I found a bit more information in gmakefile.test which has the magic sauce
used by make test to stop the firewall popups while running the test suite.
# MACOS FIREWALL HANDLING
# - if run with MACOS_FIREWALL=1
# (automatically set in $PETSC_ARCH/lib/petsc/conf/petscvariables if
configured --with-macos-firewall-rules),
# ensure mpiexec and test executable is on firewall list
#
ifeq ($(MACOS_FIREWALL),1)
FW := /usr/libexec/ApplicationFirewall/socketfilterfw
# There is no reliable realpath command in macOS without need for 3rd party
tools like homebrew coreutils
# Using Python's realpath seems like the most robust way here
realpath-py = $(shell $(PYTHON) -c 'import os, sys;
print(os.path.realpath(sys.argv[1]))' $(1))
#
define macos-firewall-register
@APP=$(call realpath-py, $(1)); \
if ! sudo -n true 2>/dev/null; then printf "Asking for sudo password to add
new firewall rule for\n $$APP\n"; fi; \
sudo $(FW) --remove $$APP --add $$APP --blockapp $$APP
endef
endif
and below. When building each executable it automatically calls socketfilterfw
on that executable so it won't popup.
From this I think you can reverse engineer how to turn it off for your
executables.
Perhaps PETSc's make ex1 etc should also apply this magic sauce, Pierre?
> On Mar 19, 2023, at 8:10 PM, Amneet Bhalla <[email protected]> wrote:
>
> This helped only during the configure stage, and not during the check stage
> and during executing the application built on PETSc. Do you think it is
> because I built mpich locally and not with PETSc?
>
> On Sun, Mar 19, 2023 at 3:51 PM Barry Smith <[email protected]
> <mailto:[email protected]>> wrote:
>>
>> ./configure option with-macos-firewall-rules
>>
>>
>>> On Mar 19, 2023, at 5:25 PM, Amneet Bhalla <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> Yes, this is MPI that is triggering the apple firewall. If I allow it it
>>> gets added to the allowed list (see the screenshot) and it does not trigger
>>> the firewall again. However, this needs to be done for all executables
>>> (there will be several main2d's in the list). Any way to suppress it for
>>> all executables linked to mpi in the first place?
>>>
>>> <Screenshot 2023-03-19 at 2.19.53 PM.png>
>>>
>>> On Sun, Mar 19, 2023 at 11:01 AM Matthew Knepley <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>> On Sun, Mar 19, 2023 at 1:59 PM Amneet Bhalla <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>> I'm building PETSc without mpi (I built mpich v 4.1.1 locally). Here is
>>>>> the configure command line that I used:
>>>>>
>>>>> ./configure --CC=mpicc --CXX=mpicxx --FC=mpif90 --PETSC_ARCH=darwin-dbg
>>>>> --with-debugging=1 --download-hypre=1 --with-x=0
>>>>>
>>>>
>>>> No, this uses MPI, it just does not built it. Configuring with
>>>> --with-mpi=0 will shut off any use of MPI, which is what Satish thinks is
>>>> bugging the firewall.
>>>>
>>>> Thanks,
>>>>
>>>> Matt
>>>>
>>>>> On Sun, Mar 19, 2023 at 10:56 AM Satish Balay <[email protected]
>>>>> <mailto:[email protected]>> wrote:
>>>>>> I think its due to some of the system calls from MPI.
>>>>>>
>>>>>> You can verify this with a '--with-mpi=0' build.
>>>>>>
>>>>>> I wonder if there is a way to build mpich or openmpi - that doesn't
>>>>>> trigger Apple's firewall..
>>>>>>
>>>>>> Satish
>>>>>>
>>>>>> On Sun, 19 Mar 2023, Amneet Bhalla wrote:
>>>>>>
>>>>>> > Hi Folks,
>>>>>> >
>>>>>> > I'm trying to build PETSc on MacOS Ventura (Apple M2) with hypre. I'm
>>>>>> > using
>>>>>> > the latest version (v3.18.5). During the configure and make check
>>>>>> > stage I
>>>>>> > get a request about accepting network connections. The configure and
>>>>>> > check
>>>>>> > proceeds without my input but the dialog box stays in place. Please
>>>>>> > see the
>>>>>> > screenshot. I'm wondering if it is benign or something to be concerned
>>>>>> > about? Do I need to accept any network certificate to not see this
>>>>>> > dialog
>>>>>> > box?
>>>>>> >
>>>>>> > Thanks,
>>>>>> >
>>>>>> >
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> --Amneet
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> What most experimenters take for granted before they begin their
>>>> experiments is infinitely more interesting than any results to which their
>>>> experiments lead.
>>>> -- Norbert Wiener
>>>>
>>>> https://www.cse.buffalo.edu/~knepley/
>>>> <http://www.cse.buffalo.edu/~knepley/>
>>>
>>>
>>> --
>>> --Amneet
>>>
>>>
>>>
>>
>
>
> --
> --Amneet
>
>
>
