Unable to codesign (error: CSSMERR_TP_NOT_TRUSTED)

I am trying to configure macOs image from shared runner to be able to build our iOS app.

  image: macos-11-xcode-12
  tags:
    - shared-macos-amd64

For this I have done following things to codesign my app:

1. Created Keychain
2. Unlocked Keychain
3. Imported Root CA and Apple WWDR Certificate
4. Imported Private Key
5. Imported Distribution Certificate

But still when I list codesigning identity, it does not show up in valid list. It shows the identity in matched identity with error CSSMERR_TP_NOT_TRUSTED :

... previous steps before this command are executed
security find-identity ~/Library/Keychains/MyKeychain
250 Policy: X.509 Basic
251   Matching identities
252   1) AXXXXXXXXXXXXXXXXXXXXXXXX9 "Apple Distribution: Company Name Here ([MASKED])" (CSSMERR_TP_NOT_TRUSTED)
253      1 identities found
254   Valid identities only
255      0 valid identities found

I am not being able to codesign my app because of this error. How can I solve it? I tried everything from this link also.

Here is the output when listing private key and certificates:

$ security find-key MyKeychain
119keychain: "/Users/gitlab/Library/Keychains/MyKeychain-db"
120version: 512
121class: 0x00000010 
122attributes:
123    0x00000000 <uint32>=0x00000010 
124    0x00000001 <blob>="Imported Private Key"
125    0x00000002 <blob>=<NULL>
126    0x00000003 <uint32>=0x00000001 
127    0x00000004 <uint32>=0x00000000 
128    0x00000005 <uint32>=0x00000000 
129    0x00000006 <blob>=0xxxxxxxxxxxxxxxxxxA  "\331\357Oj8-\025{\242h\264\237\225N\3260\364\216CJ"
130    0x00000007 <blob>=<NULL>
131    0x00000008 <blob>=0xxxxxxxxxxxxxxxxxxx2D383439612sssssssssssD00  "{871xxxxx-***-xxxx-xxxx-xxxxxxxxxxx}\000"


$ security verify-cert -v -k /Library/Keychains/System.keychain -c apple_wwdr.pem
230---
231Trust evaluation results
232{
233    TrustEvaluationDate = "2021-12-04 05:19:48 +0000";
234    TrustResultDetails =     (
235                {
236        },
237                {
238        }
239    );
240    TrustResultValue = 1;
241}
242...certificate verification successful.
243---
244Certificate chain
245 0: Apple Worldwide Developer Relations Certification Authority
246    <cert(0x7f92f2506230) s: Apple Worldwide Developer Relations Certification Authority i: Apple Root CA>
247 1: Apple Root CA
248    <cert(0x7f92f400a200) s: Apple Root CA i: Apple Root CA>



$ security verify-cert -v -k MyKeychain -p codeSign -c ios_distribution.cer
95---
96Trust evaluation results
97{
98    TrustEvaluationDate = "2021-12-04 05:19:48 +0000";
99    TrustResultDetails =     (
100                {
101        },
102                {
103        },
104                {
105        }
106    );
107    TrustResultValue = 1;
108}
109...certificate verification successful.
110---
111Certificate chain
112 0: Apple Distribution: Company Name ([MASKED])
113    <cert(0x7fad7cd0acf0) s: Apple Distribution: Company Name ([MASKED]) i: Apple Worldwide Developer Relations Certification Authority>
114 1: Apple Worldwide Developer Relations Certification Authority
115    <cert(0x7fad7e00b200) s: Apple Worldwide Developer Relations Certification Authority i: Apple Root CA>
116 2: Apple Root CA
117    <cert(0x7fad7e00ba00) s: Apple Root CA i: Apple Root CA>

Did you solve this problem? Any hint on this? I have the same problem

Hi @sosuren I have the same issue, I want to manually code sign and get the same error, did you find a way to solve the problem or any hint about this issue?