Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I permanently accept OSX firewall allow/deny confirmation when running python?

Overview

I am using the tornado web server within python on OSX Mt Lion. Every time I start the tornado server I get a popup and have to allow/deny incoming access to the application.

I have listed the python binary in System Preferences -> Security & Privacy -> Firewall as "allowing incoming connections" ... but I still get the popup every time.

I found one ref on the web that indicated that some apps can "check themselves for being signed". Is it possible that this is the problem and is therefore ignoring it as being listed?

I did confirm that:

codesign -vvv <path to python binary>

does yield:

<path to python binary>: invalid signature (code or signature have been modified)
In architecture: x86_64

This particular binary is installed with homebrew with the --framework flag (needed for wxpython).

Questions

  1. Why is my manual entry of the binary app in the firewall list being ignored?

  2. Is there an easy way to sign the binary myself such that I can click "automatically allow signed applications" and have it allowed thus not showing the popup window?

like image 422
Rocketman Avatar asked Apr 10 '13 21:04

Rocketman


2 Answers

(based on courteous' answer - thanks courteous)

codesign -f -s - /path/to/Python.app

worked for me (Lion asked only once afterwards, for the last time). -s - means Ad-hoc signing - no need for certificate at all.

like image 162
koli Avatar answered Oct 13 '22 01:10

koli


You can manually sign the app with codesign -s and a valid certificate of yours. I used the iPhone Developer certificate and Terminal command along the line of:

codesign -f -s "iPhone Developer: YourName"  "Tornado.app"

A possible workaround using an automated mouse click:

  1. Download CLIclick. (Thank you Carsten.)
  2. Put it in a suitable location, say /usr/local/bin.
  3. Get the Allow button's screen coordinates using 4. (In my example, these are x: 750, y: 600.)
  4. Create a script with this content (the w: is the wait time in ms):

    /usr/local/bin/cliclick c:750,600 w:1500 m:+0,+0 c:.

    (I couldn't get CLIclick to work without "moving" it to the same location (the m:+0,+0 part) and clicking again at the same spot (c:.).)

  5. Have the script run each time you start the server.
  6. Enjoy!
like image 20
Blaz Avatar answered Oct 13 '22 01:10

Blaz