CODESIGNING is only needed for Debug on device (will be re-signed anyway when archiving) "
fi
This has also solved this problem for us: SwiftPM binaryTarget dependency and code signing