diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 5c6f97d9..a1002a53 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -310,17 +310,17 @@ jobs:
       with:
         xcode-version: '14.3.1'
 
-    - name: 'Install Qt'
-    uses: jurplel/install-qt-action@v3
-    with:
-      version: ${{ env.QT_VERSION }}
-      host: 'mac'
-      target: 'desktop'
-      arch: 'clang_64'
-      dir: ${{ runner.temp }}
-      setup-python: 'true'
-      set-env: 'true'  # This will set QT_PATH
-      extra: '--external 7z --base https://mirrors.ocf.berkeley.edu/qt/'
+    - name: 'Install desktop Qt'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'mac'
+        target: 'desktop'
+        modules: 'qtremoteobjects qt5compat qtshadertools qtmultimedia'
+        arch: 'clang_64'
+        dir: ${{ runner.temp }}
+        set-env: 'true'
+        extra: '--base ${{ env.QT_MIRROR }}'
     - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
       run: |
         mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
diff --git a/deploy/build_macos_ne.sh b/deploy/build_macos_ne.sh
index 283e4474..8ea93b5e 100755
--- a/deploy/build_macos_ne.sh
+++ b/deploy/build_macos_ne.sh
@@ -147,3 +147,39 @@ if [ "${MAC_CERT_PW+x}" ]; then
   echo "Signing installer bundle..."
   security unlock-keychain -p $TEMP_PASS $KEYCHAIN
   /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $INSTALLER_BUNDLE_DIR
+  /usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true
+
+  if [ "${NOTARIZE_APP+x}" ]; then
+    echo "Notarizing installer bundle..."
+    /usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip
+    xcrun notarytool submit $PROJECT_DIR/Installer_bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    rm $PROJECT_DIR/Installer_bundle_to_notarize.zip
+    sleep 300
+    xcrun stapler staple $INSTALLER_BUNDLE_DIR
+    xcrun stapler validate $INSTALLER_BUNDLE_DIR
+    spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true
+  fi
+fi
+
+echo "Building DMG installer..."
+hdiutil create -size 256mb -volname AmneziaVPN -srcfolder $BUILD_DIR/installer/$APP_NAME.app -ov -format UDZO $DMG_FILENAME
+
+if [ "${MAC_CERT_PW+x}" ]; then
+  echo "Signing DMG installer..."
+  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $DMG_FILENAME
+  /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true
+
+  if [ "${NOTARIZE_APP+x}" ]; then
+    echo "Notarizing DMG installer..."
+    xcrun notarytool submit $DMG_FILENAME --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    sleep 300
+    xcrun stapler staple $DMG_FILENAME
+    xcrun stapler validate $DMG_FILENAME
+  fi
+fi
+
+echo "Finished, artifact is $DMG_FILENAME"
+
+# restore keychain
+security default-keychain -s login.keychain