diff --git a/build.py b/build.py
index 9ced9933f..7e02dece1 100644
--- a/build.py
+++ b/build.py
@@ -38,8 +38,11 @@ def main():
         os.system('cargo build --release --features inline')
         # os.system('upx.exe target/release/rustdesk.exe')
         os.system('mv target/release/rustdesk.exe target/release/RustDesk.exe')
-        pa = os.environ['P']
-        os.system('signtool sign /a /v /p %s /debug /f .\\cert.pfx /t http://timestamp.digicert.com  target\\release\\rustdesk.exe'%pa)
+        pa = os.environ.get('P')
+        if pa:
+          os.system('signtool sign /a /v /p %s /debug /f .\\cert.pfx /t http://timestamp.digicert.com  target\\release\\rustdesk.exe'%pa)
+        else:
+          print('Not signed')
         os.system('cp -rf target/release/RustDesk.exe rustdesk-%s-putes.exe'%version)
     else:
         os.system('cargo bundle --release --features inline')
@@ -50,8 +53,33 @@ def main():
                 'cp libsciter.dylib target/release/bundle/osx/RustDesk.app/Contents/MacOS/')
             # https://github.com/sindresorhus/create-dmg
             os.system('/bin/rm -rf *.dmg')
+            plist = "target/release/bundle/osx/RustDesk.app/Contents/Info.plist"
+            txt = open(plist).read()
+            with open(plist, "wt") as fh:
+                fh.write(txt.replace("</dict>", """
+  <key>LSUIElement</key>    
+  <string>1</string>    
+</dict>"""))
+            pa = os.environ.get('P')
+            if pa:
+              os.system('''
+#not use rcodesign here because rcodesign will sign executable as mach-o
+#rcodesign sign --p12-file ~/.p12/rustdesk-developer-id.p12 --p12-password-file ~/.p12/.cert-pass --code-signature-flags runtime ./rustdesk-%(v).dmg
+# goto "Keychain Access" -> "My Certificates" for below id which starts with "Developer ID Application:"
+codesign -s "Developer ID Application: %(id)" --force --options runtime  ./target/release/bundle/osx/RustDesk.app/Contents/MacOS/*
+codesign -s "Developer ID Application: %(id)" --force --options runtime  ./target/release/bundle/osx/RustDesk.app
+'''%{"id": pa})
             os.system('create-dmg target/release/bundle/osx/RustDesk.app')
             os.rename('RustDesk %s.dmg'%version, 'rustdesk-%s.dmg'%version)
+            if pa:
+              os.system('''
+codesign -s "Developer ID Application: %(id)" --force --options runtime ./rustdesk-%(v).dmg
+# https://pyoxidizer.readthedocs.io/en/latest/apple_codesign_rcodesign.html
+rcodesign notarize --api-issuer 69a6de7d-2907-47e3-e053-5b8c7c11a4d1 --api-key 9JBRHG3JHT --staple ./rustdesk-%(v).dmg
+# verify:  spctl -a -t exec -v /Applications/RustDesk.app
+'''%{"v": version, "id": pa})
+            else:
+              print('Not signed')
         else:
             os.system('mv target/release/bundle/deb/rustdesk*.deb ./rustdesk.deb')
             os.system('dpkg-deb -R rustdesk.deb tmpdeb')