Posts: 4
Joined: Apr 2014
Reputation:
1
XBMC Firewall issue
So this is a collection of all the advice I found to solve the problem of Firewall Popup on XBMC
The first step is to obtaining a code signing certificate
In order to sign applications, you need to have a code signing certificate in your keychain.
If you're doing it just to modify applications for your own use (or you're a freeware or shareware developer who doesn't want the independent verification), you can generate your own certificate to use. This is done using the Keychain Access application, in the Utilities folder. Here's how:
1. Open Keychain Access.
2. Go to the Keychain Access menu, and under Certificate Assistant, choose Create a Certificate
3. Name your Certificate. (XBMC)
4. For Type, choose Self Signed Root.
5. Make sure Let me override defaults is checked and click Continue.
6. Under Serial Number, use a random number. Just make sure there is no other certificate on your system with the same name and serial number
7. Give yourself a sufficiently long validity period. For a little over 5 years, use 2000 days. For almost 11 years, choose 4000 days.
8. Under Certificate Type, choose Code Signing, and click Continue.
9. Enter your personal information on the next screen. Have fun with Organization and Organizational Unit. After all, this is for your own personal use. Don't use "Apple." I myself used something like "Orange Computer" for Organization and "Hacking Department" for Organizational Unit. Click Continue when all has been filled out.
10. For Key Pair Information, accept the defaults and click Continue.
11. For Key Usage Extension, accept the defaults and click Continue.
12. For Extended Key Usage Extension, accept the defaults and click Continue.
13. For Basic Constraints Extension, accept the defaults and click Continue.
14. For Subject Alternate Name Extension, accept the defaults and click Continue.
15. Use your "login" keychain to store the certificate and click Continue.
16. Now you have to set your certificate to be "trusted."
17. Go to your keychain, and right click (control click) on the new certificate you made and choose Get Info.
18. Open the triangle next to Trust.
19. Go down to Code Signing, and choose Always Trust.
20. Close the box. The system will ask for your admin password. Enter it and click OK.
Next step
Downloaded python 2.6 here extracted the zip file and copied FolderExtracted//Python-2.6.9/Mac/Resources/framework/Info.plist.in to /Applications/XBMC.app/Contents/Frameworks/lib/python2.6/. I renamed the file from Info.plist.in to Info.plist and ran the self-sign code mentioned earlier in this thread.
Run the code sign command on the terminal app.
codesign -s XBMC -f --deep /Applications/XBMC.app/
First time you try it will fail. And your Mac should want to install Apple’s Command Line Install Tool. That's good let the computer install it. Once installed run the command on the terminal again. codesign -s XBMC -f --deep /Applications/XBMC.app/
Then verify that it worked by running
codesign -vvv /Applications/XBMC.app/
Last but not least is to go to System Preferences, Security&Privacy, Firewall. In Firewall Options, Add XBMX.app to "allow incoming connections” If you already have XBMC on the list delete it and then add it again
This should get you most of the way there. It worked for me. Good luck
Posts: 67
Joined: Nov 2011
Reputation:
0
That seems like an excessively complicated route to solve a problem that didn't exists on previous versions of XBMC. Hopefully this problem will not be present in Gotham
Mac mini 2012
Drobo 4 bay
4 three terabyte HHD
Drobo 5 bay
5 four terabyte HHD
Posts: 4
Joined: Apr 2014
Reputation:
1
No kindling!
If I had known it would take all that I would not have bothered. Its really a programming issue caused by OSX Mavericks changing the way it handles code signatures.
Posts: 464
Joined: Aug 2009
Reputation:
9
2014-05-03, 00:18
(This post was last modified: 2014-05-03, 00:19 by VonMagnum.)
Yeah, I'm sure all the other software out there (literally everything I have anyway) had to go to hell and high water to avoid Mavericks Firewall problems. In other words, like I said above, it's funny how they ALL work just fine in Mavericks and only XBMC has an issue.
