If you’ve enabled the built in firewall in macOS, the system can sometimes ask if you would like to allow an application to accept incoming connections. Usually this is simply a matter of choosing “Allow” or “Deny” and the system will remember your selection. However, certain apps may show this dialog every time they’re launched. Let’s look at how to fix that.

The reason why this can occur is due to code signing, that was introduced in a previous version of Mac OS X. Modern apps tend to handle this automatically, but legacy apps may run into issues.

Thankfully the process to fix this is actually quite simple.

Checking for an existing signature

Firstly, let’s check for an existing signature.

codesign -dv <path to the application>

The d displays the code signature, if one exists, and the v is to increase the verbosity of info displayed.

If you want to read more about the codesign command (or any command, for that matter), you can type man and then the command name in the Terminal to read the manual page. ¹

If you see a message saying code object is not signed at all, then you’ll need to sign the application. Read on for instructions.

Signing the application

Open up Terminal and enter the following. (You’ll need to enter your local admin password to run the command as a more privileged user to ensure that you won’t run into any permissions errors.)

sudo codesign --force --deep --sign - <path to the application>

For me, I was having this problem with Bowtie, located at /Applications/Bowtie.app, so my command looked like:

sudo codesign --force --deep --sign - /Applications/Bowtie.app

The first time I ran this, an error occurred, saying resource fork, Finder information, or similar detritus not allowed. The fix for this is also simple.

xattr -rc <path to the application>

After that’s run, you can re-run the codesign command and hopefully you’ll see no errors listed.

Verifying that it worked

To verify that the code signing has worked, you can rerun the command to display the code signature. This time, you should see information about the app and signature, including hashes.

codesign -dv <path to the application>