Reputation: 3524
How can I permanently accept OSX firewall allow/deny confirmation when running python?
Overview
I am using the tornado web server within python on OSX Mt Lion. Every time I start the tornado server I get a popup and have to allow/deny incoming access to the application.
I have listed the python binary in System Preferences -> Security & Privacy -> Firewall as "allowing incoming connections" ... but I still get the popup every time.
I found one ref on the web that indicated that some apps can "check themselves for being signed". Is it possible that this is the problem and is therefore ignoring it as being listed?
I did confirm that:
codesign -vvv <path to python binary>
does yield:
<path to python binary>: invalid signature (code or signature have been modified)
In architecture: x86_64
This particular binary is installed with homebrew with the --framework flag (needed for wxpython).
Questions
Why is my manual entry of the binary app in the firewall list being ignored?
Is there an easy way to sign the binary myself such that I can click "automatically allow signed applications" and have it allowed thus not showing the popup window?
Upvotes: 8
Views: 4533
Answers (2)
Reputation: 181
(based on courteous' answer - thanks courteous)
codesign -f -s - /path/to/Python.app
worked for me (Lion asked only once afterwards, for the last time). -s - means Ad-hoc signing - no need for certificate at all.
Upvotes: 13
Reputation: 3618
You can manually sign the app with codesign -s and a valid certificate of yours. I used the iPhone Developer certificate and Terminal command along the line of:
codesign -f -s "iPhone Developer: YourName" "Tornado.app"
A possible workaround using an automated mouse click:
- Download CLIclick. (Thank you Carsten.)
- Put it in a suitable location, say
/usr/local/bin. - Get the
Allowbutton's screen coordinates using ⌘⇧4. (In my example, these are x: 750, y: 600.) Create a script with this content (the
w:is the wait time in ms):/usr/local/bin/cliclick c:750,600 w:1500 m:+0,+0 c:.(I couldn't get
CLIclickto work without "moving" it to the same location (them:+0,+0part) and clicking again at the same spot (c:.).)- Have the script run each time you start the server.
- Enjoy!
Upvotes: 1
Related Questions
- How to allow Python.app to firewall on Mac OS X?
- How to Read and Add Rules in Windows Firewall with Python
- Do you want the application to accept incoming network connection?
- How to prevent OSX popup for incoming connections for Python app?
- python corporate firewall proxy 407 authentication required error
- Add Rich Rules in Firewalld using Python3 Loop
- How do i make a python program allow itself through firewall?
- Allow Python.app on El Capitan (OS X)
- Transparent solution for bypassing local outgoing firewalls for python scripts
- Run Flask without sudo?