Do you want the application to accept incoming network connection?

前端 未结 3 546
陌清茗
陌清茗 2021-01-12 18:11

I have two C binaries which tries to open network connection for communication.

This is for external communication. When i run that for the first time, OS X\' firew

相关标签:
3条回答
  • 2021-01-12 19:03

    You can resolve this by signing the offending application binary yourself.

    Disclaimer: Signing an application yourself will make an application appear more
    secure to the operating system, when in reality it isn’t. Only sign applications
    that you are 100% sure are not spyware or otherwise malicious. If you have any
    doubts, just uninstall/reinstall.
    

    Part 1: Create a Signing Identity

    The solution I’m going for – signing the app myself – requires that I create a Signing Identity, also known as Signing Certificate. This is very easy to do:

    1. Open Applications > Utilities > Keychain Access.
    2. From the Keychain Access menu, choose Certificate Assistant > Create a Certificate.
    3. Fill in a name for the certificate. This name appears in the Keychain Access utility as the name of the certificate. This is also the name you will use when referencing this certificate. Personally, I used the name, “My Signing Identity.”
    4. Choose Code Signing from the Certificate Type menu.
    5. Choose Self Signed Root from the Type popup menu.
    6. Check the Let me override defaults checkbox.
    7. Click Continue.
    8. Specify a serial number for the certificate. Any number will do as long as you have no other certificate with the same name and serial number.
    9. Click Continue.
    10. Fill in the information for the certificate. You can use real or fake data, I used real data personally.
    11. Click Continue.
    12. Accept the defaults for the rest of the dialogs.

    Once completed, you will see your certificate in Keychain Access. Verify the name you picked, and you’re done with this step. Well done!

    Step 2: (Re-)Sign your application

    Now you have to sign your application. To do this, open up Terminal again and use the following command:

    codesign -s "My Signing Identity" -f /path/to/your/binary/app
    

    A dialog will appear, click "Allow".

    Now start your application again. You will get the accept incoming connections dialog one last time. Click "Allow".

    enter image description here

    From now on you should no longer get the warnings anymore! Now it is possible to enjoy the security of your firewall being active without the inconvenience of having to click "allow" constantly.

    Credit: The original source which served as a starting place for this updated and annotated solution guide was http://silvanolte.com/blog/2011/01/18/do-you-want-the-application-to-accept-incoming-network-connections/

    0 讨论(0)
  • 2021-01-12 19:04

    I was trying to apply this solution to fix python as used by Arduino OTA, I found another solution describing self-signing the app that stated $(which python) as the file path to sign, but in my case that resolved to /usr/bin/python. Self-signing this not only required I drop to Rootless mode to allow writing to /usr/bin, but when I went back and tested it, python was STILL asking for permission to allow incoming connections!

    The correct python file to self-sign is in fact (in my case at least) /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app

    Once I self-signed this correct file path, the Arduino OTA process no longer required me clicking allow incoming connections - Hoorah!

    Hope that helps someone.

    0 讨论(0)
  • 2021-01-12 19:04

    In my case this alert appeared when i run Python project from PyCharm after updating MacOS to 10.15 Cataline. I fixed it with

    codesign -vvv /Applications/PyCharm.app/
    
    0 讨论(0)
提交回复
热议问题