How do I stop my Mac from asking to accept incoming network connections?

I am using Syncthing, which is an application to sync files between two or more computers. I believe Syncthing (on github) needs to be allowed to Accept incoming network connections to work properly.

Mac OS X has a build-in firewall, which constantly asks me, if I want to allow syncthing to accept incoming network connections in form of a pop-up window. Usually, this only is asked once for an application, but for some reason this pop-up appears at least 4 times a day.

It might be related to an automated update functionality that results in a new binary showing up once in a while (similar to what Google Chrome does). However, the update frequency of this application is much lower compared to the amount of pop-ups I am receiving.

Any idea what I could do to make Mac OS X stop asking me this question for a specific application or is there just no way around it?

It would be great if there was also a default choice that would be made in case I am away from the machine. Any idea how this could be accomplished - without turning the firewall off?


Solution 1:

This might be caused by a missing or wrong digital signature. Like Apple explains:

If you run an unsigned app that is not listed in the firewall list, a dialog appears with options to Allow or Deny connections for the app. If you choose Allow, OS X signs the application and automatically adds it to the firewall list.

[...]

Some apps check their own integrity when they are opened without using code signing. If the firewall recognizes such an app it doesn't sign it. Instead, it the "Allow or Deny" dialog appears every time the app is opened. This can be avoided by upgrading to a version of the app that is signed by its developer.

This dialog might also be shown every time if the application is signed, but the signature of the application itself is broken, like even for iTunes.

You can check the signature by running the following command in Terminal (I am not sure about your application's name here):

codesign --verify -vv /Applications/Syncthing.app/

Alternatively, maybe remove the application in the firewall settings, and then see if accepting once more is enough to stop OS X prompting you? Or maybe explicitly add it through those settings?

And as for the default: make sure the option "Automatically allow signed software to receive incoming connections" is enabled:

Solution 2:

This instruction permanently disables this annoying pop-up and the solution is applicable to all apps missing or having a wrong digital signature.

In short:

sudo codesign --force --deep --sign - path-to-the-app.app