I'm running web2py from a 'server' running Snow Leopard. The OS X firewall is set up for application-based control. Apple either expects a digitally signed application or the firewall will sign it itself when it is manually added. Some applications can't be signed, because (according to Apple) they 'check their own integrity and are not digitally signed'. It seems web2py falls into this category.
What makes this a pain is that an unsignable application requires you to click an Allow button in the UI before it is allowed to accept incoming connections. So when I remotely reboot the server or restart web2py I have to VNC to the box just to click the button. So, my question: is there a 'signed' version of web2py for OS X? Is there something I could do to the web2py.app to make it 'signable' by the firewall? Here is Apple's description: Digitally-signed applications All applications not in the list that have been digitally signed by a Certificate Authority trusted by the system (for the purpose of code signing) are allowed to receive incoming connections. Every Apple application in Mac OS X v10.6 has been signed by Apple and is allowed to receive incoming connections. If you wish to deny a digitally signed application, you should first add it to the list and then explicitly deny it. If you run an unsigned application not in the Application Firewall list, you will be presented with a dialog with options to Allow or Deny connections for the application. If you choose Allow, Mac OS X v10.6 will sign the application and automatically add it to the Application Firewall list. If you choose Deny, Mac OS X v10.6 will sign the application, automatically add it to the Application Firewall list and deny the connection. Some applications check their own integrity when they are run without using code signing. If the Application Firewall recognizes such an application it will not sign it, but then it will re-present the dialog every time the application is run. This may be avoided by upgrading to a version of the application which is signed by its developer.