FIXED: Apple Notarization issue: “The signature of the binary is invalid.”. One other reason not explained in Apple Developer Documentation

TL;DR: Do not zip your app bundles using the zip command, instead use the “ditto -c -k –sequesterRsrc –keepParent” command, or you can manually right click on your bundle on Finder and click on the “Compress” option, the zip command alters the UTF binary encoding of the files and makes the signature invalid.


We just went through hell to get FrostWire for Mac notarized by Apple’s automated service.

Since FrostWire is not a regular Objective-C/Swift app, but a Java app, our (one-step) build process is done entirely using bash scripts on the terminal.

The Notarization process helped us realize we had some old binaries that we hadn’t compiled since Mac SDK 10.6, and it made us sign them with hardened runtime support, it also made us make sure that there were no hidden .DS_ files as these can also cause the app bundle to be considered invalid by Apple.

In the end we were able to sign our squeaky clean bundle and however we checked it, it appeared to have no errors with it whatsoever.




We’d always get the following error for our submission.


“The signature of the binary is invalid”

It was the damn .zip file

Thinking there was something wrong with our installer’s executable, we even re-built it using a custom Makefile and directly on the terminal, and not through an XCode project like we used to. As a plus, we think it’s much simpler now.

Between our signature checking on the local machine and the notarization submission there was one more step, compressing the into a file.

To zip our bundle before submitting it to the notarization service (altool –notarize-app), we were using the zip command available at /usr/bin/zip


And this was the problem. This “zip” command is not the same compression software used by the Finder when you right click on a file and hit “Compress”


it’s called Info-ZIP and it’s not made by Apple.

As soon as we zipped the with the Finder and then submitted that zip file, we were successful.

It appears that the /usr/bin/zip tool “is converting UTF-8 NFD charset to UTF-8 NFC. The new APFS filesystem supports both encodings unlike HFS+ where UTF-8 was always converted to UTF-8 NFD.”

This is why the code signature checks passed just fine on our end, but not on Apple’s side.



You can zip your bundle on your script with the “ditto” tool as if you were using the Finder, this way:


This issue is not mentioned on the Apple Developer Documentation “Resolving Common Notarization Issues” article,  hopefully it’ll make it to their ears and they’ll add this possible solution to their “Ensure a Valid Signature” section list of possible solutions and caveats.


2 thoughts on “FIXED: Apple Notarization issue: “The signature of the binary is invalid.”. One other reason not explained in Apple Developer Documentation

  1. Mate… This post is superb. The zip was the problem the whole time. I thought I was going mad signing the executable repeatedly, every which way.
    Changing to ditto did the trick instantly. Notarized without warnings. Cheers!

    1. Oh man, you made my day. I’m glad that I was able to help you in advance, it took me forever to figure that out, I was also going mad.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s