I am trying to configure Gitlab Runner (macOS 11 no GUI) to be able to build our iOS app.
For this I have done following things to codesign my app:
- Created Keychain
- Unlocked Keychain
- Imported Root CA and Apple WWDR Certificate
- Imported Private Key
- Imported Distribution Certificate
But still when I list codesigning identity, it does not show up in valid list. It shows the identity in mached identity with error CSSMERR_TP_NOT_TRUSTED
:
... previous steps before this command are executed
security find-identity ~/Library/Keychains/MyKeychain
250 Policy: X.509 Basic
251 Matching identities
252 1) AXXXXXXXXXXXXXXXXXXXXXXXX9 "Apple Distribution: Company Name Here ([MASKED])" (CSSMERR_TP_NOT_TRUSTED)
253 1 identities found
254 Valid identities only
255 0 valid identities found
I am not being able to codesign my app because of this. How can I solve it? I tried everything from this link also
Here are the output when listing private key and certificates:
$ security find-key MyKeychain
119keychain: "/Users/gitlab/Library/Keychains/MyKeychain-db"
120version: 512
121class: 0x00000010
122attributes:
123 0x00000000 <uint32>=0x00000010
124 0x00000001 <blob>="Imported Private Key"
125 0x00000002 <blob>=<NULL>
126 0x00000003 <uint32>=0x00000001
127 0x00000004 <uint32>=0x00000000
128 0x00000005 <uint32>=0x00000000
129 0x00000006 <blob>=0xxxxxxxxxxxxxxxxxxA "\331\357Oj8-\025{\242h\264\237\225N\3260\364\216CJ"
130 0x00000007 <blob>=<NULL>
131 0x00000008 <blob>=0xxxxxxxxxxxxxxxxxxx2D383439612sssssssssssD00 "{871xxxxx-***-xxxx-xxxx-xxxxxxxxxxx}\000"
$ security verify-cert -v -k /Library/Keychains/System.keychain -c apple_wwdr.pem
230---
231Trust evaluation results
232{
233 TrustEvaluationDate = "2021-12-04 05:19:48 +0000";
234 TrustResultDetails = (
235 {
236 },
237 {
238 }
239 );
240 TrustResultValue = 1;
241}
242...certificate verification successful.
243---
244Certificate chain
245 0: Apple Worldwide Developer Relations Certification Authority
246 <cert(0x7f92f2506230) s: Apple Worldwide Developer Relations Certification Authority i: Apple Root CA>
247 1: Apple Root CA
248 <cert(0x7f92f400a200) s: Apple Root CA i: Apple Root CA>
$ security verify-cert -v -k MyKeychain -p codeSign -c ios_distribution.cer
95---
96Trust evaluation results
97{
98 TrustEvaluationDate = "2021-12-04 05:19:48 +0000";
99 TrustResultDetails = (
100 {
101 },
102 {
103 },
104 {
105 }
106 );
107 TrustResultValue = 1;
108}
109...certificate verification successful.
110---
111Certificate chain
112 0: Apple Distribution: Company Name ([MASKED])
113 <cert(0x7fad7cd0acf0) s: Apple Distribution: Company Nmae ([MASKED]) i: Apple Worldwide Developer Relations Certification Authority>
114 1: Apple Worldwide Developer Relations Certification Authority
115 <cert(0x7fad7e00b200) s: Apple Worldwide Developer Relations Certification Authority i: Apple Root CA>
116 2: Apple Root CA
117 <cert(0x7fad7e00ba00) s: Apple Root CA i: Apple Root CA>