I am experiencing a persistent issue when trying to sign my application, PhotoKiosk.app, using codesign. The process consistently fails with the error errSecInternalComponent, and my troubleshooting indicates the problem is with how the system accesses or validates my certificate's trust chain, rather than the certificate itself.
Error Details and Configuration: codesign command executed: codesign --force --verbose --options=runtime --entitlements /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/entitlements.plist --sign "Developer ID Application: Sérgio Mordente (G75SJ6S9NC)" /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app
Error message received: Warning: unable to build chain to self-signed root for signer "(null)" /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app: errSecInternalComponent
Diagnostic Tests and Verifications Performed: Code Signing Identity Validation:
I ran the command security find-identity -v -p codesigning, which successfully confirmed the presence and validity of my certificate in the Keychain.
The command output correctly lists my identity: D8FB11D4C14FEC9BF17E699E833B23980AF7E64F "Developer ID Application: Sérgio Mordente (G75SJ6S9NC)"
This suggests that the certificate and its associated private key are present and functional for the system.
Keychain Certificate Verification:
The "Apple Root CA - G3 Root" certificate is present in the System Roots keychain.
The "Apple Worldwide Developer Relations Certification Authority (G6)" certificate is present and shown as valid.
The trust setting for my "Developer ID Application" certificate is set to "Use System Defaults".
Attempted Certificate Export via security:
To further diagnose the problem, I attempted to export the certificate using the security find-certificate command with the exact name of my identity.
Command executed (using double quotes): security find-certificate -c -p "Developer ID Application: Sérgio Mordente (G75SJ6S9NC)" > mycert.pem
Error message: security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
The same error occurred when I tried with single quotes.
This result is contradictory to the output of find-identity, which successfully located the certificate. This suggests an internal inconsistency in the Keychain database, where the certificate is recognized as a valid signing identity but cannot be located via a simple certificate search.
Additional Troubleshooting Attempts:
I have already recreated the "Developer ID Application" certificate 4 times (I am at the limit of 5), and the issue persists with all of them.
The application has been rebuilt, and the codesign command was run on a clean binary.
Conclusion: The problem appears to be an internal macOS failure to build the trust chain for the certificate, as indicated by the errSecInternalComponent error. Although the certificate is present and recognized as a valid signing identity by find-identity, the codesign tool cannot complete the signature. The failure to find the certificate with find-certificate further supports the suspicion of an inconsistency within the keychain system that goes beyond a simple certificate configuration issue.
I would appreciate any guidance on how to resolve this, especially given that I am at my developer certificate limit and cannot simply generate a new one.