Apple - How to get rid of firewall "accept incoming connections" dialog?
sudo codesign --force --deep --sign - /path/to/application.app
I've never had to create a certificate using this method.
If that doesn't help, try without --deep
and without the trailing slash:
sudo codesign --force --sign - /path/to/application.app
Note, just to make it clearer: After having applied the signature, start the app, accept incoming connections one last time, then quit and start again to verify that the request is gone.
While RedYeti's link is useful, just to save a few clicks for others let me recap how to generate a code-signing cert and to use it for code (re-)signing:
Create your own code signing cert:
In Keychain Access, Keychain Access > Certificate Assistant > Create a certificate. This launches the Certificate Assistant:
Name: Enter some arbitrary string here that you can remember. Avoid spaces otherwise you'll need to escape the cert's name when using
codesign
from the command line.Identity type: Self Signed Root
Certificate Type: Code Signing
Check the box "Let me override defaults", this is quite important
Serial number: 1 (OK as long as the cert name/serial no. combination is unique)
Validity Period: 3650 (gives you 10 years)
Email, Name, etc. fill out as you wish.
Key pair info: set to RSA, 2048 bits. Does not really matter IMHO.
From "Key usage extension" up to "Subject Alternate Name Extension": accept the defaults.
Location: login keychain.
Once it is created, set to "Always trust" in the Login keychain: right-click on the certificate, choose "Get Info", and in the "Trust" section, set "When using this certificate" to "Always trust".
Re-signing an app:
codesign -f --deep -s <certname> /path/to/app
Verify that it worked:
codesign -dvvvv /path/to/app
Enjoy!
UPDATE: People asked me why this is "not working" in macOS 10.14 "Mojave". Now that I have finally upgraded :-), here's what I learned.
Basically, don't use a self-signed certificate for code signing. Generate a certificate using your Apple ID in Xcode instead. To recap the steps briefly:
In Xcode > Preferences > Accounts, select your Apple developer ID, click "Manage Certificates", select the "+" in the bottom left corner, it offers you the option "Apple Development". Select that, this will make a certificate for you. By Ctrl-clicking on the new certificate you can export it (in .p12
format), and by open
-ing that .p12
file it gets loaded into your Login keychain.
You will see that this certificate is valid for a year, "Issued by: Apple Worldwide Developer Relations Certification Authority". I suspect that is trustworthier than a self-signed certificate.
Now you can sign your app as before with codesign -f -s <apple_ID> /path/to/prog
. I tried it with a simple binary (compiled from hello.c
:-) ), and it could be verified with codesign -v
.
I haven't tried it with Python packages yet, so I have no advice to people who mentioned in their comments that this cannot sign "python.app".
This relates to whether the app is signed or not. If it's not signed, the preference won't be remembered.
To see if an app is signed do this in Terminal:
cd path/to/your/app
codesign -vvv Eclipse.app/
For Eclipse - mine says it's not signed at all. I can't comment further on how to sign the app since I've not bothered to do that but this answer on superuser covers it:
https://superuser.com/questions/100013/why-does-the-mac-os-x-firewall-dialog-recurringly-pop-up-and-disappear-by-itself#300841