I am reaching out regarding a persistent issue I have been facing with code signing. Despite extensive troubleshooting, I am unable to resolve the problem, and I would greatly appreciate your assistance.
When attempting to sign my electron application with codesign with the following command:
codesign --keychain ~/Library/Keychains/login.keychain --sign “Developer ID Application: MYNAME (DEV-ID)” --force --timestamp --options runtime --verbose=4 dist/mac-arm64/my.app
I receive the following error message:
“Warning: unable to build chain to self-signed root for signer ‘Developer ID Application: MYNAME (DEV-ID)‘“.
This prevents me from successfully completing the code signing and notarization process.
To resolve this, I have meticulously tried to troubleshoot the problem. Here are the steps taken so far:
- Imported Certificates into Keychains:
- I imported all necessary certificates (including Developer ID Application, Developer ID Certification Authority, Apple Root CA and Apple Root CA - G2) into the keychain.
- I tested with both the System and Login keychains (one at a time to avoid errors due to duplicates)
- Checked Trust Settings:
- I confirmed that the trust settings for the certificates are properly configured to “Always Trust.”
- I verified the private key is present in Keychain Access and is properly linked to the public certificate.
- Ensured valid identity:
- I ensured that the correct Developer ID identity is valid and the associated private key is available (security find-identity -v -p codesigning and security find-key -t private | grep “MY NAME”)
- Ensured keychain access permissions:
- I ensured that the respective keychain has access permissions (security set-key-partition-list -S apple-tool:,apple: -s -k <keychain-password> ~/Library/Keychains/login.keychain)
- Verified matching Issuer and Subject to build certificate chain:
- I verified that the Issuer and Subject fields in the certificates show the correct references to build the certificate chain.
- Deleted and Re-imported Certificates:
- I deleted and re-imported the certificates multiple times to ensure there were no import issues or corruption in the certificates.
- Tested simplified setup:
- I attempted to sign simple files, such as a plain .txt file, using the Developer ID Application certificate
- I also attempted signing with minimal flags to rule out any issues with the app structure or build configuration
- Updated Xcode Command Line Tools
One potential factor is that I am signing the application on a different machine from the one where the certificates were originally generated. I included the private key when exporting the certificate as a .p12 file from the original computer and imported it into the second computer’s keychain. This second computer is not connected to iCloud, and I suspect this could potentially affect the signing process.
Despite all these efforts, the issue persists, and I am unable to identify the root cause. I would greatly appreciate your guidance on resolving this matter so I can successfully complete the code signing and notarization process.
Thank you for your time and support.