Maybe you could make this a MR? Barry
> On Aug 28, 2020, at 2:17 PM, Hapla Vaclav <vaclav.ha...@erdw.ethz.ch> wrote: > > On MacOS, maybe you also have lots of firewall popups appearing/disappearing > when running tests like > Do you want the application "ex29" to accept incoming network connections? > > They are annoying, disturbing, slowing down, and virtually making any other > work on the computer impossible (and driving me crazy). > > There is not much information about this issue. Usually the hints involve > enabling each application separately in Firewall settings (no support for > wildcards), which is virtually impossible to do with all PETSc test > executables (and not really working for me). > > Some guys suggest signing the app using codesign > <https://apple.stackexchange.com/a/150711> which also didn't work for me. > > But I have finally found a reliable solution. So I'm sharing it, also for my > own reference - not sure whether it could be added to PETSc directly in some > form. > > It consists in applying a small makefile patch (below) which uses MacOS > firewall CLI (which is not much advertised). This way, make adds the > executable to the firewall whitelist right after it's produced by a linker. > > It uses sudo so it asks for your password for the first time. > > Please let me know if you have a better solution - except of disabling the > firewall ;-) - or other comments/questions. > > See also > * man socketfilterfw <http://www.manpagez.com/man/8/socketfilterfw/> > * > https://krypted.com/mac-security/command-line-firewall-management-in-os-x-10-10/ > > <https://krypted.com/mac-security/command-line-firewall-management-in-os-x-10-10/> > > Vaclav > > > > diff --git a/gmakefile.test b/gmakefile.test > index 95ff59b4ab..c513a0bc0c 100644 > --- a/gmakefile.test > +++ b/gmakefile.test > @@ -192,18 +192,37 @@ $(TESTDIR)/snes/tests/ex1: PETSC_TEST_LIB = > $(PETSC_SNES_LIB) > $(TESTDIR)/ts/tests/ex2: PETSC_TEST_LIB = $(PETSC_TS_LIB) > $(TESTDIR)/tao/tutorials/ex1: PETSC_TEST_LIB = $(PETSC_TAO_LIB) > > +define macos-firewall-register > + @APP=$(call abspath, $(1)); \ > + FW=/usr/libexec/ApplicationFirewall/socketfilterfw; \ > + if ! $$FW --getappblocked $$APP | grep 'is permitted' > /dev/null; then \ > + sudo $$FW --add $$APP && \ > + sudo $$FW --unblock $$APP; \ > + fi > +endef > + > +# Ensure mpiexec.hydra and test executable is on firewall list > +define macos-firewall-fix > + $(call macos-firewall-register, $(shell which mpiexec.hydra)) > + $(call macos-firewall-register, $(1)) > +endef > + > # Test executables > $(testexe.F) $(testexe.F90) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ > $(libpetscall) > $(call quiet,FLINKER) -o $@ $^ $(PETSC_TEST_LIB) > + $(call macos-firewall-fix,$@) > > $(testexe.c) $(testexe.cu) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ $(libpetscall) > $(call quiet,CLINKER) -o $@ $^ $(PETSC_TEST_LIB) > + $(call macos-firewall-fix,$@) > > $(testexe.kokkos.cxx) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ $(libpetscall) > $(call quiet,PETSC_LINK.kokkos.cxx) -o $@ $^ $(PETSC_TEST_LIB) > + $(call macos-firewall-fix,$@) > > $(testexe.cxx) : $(TESTDIR)/% : $(TESTDIR)/%.o $$^ $(libpetscall) > $(call quiet,CXXLINKER) -o $@ $^ $(PETSC_TEST_LIB) > + $(call macos-firewall-fix,$@) > > # Fortran source files need petsc*.mod, which isn't explicitly managed in > the makefile. > $(foreach pkg, $(pkgs), $(call concattestlang,$(pkg),F F90)) : $(libpetscall)
