diff --git a/.github/actions/package-macos/action.yaml b/.github/actions/package-macos/action.yaml
index 7e9a3cf9d..99b225576 100644
--- a/.github/actions/package-macos/action.yaml
+++ b/.github/actions/package-macos/action.yaml
@@ -55,10 +55,18 @@ runs:
         fi
         git clone --depth 1 --branch OTP-${{ inputs.otp }} https://github.com/emqx/otp.git "$OTP_SOURCE_PATH"
         cd "$OTP_SOURCE_PATH"
+        if [ "$(arch)" = arm64 ]; then
+            export LDFLAGS="-L$(brew --prefix unixodbc)/lib"
+            export CC="/usr/bin/gcc -I$(brew --prefix unixodbc)/include"
+        fi
         ./configure --disable-dynamic-ssl-lib --with-ssl=$(brew --prefix openssl@1.1) --disable-hipe --disable-jit --prefix="$OTP_INSTALL_PATH"
         make -j$(nproc)
         rm -rf "$OTP_INSTALL_PATH"
         make install
+        if [ "$(arch)" = arm64 ]; then
+            unset LDFLAGS
+            unset CC
+        fi
     - name: build
       env:
         HOMEBREW_NO_AUTO_UPDATE: 1
diff --git a/scripts/macos-sign-binaries.sh b/scripts/macos-sign-binaries.sh
index 135730694..b41c8088d 100755
--- a/scripts/macos-sign-binaries.sh
+++ b/scripts/macos-sign-binaries.sh
@@ -21,9 +21,16 @@ REL_DIR="${1}"
 PKSC12_FILE="$HOME/developer-id-application.p12"
 base64 --decode > "${PKSC12_FILE}" <<<"${APPLE_DEVELOPER_ID_BUNDLE}"
 
-KEYCHAIN='emqx.keychain-db'
+KEYCHAIN="emqx-$(date +%s).keychain-db"
 KEYCHAIN_PASSWORD="$(openssl rand -base64 32)"
 
+trap cleanup EXIT
+
+function cleanup {
+    set +e
+    security delete-keychain "${KEYCHAIN}" 2>/dev/null
+}
+
 security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}"
 security set-keychain-settings -lut 21600 "${KEYCHAIN}"
 security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}"
@@ -64,3 +71,5 @@ for f in \
     ; do
     find "${REL_DIR}"/lib/ -name "$f" -exec codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --timestamp --options=runtime {} \;
 done
+
+cleanup