Python.app blocked in Mac firewall

plexconnect

#1

I've been enjoying Plexconnect without any issues until I updated to El Capitan two days ago.
Now every time I launch PlexConnect.py I get a pop up (three identical popups actually) asking if I want Python.app to accept incoming connections. I answer yes and verify that python.app is indeed in the firewall rules (but it was there already, it's always been there).
I go watch the television and there's no trailers available. Look in my activity monitor there are 5 or 6 python apps running, each with a different PID. My understanding is that this app somehow changes itself so there is no point in allowing it in the Firewall.
If I disable my Mac firewall everything works, but of course I'd rather have my Firewall running at all times.
Any ideas?


#2

yes configure the firewall right. Even if you said its inthere make all rules new and see again.


#3

Yeah, Mac Firewall sucks here. I have a couple of Apps that show this behavior. It is nothing Python / Plex specific.

What fixed it on my system for Kodi is the following:
sudo codesign --force --sign - /Applications/Kodi.app/

This signs the application with a new local key. For it to work your will need to have XCode and the Command Line Tools for Xcode installed on your system.


#4

Yes but I don't understand why it's been working perfectly until 2 days ago when I updated to El Capitan. The Firewall is just the same as Yosemite.


#5

OpenPlex also codesigns python automagically for your firewall.


#6

If I go through the hassle of 'codesigning' Python.app - which apparently is the culprit since the Firewall keeps asking to allow incoming connections for it - what's the point really, since as far as I know when you add an app to OSX's firewall it gets signed automatically...?


#7

Depends on the app installed. Python for some reason isn't code signed. I believe this is what you type in terminal to fix it:

sudo codesign -f -s - /Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app


#8

I tried thanks, the first message from Terminal seems good but the second one gives an 'Operation not permitted' error (?) ... I entered my password correctly.

/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app: replacing existing signature
/System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app: Operation not permitted


#9

Try this one: sudo codesign --force --sign - /usr/bin/python


#10

Ah El Capitan....try this after you enter recovery mode (hold option @ boot). Enter a terminal while in recovery then type this:

csrutil disable

Reboot OS X then try:

sudo codesign -f -s - /Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app


#11

@coz2001 : thanks but it did not work.

@wahlman.j : thanks it did work, PROBLEM SOLVED!! I have managed to codesign python.app and of course I have re-enabled System Integrity Protection by running 'csrutil enable' after that.

Apparently I have now my Firewall running AND Apple TV/PlexConnect.py working again.

I think this thread will be useful to everyone in the same situation after the El Capitan update.


#12

Did you make a clean install or update?

I have just make a clean install on another mac not plex server and when 'python -V' in terminal it returns 2.7.10, so my question is do we need to install python at all seems to be installed from start?


#13

I updated from Yosemite to El Capitan.
I've never installed Python, I also get 2.7.10 with python -V
I also think that it's installed from start and have no idea why codesigning python.app is required (at least in my case), yet it worked.


#14

@wahlman.j said:
Ah El Capitan....try this after you enter recovery mode (hold option @ boot). Enter a terminal while in recovery then type this:

csrutil disable

Reboot OS X then try:

sudo codesign -f -s - /Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app

I just bumped into this problem as well and - thankfully - found this thread.

@wahlman, I have a quick question. Do I have to be inSafe Boot to disable / enable CSR or can this be done in a regular system boot as well?

*UPDATE: I just found the answer myself. It can't be done out of Safe Boot. Please ignore my question :-S *


#15

Clean El Capitan, I have disabled crsutil (and left it disabled), tried all the codesign commands above with no errors, I still continue to get the python allow (3 times) each time I restart the computer, or have to restart plex. I also have openplex installed, which you guys say codesigns python... this is a very annoying issue... are there any fixes that are more straightforward????


#16

Try this:

https://forums.plex.tv/discussion/224862/python-app-not-accepting-incoming-network-connections

My mistake if it works...


#17

I have macOS High Sierra 10.13 beta, with everything newly installed and mac firewall is on.
By doing codesign to Plex app, it works (without reboot computer or router).

$ sudo codesign --force --sign - /Applications/Plex\ Media\ Server.app/

I did close and re-open the plex server instance.