Allow Python to Accept Incoming Connections - Solution?

Posted on
Thu Aug 25, 2016 6:17 am
DaveL17 offline
User avatar
Posts: 6742
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Allow Python to Accept Incoming Connections - Solution?

Caution! I'm WAY outside my element, so if you choose to try anything here, you are on your own.

These are the steps that I took to overcome the "Allow Python to Accept Incoming Connections" nag screen from the OS X Firewall. This nag screen occurs on upgraded installs of OS X (it doesn't seem to happen with clean installs) and has nothing to do with Indigo. Note: If you don't have XTools installed, you may need to do that in order for these steps to work (I'm not sure if it's a requirement. I performed these steps with it installed.)

1. Create a signing certificate. Note the name that you give the certificate as you'll need it later. (Source: AskDifferent)

- Open Keychain Access.
- In Keychain Access, Keychain Access > Certificate Assistant > Create a certificate. This launches the Certificate Assistant:
- Name: Enter some arbitrary string here that you can remember. Avoid spaces otherwise you'll need to escape the cert's name when using codesign from the command line.
- Identity type: Self Signed Root
- Certificate Type: Code Signing
- Check the box "Let me override defaults", this is quite important
- Serial number: 1 (OK as long as the cert name/serial no. combination is unique)
- Validity Period: 3650 (gives you 10 years) <-- (I chose 7200.)
- Email, Name, etc. fill out as you wish.
- Key pair info: set to RSA, 2048 bits. Does not really matter IMHO.
- From "Key usage extension" up to "Subject Alternate Name Extension": accept the defaults.
- Location: login keychain.
- Once it is created, set to "Always trust" in the Login keychain.

2. Boot into recovery mode (hold CMD-R or alternatively, hold option and select Recovery.) If you have a Bluetooth keyboard, you may be well served to use a wired keyboard to gain access to Recovery Mode (doing it with a BT keyboard can be tricky.)

3. Disable System Integrity Protection (SIP). Open a terminal window and enter:
Code: Select all
csrutil disable
and exit terminal normally.

4. Reboot into normal mode.

5. Open the OS X Firewall, right click on the Python entry and select "Reveal in Finder." Copy the full path to the file. Mine was:
Code: Select all
/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app

6. open a terminal window and enter (replace 'certificate_authority_name ' with the name of your certificate and replace your path from #5 if it's different.)
Code: Select all
sudo codesign -s certificate_authority_name -f /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app
At this point, XTools will prompt you to accept the license agreement if you haven't already done so. I found that codesign continued after accepting the terms. OS X will ask if you want to allow access to your Keychain; select yes for each prompt. Exit terminal normally.

7. Boot into recovery mode.

8. Re-enable SIP. Open a terminal window and enter:
Code: Select all
csrutil enable
and exit terminal normally

9. Reboot into normal mode and allow Python to accept incoming connections one more time.

Your mileage may vary, but following these steps solved the issue for me.

Cheers,
Dave

ETA: By the way, I should mention that there is every possibility that Apple may make changes in its OS updates that invalidates this fix--requiring either that it be reapplied (Apple replaces a signed binary with an unsigned one) or a different fix.

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Sat Sep 03, 2016 11:38 am
tons offline
Posts: 2
Joined: Sep 03, 2016

Re: Allow Python to Accept Incoming Connections - Solution?

This worked fine for me.
I did not even create the certificate upfront (step 1). I just used:

sudo code sign -f -s - /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app

Thanks
Ton

Posted on
Sat Sep 03, 2016 11:43 am
DaveL17 offline
User avatar
Posts: 6742
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Re: Allow Python to Accept Incoming Connections - Solution?

tons wrote:
This worked fine for me.
I did not even create the certificate upfront (step 1). I just used:

sudo code sign -f -s - /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app

Thanks
Ton

Glad to hear that this worked for you.

Cheers,
Dave

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Sun Sep 04, 2016 7:56 am
Japple55 offline
Posts: 224
Joined: Sep 26, 2015
Location: NE Tennessee

Re: Allow Python to Accept Incoming Connections - Solution?

tons wrote:
This worked fine for me.
I did not even create the certificate upfront (step 1). I just used:

sudo code sign -f -s - /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app


So, you started at step six, or only skipped step one?

Jim

Posted on
Sun Sep 04, 2016 12:19 pm
Gysbert offline
User avatar
Posts: 11
Joined: Jan 04, 2015

Re: Allow Python to Accept Incoming Connections - Solution?

Japple55 wrote:
tons wrote:
This worked fine for me.
I did not even create the certificate upfront (step 1). I just used:

sudo code sign -f -s - /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app


So, you started at step six, or only skipped step one?

Jim


Good question, what did you do?


Verzonden vanaf mijn iPad met Tapatalk

15x dimmer, 6x switch, 12 sets of outdoor blinds with switches, 17x electric curtain rails with switches, 2x electric roof lights with switches, 1x multisensor, 2x door sensors, Aeotec Siren, Geohopper, WUnderground plug-in, TOON smart thermostat

Posted on
Wed Sep 07, 2016 7:56 pm
DaveL17 offline
User avatar
Posts: 6742
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Re: Allow Python to Accept Incoming Connections - Solution?

Updated the OP to note that this fix may also be transient. There is every possibility that Apple could do something in the future that requires the fix to be reapplied or require a whole new fix.

Dave

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Sun Sep 18, 2016 8:47 pm
hamw offline
Posts: 1212
Joined: Mar 31, 2008

Re: Allow Python to Accept Incoming Connections - Solution?

Anyone figure out what japple did? Do we still have to make a certificate?

Posted on
Tue Sep 20, 2016 5:35 am
Japple55 offline
Posts: 224
Joined: Sep 26, 2015
Location: NE Tennessee

Re: Allow Python to Accept Incoming Connections - Solution?

Japple didn't have the solution...it was Tons. I've sent him a PM in hopes he'll provide us an answer.

Posted on
Tue Sep 20, 2016 3:36 pm
tons offline
Posts: 2
Joined: Sep 03, 2016

Re: Allow Python to Accept Incoming Connections - Solution?

I only skipped step 1
And in step 6 i used the command i mentioned in my previous post instead of the command from the topic starter

Posted on
Sun Jan 22, 2017 7:49 pm
benish offline
User avatar
Posts: 15
Joined: Jan 22, 2017
Location: Portland, OR

Re: Allow Python to Accept Incoming Connections - Solution?

This seems to have worked for me. Thank you!

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 3 guests