Re: Getting rid of "accept incoming network connections" prompts on OS X

Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> On Fri, Oct 24, 2014 at 8:26 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>> On Fri, Oct 24, 2014 at 7:18 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>>> On 10/21/14 1:16 PM, Tom Lane wrote:
>>>> If you do any Postgres development on OS X, you've probably gotten
>>>> seriously annoyed by the way that, every single time you reinstall the
>>>> postmaster executable, you get a dialog box asking whether you'd like
>>>> to allow it to accept incoming network connections.

>>> I used to, but somehow I don't see this anymore. Just to be sure, I
>>> made sure the firewall is on, checked that postgres is not in the
>>> exception list, rebooted, built postgresql from scratch, ran make check,
>>> but no pop-up.
>>>
>>> I'm on Yosemite. Maybe this was changed.

>> I've never seen it on any version of OS X (I've worked my way from
>> Panther to Yosemite). There must be more to it...

I see it every darn time I've changed the postmaster executable.
Maybe there is a difference in security settings? I have the firewall
enabled and in Settings->Security->General, "Allow apps downloaded from:
Mac App Store and identified developers", which I think is the default.
[ experiments... ] Hm, setting that to "Anywhere" doesn't change the
results anyway.

> FWIW, with firewall at on, I am used to see this annoying popup window when
> starting an instance manually, make check never complains though.

Ah. pg_regress sets listen_addresses to empty so that no TCP ports
are opened, hence no firewall complaints from "make check". However,
as soon as you start a normal installation, you get the complaint,
as even an open port on 127.0.0.1 is enough to provoke it.

Peter, Dave: maybe you have tweaked things to keep listen_addresses
empty and rely only on Unix-socket connections?

regards, tom lane