My interim solution (until such time as someone on the XBMC team blesses us with an actual fix) is to just turn off Airplay in XBMC until I actually need to use it (not often given my AppleTVs have their own Airplay support built-in). The firewall issue just disappears then (well Airplay isn't the only thing that can make it crop up, but the rest are things I don't use either).
THEATER: Epson 3100 3D Projector, DaLite 92" screen, 11.1.6 (Marantz SR7012 + Yamaha HTR-5960 + Onkyo ESPro) - Mixed Dialog Lift - PSB T45/B15/S50/X1T/CS500 Speakers & Def Tech PF-1500 15" sub ; Sources: PS4, LG UP875 UHD, Nvidia Shield (KODI), ATV4K, Zidoo X9S (ZDMC), LD, GameCube
Posts: 67
Joined: Nov 2011
Reputation:
0
I've upgraded to Gotham and am still having this problem. So every time I boot up XBMC i have to get up off the couch go to my computer minimize the XBMC window do that i can give it permission. not only is this incredibly frustrating and annoying I really expected it to be fixed in Gotham. The only other program that does this is filebot which I use to rename my media. But that I can handle since I'm at my computer not on my couch with a remote instead of a mouse and keyboard.
Mac mini 2012
Drobo 4 bay
4 three terabyte HHD
Drobo 5 bay
5 four terabyte HHD
Posts: 31,445
Joined: Jan 2011
I don't understand all the technical details of why this happens, but I get the feeling that this -really- isn't XBMC's problem. The issue seems to be that if you want to use Apple's firewall and Apple's various security precautions then you have to play by Apple's rules. Apple gets more strict every year (and I don't blame them when it helps the average user). By default, you can't even install XBMC without bypassing gatekeeper, for example. If the devs have time and think it's worthwhile, then maybe one of them will find a way around Apple's requirements and restrictions, but eventually it's going to get to a point where you have to turn off more Apple security stuff to even use applications that aren't sandboxed or aren't signed by an Apple developer ID.
There's little incentive for a dev to fix this problem for other reasons. For one, not a lot of people enable the computer-level firewall. If your local network is protected (wifi password) then even the cheapest router will provide a firewall that is just as good. People typically dedicate a machine to run XBMC, and there often isn't much of a need to have high security features on something that is just a media center.
Maybe this is bad security philosophy, I don't know, but it seems like the easiest solution is right in front of everyone: stop using Apple's firewall. There are even other software firewalls out there that you can install on Mac OS X, like Little Snitch.
Posts: 464
Joined: Aug 2009
Reputation:
9
2014-06-18, 04:36
(This post was last modified: 2014-06-18, 04:47 by VonMagnum.)
It worked fine in 10.9.2 (asked once but never again).
I tested it in 10.6.8 as well and saw no nag requests, but then I'm not sure if they ever showed up in Snow Leopard to begin with.
THEATER: Epson 3100 3D Projector, DaLite 92" screen, 11.1.6 (Marantz SR7012 + Yamaha HTR-5960 + Onkyo ESPro) - Mixed Dialog Lift - PSB T45/B15/S50/X1T/CS500 Speakers & Def Tech PF-1500 15" sub ; Sources: PS4, LG UP875 UHD, Nvidia Shield (KODI), ATV4K, Zidoo X9S (ZDMC), LD, GameCube
Posts: 195
Joined: Dec 2012
Reputation:
2
Tested in Mavericks - all good now. Fantastic stuff Memphiz
Posts: 4
Joined: Mar 2014
Reputation:
0
Great, with XBMC 14.0.alpha1 and OSX 10.9.4 no Firewall popup anymore!
thx Memphiz
Posts: 6
Joined: Jan 2012
Reputation:
0
2015-08-08, 00:11
(This post was last modified: 2015-08-08, 00:16 by keithbarrett.)
On my system I only needed to replace the DOCTYPE and version lines in Kodi's plist file with the one's from python, rather than replacing the entire plist file.. This let the app stay identified as Kodi