CodeSigning issue when running the script in SSH

It seems like you're encountering a code signing issue when running your Fastlane script through Jenkins. Have you ensured that Jenkins has the necessary permissions and access to your keychain and provisioning profiles? Double-checking the environment variables, ensuring Jenkins is using the correct keychain, and verifying that the required certificates are available to Jenkins might help resolve the problem. Additionally, make sure the login keychain is unlocked before running the script within the Jenkins environment. If you've already tried these steps, please provide more details about your setup for further assistance.

I’m not sure what’s going on in your specific case, but I have some general instructions for debugging problems like this in Resolving errSecInternalComponent errors during code signing.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi,

I have followed the methods mentioned in the post mentioned by you, but I'm still facing the same issue.

I have given Always Allow in the popup when I tried to sign a local file with the identity from the login.keychain, It is working without any popup in the EC2, but but failing when signing from the local, Is both the issue related?

codesign --force --sign [Identity_in_login_keychain] test.txt
test.txt: replacing existing signature
Warning: unable to build chain to self-signed root for signer "Apple Development: ...."
test.txt: errSecInternalComponent

Just to add more details, I'm on a Mac instance running Ventura 13.4

The unable to build chain to self-signed root error is addressed in the ‘child’ post of the post I linked to, Fixing an untrusted code signing certificate.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for the guidance, but we are still facing the issue, Not just in Jenkins but also in SSH. As mentioned in the earlier comments, we have tried the unlock keychain command and also made the certificates to be accessed by all applications.

we have tried the unlock keychain command and also made the certificates to be accessed by all applications.

I’m confused, because neither of the above-mentioned debugging steps are in the advice from the second post. The most likely cause of the unable to build chain to self-signed root error is a missing intermediate.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi @eskimo, I'm not sure what do you mean by the intermediate. Can you please elaborate more on that?

I’m referring to the WWDR (Worldwide Developer Relations) intermediate certificate. The post I referenced goes into this in some detail.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

This behavior sounds similar to the behavior I encountered here: https://developer.apple.com/forums/thread/737019 Have you tried adding the intermediate certificate (as described in eskimo's post) to the root user's keychain on the EC2 instance? Intermediate WWDR certificates can be downloaded here and would need to be whichever is specified in your development certificate (in my case it was Worldwide Developer Relations - G3)