问题
When I run a python application on Mac, it shows many dialogs about want "Python.app" to accept incoming network connections.
Even I Allow it many times, it shows again and again.
How to allow it one time and not show any more?
Edit
I found this question: Add Python to OS X Firewall Options?
I followed the accepted answer to do but finally when I run codesign -s "My Signing Identity" -f $(which python), it said:
/usr/bin/python: replacing existing signature
error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: can't create output file: /usr/bin/python.cstemp (Operation not permitted)
/usr/bin/python: the codesign_allocate helper tool cannot be found or used
How to do next?
回答1:
Apparently El Capitan has something call System Integrity Protection that prevents any user (even root) to modify certain OS resources. Such as the /usr/bin directory in this case, where you have the python executable. To self sign the python binary you can disable SIP by rebooting your mac in recovery mode (reboot while holding CMD+R) and then typing this in the terminal:
csrutil disable
then boot back into regular OSX, and follow the steps to self sign python and execute:
codesign -s "My Signing Identity" -f $(which python)
and finally reboot back into Recovery Mode, and re-enable SIP:
csrutil enable
回答2:
I installed Python 3.6 from python.org, and I had a similar problem. I tried repeatedly to self-sign the python binaries /usr/local/bin/python3, /Library/Frameworks/Python.framework/Versions/3.6/bin/python3, and so forth, but I would keep getting the MacOS Firewall Deny/Allow popup.
Finally, self-signing the application located at /Library/Frameworks/Python.framework/Versions/3.6/Resources did the trick:
codesign --force --sign "My Signing Identity" /Library/Frameworks/Python.framework/Versions/3.6/Resources/Python.app
I'm on MacOS Mojave 10.14.1 for what that's worth.
回答3:
Slight addendum to the answer by @mr-howdy above. For Python 3.7, I had to use:
codesign --force --sign "My Certificate" /Library/Frameworks/Python.framework/Versions/3.7/Resources/Python.app/Contents/MacOS/Python
Note the extra Contents/MacOS/Python added to the path.
回答4:
With the OS X firewall enabled, you can remove the "Do you want the application "python" to accept incoming network connections?" message.
Create a self-signed certificate.
Open Keychain Access. Applications > Utilities > Keychain Access.
Keychain Access menu > Certificate Assistant > Create a Certificate...
Enter a Name like "My Certificate".
Select Identity Type: Self Signed Root
Select Certificate Type: Code Signing
Check the Let me override defaults box
Click Continue
Enter a unique Serial Number
Enter 7300 for Validity Period.
Click Continue
Click Continue for the rest of the dialogs
Now sign your application
codesign -s "My Certificate" -f $(which python)
In the dialog that appears, click "Allow".
Note that when using a virtual environment, you need to activate the virtual environment before running this command.
来源:https://stackoverflow.com/questions/34760163/how-to-allow-python-app-to-firewall-on-mac-os-x