Allow Python to Accept Incoming Connections - Solution?
Posted: Thu Aug 25, 2016 6:17 amCaution! I'm WAY outside my element, so if you choose to try anything here, you are on your own.
These are the steps that I took to overcome the "Allow Python to Accept Incoming Connections" nag screen from the OS X Firewall. This nag screen occurs on upgraded installs of OS X (it doesn't seem to happen with clean installs) and has nothing to do with Indigo. Note: If you don't have XTools installed, you may need to do that in order for these steps to work (I'm not sure if it's a requirement. I performed these steps with it installed.)
1. Create a signing certificate. Note the name that you give the certificate as you'll need it later. (Source: AskDifferent)
- Open Keychain Access.
- In Keychain Access, Keychain Access > Certificate Assistant > Create a certificate. This launches the Certificate Assistant:
- Name: Enter some arbitrary string here that you can remember. Avoid spaces otherwise you'll need to escape the cert's name when using codesign from the command line.
- Identity type: Self Signed Root
- Certificate Type: Code Signing
- Check the box "Let me override defaults", this is quite important
- Serial number: 1 (OK as long as the cert name/serial no. combination is unique)
- Validity Period: 3650 (gives you 10 years) <-- (I chose 7200.)
- Email, Name, etc. fill out as you wish.
- Key pair info: set to RSA, 2048 bits. Does not really matter IMHO.
- From "Key usage extension" up to "Subject Alternate Name Extension": accept the defaults.
- Location: login keychain.
- Once it is created, set to "Always trust" in the Login keychain.
2. Boot into recovery mode (hold CMD-R or alternatively, hold option and select Recovery.) If you have a Bluetooth keyboard, you may be well served to use a wired keyboard to gain access to Recovery Mode (doing it with a BT keyboard can be tricky.)
3. Disable System Integrity Protection (SIP). Open a terminal window and enter:
4. Reboot into normal mode.
5. Open the OS X Firewall, right click on the Python entry and select "Reveal in Finder." Copy the full path to the file. Mine was:
6. open a terminal window and enter (replace 'certificate_authority_name ' with the name of your certificate and replace your path from #5 if it's different.)
7. Boot into recovery mode.
8. Re-enable SIP. Open a terminal window and enter:
9. Reboot into normal mode and allow Python to accept incoming connections one more time.
Your mileage may vary, but following these steps solved the issue for me.
Cheers,
Dave
ETA: By the way, I should mention that there is every possibility that Apple may make changes in its OS updates that invalidates this fix--requiring either that it be reapplied (Apple replaces a signed binary with an unsigned one) or a different fix.
These are the steps that I took to overcome the "Allow Python to Accept Incoming Connections" nag screen from the OS X Firewall. This nag screen occurs on upgraded installs of OS X (it doesn't seem to happen with clean installs) and has nothing to do with Indigo. Note: If you don't have XTools installed, you may need to do that in order for these steps to work (I'm not sure if it's a requirement. I performed these steps with it installed.)
1. Create a signing certificate. Note the name that you give the certificate as you'll need it later. (Source: AskDifferent)
- Open Keychain Access.
- In Keychain Access, Keychain Access > Certificate Assistant > Create a certificate. This launches the Certificate Assistant:
- Name: Enter some arbitrary string here that you can remember. Avoid spaces otherwise you'll need to escape the cert's name when using codesign from the command line.
- Identity type: Self Signed Root
- Certificate Type: Code Signing
- Check the box "Let me override defaults", this is quite important
- Serial number: 1 (OK as long as the cert name/serial no. combination is unique)
- Validity Period: 3650 (gives you 10 years) <-- (I chose 7200.)
- Email, Name, etc. fill out as you wish.
- Key pair info: set to RSA, 2048 bits. Does not really matter IMHO.
- From "Key usage extension" up to "Subject Alternate Name Extension": accept the defaults.
- Location: login keychain.
- Once it is created, set to "Always trust" in the Login keychain.
2. Boot into recovery mode (hold CMD-R or alternatively, hold option and select Recovery.) If you have a Bluetooth keyboard, you may be well served to use a wired keyboard to gain access to Recovery Mode (doing it with a BT keyboard can be tricky.)
3. Disable System Integrity Protection (SIP). Open a terminal window and enter:
- Code: Select all
csrutil disable
4. Reboot into normal mode.
5. Open the OS X Firewall, right click on the Python entry and select "Reveal in Finder." Copy the full path to the file. Mine was:
- Code: Select all
/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app
6. open a terminal window and enter (replace 'certificate_authority_name ' with the name of your certificate and replace your path from #5 if it's different.)
- Code: Select all
sudo codesign -s certificate_authority_name -f /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app
7. Boot into recovery mode.
8. Re-enable SIP. Open a terminal window and enter:
- Code: Select all
csrutil enable
9. Reboot into normal mode and allow Python to accept incoming connections one more time.
Your mileage may vary, but following these steps solved the issue for me.
Cheers,
Dave
ETA: By the way, I should mention that there is every possibility that Apple may make changes in its OS updates that invalidates this fix--requiring either that it be reapplied (Apple replaces a signed binary with an unsigned one) or a different fix.