tools/devshell/setup-macos - fuchsia - Git at Google

 #!/usr/bin/env bash
 # Copyright 2020 The Fuchsia Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 #### CATEGORY=Other
 ### register host tools at MacOS Application Firewall
 ## Register host tools at MacOS Application Firewall
 ##
 ## NOTE: This script uses sudo and will thus ask for your password!
 ##
 ##   -n|--dry-run         Just print all steps, don't do any configuration

 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/lib/vars.sh || exit $?
 fx-config-read

 FIREWALL_CMD="/usr/libexec/ApplicationFirewall/socketfilterfw"

 # TODO(65725): produce build manifest of this information instead.
 FIREWALL_TOOLS=(
   ascendd
   bootserver
   device-finder
   diag_tool
   dockyard_host
   ffx
   loglistener
   netaddr
   netcp
   netls
   netruncmd
   onet
   pm
   scrutiny
   sockscripter
   traceutil
   triage
   whereiscl
   zxdb
 )

 function dryer {
   if ! "$dryrun"; then
     "${@}"
     return $?
   fi
   echo >&2 "+ $@"
   return 0
 }

 function list_tools {
   TOOL_LIST="$(${FIREWALL_CMD} --listapps | grep "${FUCHSIA_DIR}" | awk '{print $3}')"
   for f in "${TOOL_LIST[@]}"; do
     echo "${f}"
   done
 }

 function clear_tools {
   TOOL_LIST="$(${FIREWALL_CMD} --listapps | grep "${FUCHSIA_DIR}" | awk '{print $3}')"
   for f in ${TOOL_LIST}; do
     dryer sudo ${FIREWALL_CMD} --remove "${f}" > /dev/null
   done
 }

 function allow_tools {
   for tool in "${FIREWALL_TOOLS[@]}"; do
     for f in "${FUCHSIA_BUILD_DIR}/host-tools/${tool}" "${FUCHSIA_BUILD_DIR}"/host_*/"${tool}" "${FUCHSIA_BUILD_DIR}"/host_*/exe.unstripped/"${tool}"; do
       dryer sudo ${FIREWALL_CMD} --add "$f" --unblockapp "$f" > /dev/null
     done
   done
 }

 function main {
   echo "  clearing firewall rules.."
   clear_tools
   echo "  adding firewall rules.."
   allow_tools

   # Activate the changes
   dryer sudo ${FIREWALL_CMD} --setglobalstate off > /dev/null
   dryer sudo ${FIREWALL_CMD} --setglobalstate on > /dev/null
   echo "..done"

   echo "  following tools are registered in the firewall rules:"
   echo " "
   list_tools
   echo " "
 }

 dryrun=false
 while [[ $# > 0 ]]; do
   case "$1" in
   -n|--dry-run)
     fx-warn "Running in dry-run mode"
     dryrun=true
     ;;
   -h|--help|*)
     fx-command-help
     exit 1
     ;;
   esac
   shift
 done

 main
	#!/usr/bin/env bash
	# Copyright 2020 The Fuchsia Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	#### CATEGORY=Other
	### register host tools at MacOS Application Firewall
	## Register host tools at MacOS Application Firewall
	##
	## NOTE: This script uses sudo and will thus ask for your password!
	##
	## -n\|--dry-run Just print all steps, don't do any configuration

	source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/lib/vars.sh \|\| exit $?
	fx-config-read

	FIREWALL_CMD="/usr/libexec/ApplicationFirewall/socketfilterfw"

	# TODO(65725): produce build manifest of this information instead.
	FIREWALL_TOOLS=(
	ascendd
	bootserver
	device-finder
	diag_tool
	dockyard_host
	ffx
	loglistener
	netaddr
	netcp
	netls
	netruncmd
	onet
	pm
	scrutiny
	sockscripter
	traceutil
	triage
	whereiscl
	zxdb
	)

	function dryer {
	if ! "$dryrun"; then
	"${@}"
	return $?
	fi
	echo >&2 "+ $@"
	return 0
	}

	function list_tools {
	TOOL_LIST="$(${FIREWALL_CMD} --listapps \| grep "${FUCHSIA_DIR}" \| awk '{print $3}')"
	for f in "${TOOL_LIST[@]}"; do
	echo "${f}"
	done
	}

	function clear_tools {
	TOOL_LIST="$(${FIREWALL_CMD} --listapps \| grep "${FUCHSIA_DIR}" \| awk '{print $3}')"
	for f in ${TOOL_LIST}; do
	dryer sudo ${FIREWALL_CMD} --remove "${f}" > /dev/null
	done
	}

	function allow_tools {
	for tool in "${FIREWALL_TOOLS[@]}"; do
	for f in "${FUCHSIA_BUILD_DIR}/host-tools/${tool}" "${FUCHSIA_BUILD_DIR}"/host_/"${tool}" "${FUCHSIA_BUILD_DIR}"/host_/exe.unstripped/"${tool}"; do
	dryer sudo ${FIREWALL_CMD} --add "$f" --unblockapp "$f" > /dev/null
	done
	done
	}

	function main {
	echo " clearing firewall rules.."
	clear_tools
	echo " adding firewall rules.."
	allow_tools

	# Activate the changes
	dryer sudo ${FIREWALL_CMD} --setglobalstate off > /dev/null
	dryer sudo ${FIREWALL_CMD} --setglobalstate on > /dev/null
	echo "..done"

	echo " following tools are registered in the firewall rules:"
	echo " "
	list_tools
	echo " "
	}

	dryrun=false
	while [[ $# > 0 ]]; do
	case "$1" in
	-n\|--dry-run)
	fx-warn "Running in dry-run mode"
	dryrun=true
	;;
	-h\|--help\|*)
	fx-command-help
	exit 1
	;;
	esac
	shift
	done

	main