Electron app notarization fails "invalid signature" - local codesign passes

Unable to notarize Electron-based application. All notarization attempts fail with "The signature of the binary is invalid" for main executable and Electron Framework, despite passing local codesign verification.

ENVIRONMENT:

• macOS: 24.6.0 (Sequoia)
• Hardware: Apple M4 Max (arm64)
• electron-builder: 26.0.12
• Electron: 36.9.5 (also tested 37.10.2, 38.2.0)
• Certificate: Developer ID Application: AS LIVE MEDIA SP Z O O
• Team ID: 2KJ532SU3G
• Certificate validity: Oct 7 2025 - Oct 8 2030

PROBLEM: Every notarization submission fails with identical error for two binaries:

1. Contents/MacOS/PresentClic Desktop
2. Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework

Error message: "The signature of the binary is invalid." Architectures affected: Both x86_64 and arm64

CRITICAL CONTRADICTION: ✅ Local verification PASSES: $ codesign --verify --deep --strict "PresentClic Desktop.app" Result: valid on disk, satisfies Designated Requirement

❌ Apple notarization service FAILS: Error: "The signature of the binary is invalid"

LATEST SUBMISSION ID: 11e1a452-4ea7-4562-ac8e-5e76c39eeb6c

Local verification output shows all components validated:

• Electron Framework: validated ✅
• All helper apps: validated ✅
• All frameworks: validated ✅
• Main executable: valid on disk ✅
• Authority chain: Developer ID Application → Developer ID CA → Apple Root CA ✅
• Timestamp: Present ✅
• Runtime Version: 15.4.0 ✅

CONFIGURATION: Entitlements (build/entitlements.mac.plist):

• com.apple.security.cs.allow-jit: true
• com.apple.security.cs.allow-unsigned-executable-memory: true
• com.apple.security.cs.disable-library-validation: true
• com.apple.security.cs.allow-dyld-environment-variables: true
• com.apple.security.automation.apple-events: true
• Standard device/network/file entitlements

Build configuration:

• hardenedRuntime: true
• gatekeeperAssess: false (tested both true and false)
• entitlements and entitlementsInherit: properly configured

TROUBLESHOOTING STEPS ATTEMPTED (ALL FAILED):

1. ✅ Updated electron-builder from 24.13.3 to 26.0.12
2. ✅ Downgraded Electron 38 → 37 → 36
3. ✅ Tested x86_64 and arm64 separately
4. ✅ Regenerated certificate via Xcode (new cert generated 23/11/2025)
5. ✅ Configured App Store Connect API for notarization
6. ✅ Tested multiple entitlements combinations
7. ✅ Manual component-by-component re-signing
8. ✅ Removed all metadata files (._ files)
9. ✅ Tested both ZIP and DMG formats
10. ✅ Automatic electron-builder notarization
11. ✅ Manual notarization via xcrun notarytool
12. ✅ Custom afterSign hooks for re-signing
13. ✅ gatekeeperAssess true and false
14. ✅ Clean builds (removed dist/ directory)

ALL attempts result in identical failure. Local codesign verification ALWAYS passes.

QUESTIONS:

1. Why does local codesign --verify pass but Apple notarization service fails?
2. Is there a known issue with Electron Framework notarization on macOS Sequoia +

Apple Silicon? 3. Are there undocumented requirements for Electron apps that could cause this? 4. Could this be a bug in the notarization service for this specific configuration?

ADDITIONAL CONTEXT:

• Multiple notarization attempts over 24+ hours
• Different certificates, configurations, architectures - all fail identically
• No similar reports found in forums or GitHub issues
• Application functions correctly when Gatekeeper is bypassed
• This is blocking production distribution to macOS users

This appears to be either:

• A bug in Apple notarization service for Electron apps
• An incompatibility between electron-builder 26 + Electron 36/37 + macOS Sequoia +

Apple Silicon

The fact that local verification passes but notarization fails suggests the issue is with the notarization service validation logic, not the actual code signatures.

REQUEST: Need guidance on resolving this issue. Standard documentation and troubleshooting steps have not resolved the problem.

Thank you for any assistance. Staszek Pliszko