Recientemente, comenzar un proceso de Python que abre un puerto de servidor siempre desencadena el cuadro de diálogo de firewall
Would you like enable that Python.app can settle for incoming community connections? (traducido)
Como la versión del sistema Python es demasiado antigua, he instalado Python 3.11 y Python 3.13 a través de Brew.
La firma de código de EG Python 3.13 parece ser válida:
codesign -vv /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app
/choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app: legitimate on disk
/choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app: satisfies its Designated Requirement
También he tratado de agregar las dos instalaciones de Python a la lista Permitir el firewall:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps
He agregado la carpeta .App y el ejecutable de la aplicación, ya que no estaba seguro de cuál tenía que agregarse:
4 : /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/MacOS/Python
( Permit incoming connections )
5 : /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app
( Permit incoming connections )
¿Qué debo hacer para permitir permanentemente las instalaciones de mis Python abran un puerto de escucha?
El firewall está configurado para permitir que el “software program del sistema”, así como el “software program firmado”, acepten conexiones entrantes.
La Mac debe estar ejecutando la cabeza como servidor, por lo tanto, no hay nadie que pueda hacer clic en los cuadros de diálogo abierto por el sistema …
Edición 1: Encontré algunos detalles más en el registro de firewall. Parece que por algunas razones llega a la conclusión de que /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app no está “native firmado” ni “firmado de Apple”: ¿es este el resultado esperado?
(venv) appicaptor@ac-macdyn ~ % log stream --info --debug --predicate 'course of == "socketfilterfw"'
Filtering the log information utilizing "course of == "socketfilterfw""
[com.apple.ALF.ApplicationFirewall:fw] KEXT: Python: Permit TCP CONNECT (in:1 out:0)
[com.apple.ALF.ApplicationFirewall:fw] DoRead
[com.apple.ALF.ApplicationFirewall:fw] sw_msg_hdr len: 44 kind: updaterules (8)
[com.apple.ALF.ApplicationFirewall:fw] pid: 1120 flag: 0x0
[com.apple.ALF.ApplicationFirewall:fw] guidelines: tc: 0x0 tl: 0x0 tb: 0x0 uc: 0x0 ub: 0x0
[com.apple.ALF.ApplicationFirewall:fw] pe_path:
[com.apple.ALF.ApplicationFirewall:fw]
(Safety) [com.apple.securityd:csresource] 0x140f093e0 rule ^Contents$ added (weight 0, flags 0x12)|.SoftwareDepot.monitoring)$ added (weight 0, flags 0x9)
(Safety) [com.apple.securityd:csresource] 0x1421060b0 rule ^(.LSOverride|.DS_Store|Icon
(Safety) [com.apple.securityd:dirval] coming into /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app
(Safety) [com.apple.securityd:dirval] coming into /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents
(Safety) [com.apple.securityd:dirval] leaving /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents
(Safety) [com.apple.securityd:dirval] leaving /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app
(Safety) [com.apple.securityd:unixio] open(/choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/MacOS/Python,0x0,0x1b6) = 12
(Safety) [com.apple.securityd:unixio] open(/choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/MacOS/Python,0x0,0x1b6) = 13
(Safety) [com.apple.securityd:macho] 0x14200a6c0 is a skinny file (arm64)
(Safety) [com.apple.securityd:unixio] shut(12) err: 0
(Safety) [com.apple.securityd:macho] 64-bit linkedit is legitimate
(Safety) [com.apple.securityd:macho] 64-bit linkedit is legitimate
(Safety) [com.apple.securityd:machorep] 546 signing bytes in 3 blob(s) from /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/MacOS/Python(arm64)
(Safety) [com.apple.securityd:cfloadfile] didn't fetch /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/_CodeSignature/CodeRequirements-1 error=-10
(Safety) [com.apple.securityd:staticCode] SecStaticCode community default: NO
(Safety) [com.apple.securityd:unixio] shut(13) err: 0
[com.apple.ALF.ApplicationFirewall:fw] CFBundleCreateIfLooksLikeBundle returns a bundle 0x42104480
[com.apple.ALF.ApplicationFirewall:fw] CFBundleGetId returns org.python.python
[com.apple.ALF.ApplicationFirewall:fw] discovered bundleid org.python.python in FindBundleIDEntry()
