Support Center

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

How to get rid of firewall “accept incoming connections” dialog for lemur daemon?

Ouatataz Dec 10, 2015 04:28PM CET

Hi all,

Since I have upgraded towards Lemur 5.3.1a app, the firewall “accept incoming connections” dialog appears each time I launch the lemur daemon (even if I clicked on "allow" each time) which is annoying since it launches at OSX boot...

I know that the app is not signed but normally, if you accept once, the app is stored in the firewall exception list (this is OK) and OSX firewall does not prompt you again (this is not OK...).

I have tried to remove the lemur from the firewall exception list in system prefs and to add it again, but this did not solve the problem.
I have also tried to delete the net.liine.lemurdaemon.plist file I found in my preferences folders but it did not resolve the problem too.

Can someone please tell me how to fix this issue ?
Thank you very much
All the best.


System : OSX Yosemite / Lemur 5.3.1a

Up 3 rated Down
Ouatataz Dec 11, 2015 11:42PM CET
Found a way by myself...

Generate a code-signing certificate for apps with code not signed and for which the « allow incoming connections » of the firewall prompts each time the app is launched

Every app in OS X should be signed by the developer. This signature ensures that the contents of the application haven't been changed. The firewall verifies this signature as part of its process. When the signature verification process fails, you will receive this Allow/Deny error message every time you use the program, even if you click Allow on the dialog box.

1 / To verify code-signing of an app : codesign -dvvvv /path/to/app

2 / Create your own code-signing certificate :

• Open Keychain

• Menu Keychain Access > Certificate Assistant > Create a certificate. This launches the Certificate Assistant.

• Name: Enter some arbitrary string here that you can remember. Avoid spaces otherwise you'll need to escape the cert's name when using codesign from the command line.
• Identity type: Self Signed Root
• Certificate Type: Code Signing
• Check the box "Let me override defaults", this is quite important
• Serial number: 1 (OK as long as the cert name/serial no. combination is unique)
• Validity Period: 3650 (gives you 10 years)
• Email, Name, etc. fill out as you wish.
• Key pair info: set to RSA, 2048 bits. Does not really matter IMHO.
• From "Key usage extension" up to "Subject Alternate Name Extension": accept the defaults.
• Location: login keychain.

• Once it is created, set to « Always trust » in the Login Keychain

3 / Re-signing an app : sudo codesign -f -s <certname> /path/to/app --deep

4 / Verify that it worked : codesign -dvvvv /path/to/app

5 / Enjoy !!!

This question has received the maximum number of answers.
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found