Skip to content

Commit

Permalink
tools: add macosx-firwall script to avoid popups
Browse files Browse the repository at this point in the history
Currently, there are a number of popups that get displayed when running
the tests asking to accept incoming network connections. Rules can be
added manually to the socket firewall on Mac OS X but getting this right
might not be obvious and quite a lot of time can be wasted trying to get
the rules right. This script hopes to simplify things a little so that
it can be re-run when needed.

The script should be runnable from both the projects root directory and
from the tools directory, for example:
$ sudo ./tools/macosx-firewall.sh

Fixes: #8911
PR-URL: #10114
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
danbev authored and MylesBorins committed Feb 1, 2017
1 parent 210290d commit b5e18f2
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 0 deletions.
9 changes: 9 additions & 0 deletions BUILDING.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,15 @@ On OS X, you will also need:
this under the menu `Xcode -> Preferences -> Downloads`
* This step will install `gcc` and the related toolchain containing `make`

* You may want to setup [firewall rules](tools/macosx-firewall.sh) to avoid
popups asking to accept incoming network connections when running tests:

```console
$ sudo ./tools/macosx-firewall.sh
```
Running this script will add rules for the executable `node` in the out
directory and the symbolic `node` link in the projects root directory.

On FreeBSD and OpenBSD, you may also need:
* libexecinfo (FreeBSD and OpenBSD only)

Expand Down
48 changes: 48 additions & 0 deletions tools/macosx-firewall.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/bin/bash
# Script that adds rules to Mac OS X Socket Firewall to avoid
# popups asking to accept incoming network connections when
# running tests.
SFW="/usr/libexec/ApplicationFirewall/socketfilterfw"
TOOLSDIR="`dirname \"$0\"`"
TOOLSDIR="`( cd \"$TOOLSDIR\" && pwd) `"
ROOTDIR="`( cd \"$TOOLSDIR/..\" && pwd) `"
OUTDIR="$TOOLSDIR/../out"
# Using cd and pwd here so that the path used for socketfilterfw does not
# contain a '..', which seems to cause the rules to be incorrectly added
# and they are not removed when this script is re-run. Instead the new
# rules are simply appended. By using pwd we can get the full path
# without '..' and things work as expected.
OUTDIR="`( cd \"$OUTDIR\" && pwd) `"
NODE_RELEASE="$OUTDIR/Release/node"
NODE_DEBUG="$OUTDIR/Debug/node"
NODE_LINK="$ROOTDIR/node"
CCTEST_RELEASE="$OUTDIR/Release/cctest"
CCTEST_DEBUG="$OUTDIR/Debug/cctest"

if [ -f $SFW ];
then
# Duplicating these commands on purpose as the symbolic link node might be
# linked to either out/Debug/node or out/Release/node depending on the
# BUILDTYPE.
$SFW --remove "$NODE_DEBUG"
$SFW --remove "$NODE_DEBUG"
$SFW --remove "$NODE_RELEASE"
$SFW --remove "$NODE_RELEASE"
$SFW --remove "$NODE_LINK"
$SFW --remove "$CCTEST_DEBUG"
$SFW --remove "$CCTEST_RELEASE"

$SFW --add "$NODE_DEBUG"
$SFW --add "$NODE_RELEASE"
$SFW --add "$NODE_LINK"
$SFW --add "$CCTEST_DEBUG"
$SFW --add "$CCTEST_RELEASE"

$SFW --unblock "$NODE_DEBUG"
$SFW --unblock "$NODE_RELEASE"
$SFW --unblock "$NODE_LINK"
$SFW --unblock "$CCTEST_DEBUG"
$SFW --unblock "$CCTEST_RELEASE"
else
echo "SocketFirewall not found in location: $SFW"
fi

0 comments on commit b5e18f2

Please sign in to comment.