[petsc-dev] MacOS firewall annoyance while running tests + solution

Barry Smith bsmith at petsc.dev
Fri Aug 28 21:51:14 CDT 2020 


> On Aug 28, 2020, at 3:47 PM, Jed Brown <jed at jedbrown.org> wrote:
> 
> "Hapla  Vaclav" <vaclav.hapla at erdw.ethz.ch> writes:
> 
>> On MacOS, maybe you also have lots of firewall popups appearing/disappearing when running tests like
>>  Do you want the application "ex29" to accept incoming network connections?
> 
> Is there a way to express that the application does not need (should not accept) incoming connections?

  Yes, this also seems to work:

sudo $$FW --block $$APP

instead of 

sudo $$FW --unblock $$APP

The parallel program still runs correctly to conclusion without the popup. 

  So my conclusion is that at listen() or some later system call it always pops up the window (unless the user as already blocked or unblocked the executable) without regard to whether an outside  (from the machine) connection to the process is attempted. 

 The routine has an undocumented option -a <listen or accept> when you run with 

/usr/libexec/ApplicationFirewall/socketfilterfw -d -a accept

it prints ASKWHENACCEPT  which seems to indicate it will delay the popup until an accept is called but I can't confirm this because the debugger never stops in accept on one process but the popup still comes up so this argument may be ignored.

If I were Junchao I would not do the popup until the code tried to accepted an EXTERNAL connection (the lazy evaluation) but I cannot get it to behave this way. 

If I disconnect from the network I still get the popups. 

The pop up is asynchronous also, when the popup is still up the program keeps run (even in parallel) and ends normally. Then the popup disappears. 

 Apple could make this friendly without hurting security but then Apple never cared about external developers for the Mac.


> 
> Normalizing sudo during build/testing seems really bad.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/petsc-dev/attachments/20200828/7fd8fbd1/attachment.html>

More information about the petsc-dev mailing list