[com.apple.ALF.ApplicationFirewall:fw] ALF: IsPrefAppSigned()-file:///choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/ not native signed, examine for apple signed
(Safety) [com.apple.securityd:csresource] 0x14200a740 rule ^Contents$ added (weight 0, flags 0x12)|.SoftwareDepot.monitoring)$ added (weight 0, flags 0x9)x0
(Safety) [com.apple.securityd:csresource] 0x14200c530 rule ^(.LSOverride|.DS_Store|Icon
(Safety) [com.apple.securityd:dirval] coming into /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app
(Safety) [com.apple.securityd:dirval] coming into /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents
(Safety) [com.apple.securityd:dirval] leaving /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents
(Safety) [com.apple.securityd:dirval] leaving /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app
(Safety) [com.apple.securityd:unixio] open(/choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/MacOS/Python,0x0,0x1b6) = 12
(Safety) [com.apple.securityd:unixio] open(/choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/MacOS/Python,0x0,0x1b6) = 13
(Safety) [com.apple.securityd:macho] 0x140f09950 is a skinny file (arm64)
(Safety) [com.apple.securityd:unixio] shut(12) err: 0
(Safety) [com.apple.securityd:macho] 64-bit linkedit is legitimate
(Safety) [com.apple.securityd:macho] 64-bit linkedit is legitimate
(Safety) [com.apple.securityd:machorep] 546 signing bytes in 3 blob(s) from /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/MacOS/Python(arm64)
(Safety) [com.apple.securityd:cfloadfile] didn't fetch /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/_CodeSignature/CodeRequirements-1 error=-10
(Safety) [com.apple.securityd:staticCode] SecStaticCode community default: NO
(Safety) [com.apple.securityd:codedir] 0x14200ac70 validating slot -2
(Safety) [com.apple.securityd:unixio] open(/choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/Information.plist,0x0,0x1b6) = 12
(Safety) [com.apple.securityd:unixio] shut(12) err: 0
(Safety) [com.apple.securityd:codedir] 0x14200ac70 validating slot -1
(Safety) [com.apple.securityd:kcode] visitor 0x14200a818(1120) kernel standing 0x22000201
(Safety) [com.apple.securityd:codedir] 0x14200ac70 validating slot -1
(Safety) [com.apple.securityd:staticCode] 0x142009c88 loaded InfoDict 0x14200a400
(Safety) [com.apple.securityd:cfloadfile] didn't fetch /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/_CodeSignature/CodeEntitlementDER error=-10
(Safety) [com.apple.securityd:cfloadfile] didn't fetch /choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/Contents/_CodeSignature/CodeEntitlements error=-10
[com.apple.ALF.ApplicationFirewall:fw] ALF: isSecCodesigned()-SecCodeCheckValidity returns error = -67050
[com.apple.ALF.ApplicationFirewall:fw] SecCodeCheckValidity rts error -67050
[com.apple.ALF.ApplicationFirewall:fw] ALF: pid 1120 is NOT apple signed
(Safety) [com.apple.securityd:unixio] shut(13) err: 0
[com.apple.ALF.ApplicationFirewall:fw] ALF: IsPrefAppSigned file:///choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/ rts false
[com.apple.ALF.ApplicationFirewall:fw] ALF: DoUpdateRule()-GetFWConfig bundle org.python.python, path file:///choose/homebrew/Cellar/[email protected]/3.13.2/Frameworks/Python.framework/Variations/3.13/Sources/Python.app/ returns 0x0
[com.apple.ALF.ApplicationFirewall:fw] DoUpdateRule
[com.apple.ALF.ApplicationFirewall:fw] sw_msg_hdr len: 44 kind: updaterules (8)
[com.apple.ALF.ApplicationFirewall:fw] pid: 1120 flag: 0x0
[com.apple.ALF.ApplicationFirewall:fw] guidelines: tc: 0xffff tl: 0xffff tb: 0xffff uc: 0xffff ub: 0xffff
[com.apple.ALF.ApplicationFirewall:fw] pe_path:
[com.apple.ALF.ApplicationFirewall:fw]
[com.apple.ALF.ApplicationFirewall:fw] DoRead
[com.apple.ALF.ApplicationFirewall:fw] sw_msg_hdr len: 128 kind: ask (3)
[com.apple.ALF.ApplicationFirewall:fw] ref: 0xfffffe24cdfc9900 proc_ref: 0x460 proc_name: Python proc_id: 1120 op: 3 deal with: unknown household kind:0 response: 65535 pid_entry: 0xfffffe1b342a0e80
[com.apple.ALF.ApplicationFirewall:fw]
[com.apple.ALF.ApplicationFirewall:fw] DoRead
[com.apple.ALF.ApplicationFirewall:fw] sw_msg_hdr len: 128 kind: sw_msg_type_askmsgrelease (14)
[com.apple.ALF.ApplicationFirewall:fw]
