Xcode 12.4 Release

The Xcode 12.4 image has just been released and can be selected as follows:

  xcode: 12.4.0

Image Info

Xcode 12.4 Build version 12D4e is installed at /Applications/Xcode-12.4.app .

The following runtimes are installed:

  • iOS 13.7
  • iOS 14.4
  • tvOS 13.4
  • tvOS 14.3
  • watchOS 6.2
  • watchOS 7.2

The full manifest of installed software can be found here


I’m having intermittent failures with code signing when I use this image. (I require xcode 12.4.0 as in the snippet above)

I’m using certificates that were generated on Feb. 5, signed with the WWDR cert that expires in 2030, and I install my certificates & provisioning profiles using fastlane match. My build will intermittently fail with this error in my build logs:

[16:28:17]: ▸ Warning: unable to build chain to self-signed root for signer "<certificate name>"
[16:28:17]: ▸ /Users/distiller/Library/Developer/Xcode/DerivedData/<path to my target>: errSecInternalComponent
[16:28:17]: ▸ Command CodeSign failed with a nonzero exit code

I can usually restart my CircleCI build after a failure & will pass the second time; my build script always works when I run it from desktop. Since the intermediate & root certificates needed for code signing are always pre-loaded in Circle’s build VM and that seems to be the issue, it makes me wonder if something’s up on CircleCI’s end.

1 Like


This image contains Carthage 0.36.1 but we need Carthage 0.37.0 that supports XCFrameworks, any plan to update Carthage to 0.37.0?
For now we added a step in our .yml to update Carthage but it’s not optimal.

I resolved this issue myself. The reason my build was failing is that the xcode 12.4.0 VMs do not include the “new” WWDR Intermediate Certificate; I had to follow these instructions for enterprise projects:

Although the article says the steps are necessary for enterprise code signing, they’re now needed for App Store code signing as well, if your certificates were issued on/after Jan. 28:


For CircleCI staff: it’s crazy that you’re not pre-installing this new intermediate certificate in macOS VMs before you publish them. We customers shouldn’t have to be doing this for you…


I’m seeing some random code signing errors as well still, since this article was posted in September hopefully we can get these installed on all Mac images sometime soon? That’d be grand.

Sadly, that workaround does not work anymore because of the security enhancements introduced in macOS Big Sur (I found that out via our lovely eskimo).

We’re experiencing the same problem with the xcode 12.5 image.
Signing the app bundle gives an error:

codesign --sign <cert ID> --entitlements <entitlements_path> <app_bundle_path> --verbose

Warning: unable to build chain to self-signed root for signer "<cert_name>"

Attempting to import the certs:

sudo security import <cert_path>
security: SecKeychainItemImport: The specified item already exists in the keychain.

Attempting the workaround mentioned above that worked in MacOS <11 just hangs.
security add-trusted-cert -d -r trustRoot <certificate>

I guess the CircleCI needs to update their xcode 12.5 image?

Any workarounds?

The blog post patch (recently updated) no longer works on macOS 11 due to changes on Apple’s end.

The new certificate with the 2030 expiration already exists on the image.