Firewall refuses to add Python; MULTIPLE POP-UP alerts

On Sonoma I develop with gcloud and python2.7 and python3.9 from MacPorts. I always get MULTIPLE dialogue pop-ups when starting the python webserver in Terminal.app Choices are not remembered (neither block nor allow!!) I tried to solve that with socketfilterfw and codesign but it has NO effect at all. Questions like this creep around since 10 years on Stackexchange. I am searching since several hours for a solution of this problem.

Is there any solution?

20 : /opt/local/Library/Frameworks/Python.framework/Versions/3.9/Resources/Python.app ( Allow incoming connections )

21 : /opt/local/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app ( Allow incoming connections )

sudo codesign -s - -f /opt/local/Library/Frameworks/Python.framework/Versions/3.9/Resources/Python.app

Up vote post of katzlbt Down vote post of katzlbt
314 views
Posted by
katzlbt
Reply
Add a Comment

Replies

Various subsystems within macOS identify code using its designated requirement. See TN3127 Inside Code Signing: Requirements for a bunch of backstory about that.

The example you posted indicates that you’re using ad hoc signing, via the -s - option. Ad hoc signed code doesn’t have a DR and thus can’t be tracked by the system. I recommend that you switch to signing with a stable code signing identity. For day-to-day work like this, I recommend an Apple Development signing identity.

Be aware that, if you grant firewall access to a full-featured interpreter, like Python, then you’ve effectively disabled your firewall. Given that, it might be easier to just… well… disable the firewall.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • My goal is not to allow incoming connections (rejecting them is fully OK, as localhost works this way too) but to silence the alerts, one for each worker thread of the gunicorn webserver on startup. This is like an alert bomb each start. codesigning with my iOS developer cert fails too: Warning: unable to build chain to self-signed root for signer "Apple Development: ... (D4FRBR83K8)" /opt/local/Library/Frameworks/Python.framework/Versions/3.9/Resources/Python.app: errSecInternalComponent

    katzlbt

  • Oh great! I can even disable the firewall, and still get the pop-up alerts! :-(

    katzlbt
Add a Comment