Skip to content

Electron build for MacOS fails occasionally due to "self-signed root" error

We are building a application for MacOS using Electron. Everything worked fine until last week, when our old Developer ID certificate expired.

With the new certificate, the signing step occasionally fails with the following error:

Error: Command failed: codesign --sign 12445BAFDE06065BAE5BA5BC4F8477F14C0628D3 --force --keychain /var/folders/jl/y_m2j_x100g5rr9r1m79w01w0000gn/T/810e9d3087115860202e1043eefffbd2a2a148bc9cd267dd365df38776318f8c.keychain --timestamp --options runtime --entitlements /Users/gitlab/builds/proctorfree/client-gen4/build/entitlements.mac.inherit.plist /Users/gitlab/builds/proctorfree/client-gen4/dist/mac/ProctorFree.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Warning: unable to build chain to self-signed root for signer "Developer ID Application: ProctorFree Inc (64SGYFB3F9)"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  /Users/gitlab/builds/proctorfree/client-gen4/dist/mac/ProctorFree.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler: errSecInternalComponent

All builds (failed and successful) where executed on the following runner: orka-beta-gitlab-runner-68c5c56f64-kk79b y3jak6XV The successful jobs print Waiting for machine 251ac33c1f2b to boot..., while the failed ones print Waiting for machine 948a72e3abbce to boot.... Not sure how you spin up your executors, but maybe this is the difference?

I'm also attaching the Apple_Root_CA.cer which seems to cause issues in some cases (even though I guess this is the only one and standard Root CA of Apple?).

Please let me know