I'm signing a small command line TCP listener for Mac M1 which usually signs and notarizes correctly using the following command: codesign --sign $IDENTITY --options runtime --timestamp server/executable In order to enrich the features of our listener we may need to load JVM library from Oracle, in order to be allowed to load a third party dyamic library I've introduced an entitlements plist file called macos-entlist.plist as follows: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.allow-jit</key> <false/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <false/> <key>com.apple.security.cs.disable-executable-page-protection</key> <false/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.get-task-allow</key> <false/> </dict> </plist> And changed my codesign command as follows: codesign --sign $IDENTITY --entitlements macos-entlist.plist --options runtime --timestamp server/executable After adding the entitlements feature to my codesigning and notarization logic my ZIP file still passes the notarization phase but when I try to run executable I get an error message saying that executable cannot be opened because the developer cannot be verified. The issue happens regardless the contents of macos-entlist.plist (eg: even setting all the values to false I still get the error) it seems that that the mere introduction of the parameter --entitlements macos-entlist.plist causes the executable to not be valid anymore despite the fact that the notarization phase succeeds. Curiously other command line executable files in my ZIP signed with the same codesign command are still running fine. Do you have any suggestions on how I can correctly introduce entitlements?