I don't think we should be doing such 'sudo' changes on user machines. Satish
On Fri, 28 Aug 2020, Barry Smith wrote: > > Maybe you could make this a MR? > > Barry > > > > > On Aug 28, 2020, at 2:17 PM, Hapla Vaclav <[email protected]> wrote: > > > > On MacOS, maybe you also have lots of firewall popups > > appearing/disappearing when running tests like > > Do you want the application "ex29" to accept incoming network connections? > > > > They are annoying, disturbing, slowing down, and virtually making any other > > work on the computer impossible (and driving me crazy). > > > > There is not much information about this issue. Usually the hints involve > > enabling each application separately in Firewall settings (no support for > > wildcards), which is virtually impossible to do with all PETSc test > > executables (and not really working for me). > > > > Some guys suggest signing the app using codesign > > <https://apple.stackexchange.com/a/150711> which also didn't work for me. > > > > But I have finally found a reliable solution. So I'm sharing it, also for > > my own reference - not sure whether it could be added to PETSc directly in > > some form. > > > > It consists in applying a small makefile patch (below) which uses MacOS > > firewall CLI (which is not much advertised). This way, make adds the > > executable to the firewall whitelist right after it's produced by a linker. > > > > It uses sudo so it asks for your password for the first time. > > > > Please let me know if you have a better solution - except of disabling the > > firewall ;-) - or other comments/questions. > > > > See also > > * man socketfilterfw <http://www.manpagez.com/man/8/socketfilterfw/> > > * > > https://krypted.com/mac-security/command-line-firewall-management-in-os-x-10-10/ > > > > <https://krypted.com/mac-security/command-line-firewall-management-in-os-x-10-10/> > > > > Vaclav > > > > > > > > diff --git a/gmakefile.test b/gmakefile.test > > index 95ff59b4ab..c513a0bc0c 100644 > > --- a/gmakefile.test > > +++ b/gmakefile.test > > @@ -192,18 +192,37 @@ $(TESTDIR)/snes/tests/ex1: PETSC_TEST_LIB = > > $(PETSC_SNES_LIB) > > $(TESTDIR)/ts/tests/ex2: PETSC_TEST_LIB = $(PETSC_TS_LIB) > > $(TESTDIR)/tao/tutorials/ex1: PETSC_TEST_LIB = $(PETSC_TAO_LIB) > > > > +define macos-firewall-register > > + @APP=$(call abspath, $(1)); \ > > + FW=/usr/libexec/ApplicationFirewall/socketfilterfw; \ > > + if ! $$FW --getappblocked $$APP | grep 'is permitted' > /dev/null; > > then \ > > + sudo $$FW --add $$APP && \ > > + sudo $$FW --unblock $$APP; \ > > + fi > > +endef > > + > > +# Ensure mpiexec.hydra and test executable is on firewall list > > +define macos-firewall-fix > > + $(call macos-firewall-register, $(shell which mpiexec.hydra)) > > + $(call macos-firewall-register, $(1)) > > +endef > > + > > # Test executables > > $(testexe.F) $(testexe.F90) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ > > $(libpetscall) > > $(call quiet,FLINKER) -o $@ $^ $(PETSC_TEST_LIB) > > + $(call macos-firewall-fix,$@) > > > > $(testexe.c) $(testexe.cu) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ > > $(libpetscall) > > $(call quiet,CLINKER) -o $@ $^ $(PETSC_TEST_LIB) > > + $(call macos-firewall-fix,$@) > > > > $(testexe.kokkos.cxx) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ $(libpetscall) > > $(call quiet,PETSC_LINK.kokkos.cxx) -o $@ $^ $(PETSC_TEST_LIB) > > + $(call macos-firewall-fix,$@) > > > > $(testexe.cxx) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ $(libpetscall) > > $(call quiet,CXXLINKER) -o $@ $^ $(PETSC_TEST_LIB) > > + $(call macos-firewall-fix,$@) > > > > # Fortran source files need petsc*.mod, which isn't explicitly managed in > > the makefile. > > $(foreach pkg, $(pkgs), $(call concattestlang,$(pkg),F F90)) : > > $(libpetscall) > >
