I am runnning persistent notarization issues with my macOS Electron application.

Despite multiple attempts to resolve these issues, the notarization status remains “Invalid,” and the errors in the report are consistent.

What I’m doing

Sign the code like this
codesign –sign “Apple Distribution: Name Lastname (123456)” –deep –force –timestamp=auto path/to/Application.app

I then get: Application.app: replacing existing signature

I then verify the signing with:
codesign –verify –deep –strict –verbose=4 path/to/Application.app

I then get: –prepared:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework –validated:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework –prepared:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework –validated:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework Application.app: valid on disk Application.app: satisfies its Designated Requirement

I then build:
npm build

I then package:
zip -r Application.zip Application.app

I then upload:
xcrun notarytool submit Application.zip –apple-id your-apple-id –team-id your-team-id –password your-app-specific-password

Then I check for status and I get:
Successfully received submission info createdDate: 2024-08-15T18:21:31.520Z id: 55daf39a-4be9-4dd6-a490-1890d33f9e75 name: Application.zip status: Invalid

In the report generated I get issues like:

“path”: “path/to/Application.app/Contents/Frameworks/SomeFramework.framework/SomeFramework”, “message”: “The signature of the binary is invalid.”, “docUrl”: “https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735”, “architecture”: “arm64”

and

“path”: “path/to/Application.app/Contents/Frameworks/SomeFramework.framework/Versions/Current/Helpers/chrome_crashpad_handler”, “message”: “The signature does not include a secure timestamp.”, “docUrl”: “https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733”, “architecture”: “arm64”

What am I doing wrong? I tried signing each issue separately and rerun the entire process, it’s not working.