Warning: unable to build chain to self-signed root for signer "Apple Development:

The error that you are seeing "unable to build chain to self-signed root" means that a certificate being used cannot establish a chain of trust to a root. In this case it looks like a self-signed root. This usually means the self-signed root cannot be found, there's a missing WWDR intermediate certificate, or Keychain Access is being used to customize the trust settings on either the intermediate or root certificate. Can you tell me what type of app you are signing here and what the need is for a self signed root?

Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

I have same problem when building to debug in device, have no idea why it happened

Hi @meaton, I'm reproducing this issue by running

Code Block 
$ codesign -f -s "Apple Development: <myappacountemail> (myaccountid)" dist/MyAppName.app --deep
Warning: unable to build chain to self-signed root for signer "Apple Development: <myappacountemail> (myaccountid)"
dist/MyAppName.app: errSecInternalComponent

Where MyAppName is application developed in the PyQt5 framework with PyInstaller as the distribution bundler. According to the PyInstaller documentation, I set the following:

Code Block 
python3 -m PyInstaller ...
		--osx-bundle-identifier= "Apple Development: <myappacountemail> (myaccountid)"

Not sure if this helps but my .spec file includes this bundle instruction:

Code Block 
# -*- mode: python ; coding: utf-8 -*-
# MyAppName.spec -> as input for PyInstaller
...
app = BUNDLE(exe,
						name='MyAppName.app',
						icon='res/heartbeat.ico',
						bundle_identifier='com.guymeyer.myappname.ui',
						info_plist={
								'NSPrincipalClass': 'NSApplication', 
								'NSAppleScriptEnabled': False, 
								'CFBundleDocumentTypes': [{
										'CFBundleTypeName': 'py', 
										'CFBundleTypeIconFile': 'res/heartbeat.ico', 
										'LSItemContentTypes': ['com.guymeyer.myappname.ui'], 
										'LSHandlerRank': 'Owner'
								}] 
						})

To outline the issue better.. I'd like to distribute my app and require codesigning for installation on other macs. The program runs correctly but the icon does not appear in the launch-bar and codesigning fails consistently. I am quite new to codesigning and likely missing something 'obvious'.. Would really appreciate your help!

Tried to follow this links for help:
https://github.com/pyinstaller/pyinstaller/wiki/Recipe-OSX-Code-Signing

I'd be happy to provide more information regarding this issue.

• Guy

It looks like your Mac is missing the Apple Worldwide Developer Relations Certification Authority intermediate certificate. I’m not entirely sure how that’s installed normally — I think Xcode takes care of it — but you can manually download it from the Apple PKI page (it’s listed as WWDR Certificate).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

i just fixed by creating a HelloWorld project with Xcode and the problem was solved

Oh, cool. As discussed in Apple Worldwide Developer Relations Intermediate Certificate, modern versions of Xcode install the latest WWDR intermediate for you, and that’s likely why your HelloWorld project fixed your problem.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"