Electron app notarization fails "invalid signature" - local codesign passes

Unable to notarize Electron-based application. All notarization attempts fail with "The signature of the binary is invalid" for main executable and Electron Framework, despite passing local codesign verification.

ENVIRONMENT:

  • macOS: 24.6.0 (Sequoia)
  • Hardware: Apple M4 Max (arm64)
  • electron-builder: 26.0.12
  • Electron: 36.9.5 (also tested 37.10.2, 38.2.0)
  • Certificate: Developer ID Application: AS LIVE MEDIA SP Z O O
  • Team ID: 2KJ532SU3G
  • Certificate validity: Oct 7 2025 - Oct 8 2030

PROBLEM: Every notarization submission fails with identical error for two binaries:

  1. Contents/MacOS/PresentClic Desktop
  2. Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework

Error message: "The signature of the binary is invalid." Architectures affected: Both x86_64 and arm64

CRITICAL CONTRADICTION: ✅ Local verification PASSES: $ codesign --verify --deep --strict "PresentClic Desktop.app" Result: valid on disk, satisfies Designated Requirement

❌ Apple notarization service FAILS: Error: "The signature of the binary is invalid"

LATEST SUBMISSION ID: 11e1a452-4ea7-4562-ac8e-5e76c39eeb6c

Local verification output shows all components validated:

  • Electron Framework: validated ✅
  • All helper apps: validated ✅
  • All frameworks: validated ✅
  • Main executable: valid on disk ✅
  • Authority chain: Developer ID Application → Developer ID CA → Apple Root CA ✅
  • Timestamp: Present ✅
  • Runtime Version: 15.4.0 ✅

CONFIGURATION: Entitlements (build/entitlements.mac.plist):

  • com.apple.security.cs.allow-jit: true
  • com.apple.security.cs.allow-unsigned-executable-memory: true
  • com.apple.security.cs.disable-library-validation: true
  • com.apple.security.cs.allow-dyld-environment-variables: true
  • com.apple.security.automation.apple-events: true
  • Standard device/network/file entitlements

Build configuration:

  • hardenedRuntime: true
  • gatekeeperAssess: false (tested both true and false)
  • entitlements and entitlementsInherit: properly configured

TROUBLESHOOTING STEPS ATTEMPTED (ALL FAILED):

  1. ✅ Updated electron-builder from 24.13.3 to 26.0.12
  2. ✅ Downgraded Electron 38 → 37 → 36
  3. ✅ Tested x86_64 and arm64 separately
  4. ✅ Regenerated certificate via Xcode (new cert generated 23/11/2025)
  5. ✅ Configured App Store Connect API for notarization
  6. ✅ Tested multiple entitlements combinations
  7. ✅ Manual component-by-component re-signing
  8. ✅ Removed all metadata files (._ files)
  9. ✅ Tested both ZIP and DMG formats
  10. ✅ Automatic electron-builder notarization
  11. ✅ Manual notarization via xcrun notarytool
  12. ✅ Custom afterSign hooks for re-signing
  13. ✅ gatekeeperAssess true and false
  14. ✅ Clean builds (removed dist/ directory)

ALL attempts result in identical failure. Local codesign verification ALWAYS passes.

QUESTIONS:

  1. Why does local codesign --verify pass but Apple notarization service fails?
  2. Is there a known issue with Electron Framework notarization on macOS Sequoia +

Apple Silicon? 3. Are there undocumented requirements for Electron apps that could cause this? 4. Could this be a bug in the notarization service for this specific configuration?

ADDITIONAL CONTEXT:

  • Multiple notarization attempts over 24+ hours
  • Different certificates, configurations, architectures - all fail identically
  • No similar reports found in forums or GitHub issues
  • Application functions correctly when Gatekeeper is bypassed
  • This is blocking production distribution to macOS users

This appears to be either:

  • A bug in Apple notarization service for Electron apps
  • An incompatibility between electron-builder 26 + Electron 36/37 + macOS Sequoia +

Apple Silicon

The fact that local verification passes but notarization fails suggests the issue is with the notarization service validation logic, not the actual code signatures.

REQUEST: Need guidance on resolving this issue. Standard documentation and troubleshooting steps have not resolved the problem.

Thank you for any assistance. Staszek Pliszko

Electron app notarization fails "invalid signature" - local codesign passes
 
 
Q