CI - Warning: unable to build chain to self-signed root for signer

See Resolving errSecInternalComponent errors during code signing, and specifically Fixing an untrusted code signing certificate.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you for the answer, I already went over this document.

I have problems only with SSH and CI. In the logged-in session, application is signed successfully.

Steps I took over SSH:

% security find-identity -p codesigning

Policy: Code Signing
  Matching identities
  1) 4E7CC0830457446B065A4EEA4CE259E9C3F8107C "Apple Development: <old one>" (CSSMERR_TP_CERT_EXPIRED)
  2) E89C6BAEF24BCB768B27A482DF05F5C4623977AE "Developer ID Application: <new one>"
  3) E89C6BAEF24BCB768B27A482DF05F5C4623977AE "Developer ID Application: <new one>"
     3 identities found

  Valid identities only
  1) E89C6BAEF24BCB768B27A482DF05F5C4623977AE "Developer ID Application: <new one>"
  2) E89C6BAEF24BCB768B27A482DF05F5C4623977AE "Developer ID Application: <new one>"
     2 valid identities found

Then,

% security list-keychains

    "/Users/ec2-user/Library/Keychains/login.keychain-db"
    "/Library/Keychains/System.keychain"

% security unlock-keychain

% codesign -s "Developer ID Application..." -f test1

test1: replacing existing signature
Warning: unable to build chain to self-signed root for signer "Developer ID Application..."
test1: errSecInternalComponent

What do you think?

What do you think?

I think you should work through the remaining steps in Fixing an untrusted code signing certificate. The info in your most recent reply rules out the certificate having expired, so now you need to rule out a missing issue and trust settings override.

It’s best to do this from the GUI to start off with. Once you’ve got that working, you can return to the SSH side of this.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"