Skip to content

gh-132006: Add support for handling XCPrivacy manifests #139163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 28, 2025
Merged

gh-132006: Add support for handling XCPrivacy manifests #139163

merged 2 commits into from
Sep 28, 2025
+55 −2

Conversation

freakboy3742
Copy link
Contributor

@freakboy3742 freakboy3742 commented Sep 19, 2025
edited by github-actions bot
Loading

The iOS App Store flags certain frameworks as being "privacy sensitive"; apps using those frameworks must provide an Privacy Manifest declaring why certain features are used.

This PR makes 2 changes:

  • If a .xcprivacy file matching a binary module name is found next to the module while processing modules into frameworks, that .xcprivacy file will be installed as part of the framework.
  • An .xcprivacy file is added to the standard library for _hashlib and _ssl, as they both use OpenSSL, which is one of the "privacy sensitive" frameworks.

📚 Documentation preview 📚: https://cpython-previews--139163.org.readthedocs.build/

@bedevere-app bedevere-app bot mentioned this pull request Sep 19, 2025
Closed
@freakboy3742
Copy link
Contributor Author

!buildbot iOS

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @freakboy3742 for commit 18f55ce 🤖

Results will be shown at:

https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F139163%2Fmerge

The command will test the builders whose names match following regular expression: iOS

The builders matched are:

  • iOS ARM64 Simulator PR

ned-deily
ned-deily reviewed Sep 22, 2025
View reviewed changes
Copy link
Member

@ned-deily ned-deily left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly, while copying .xcprivacy for third-party libs into the Python xcframework seems like the right thing to do (i.e. change 1 above), I don't think we should be supplying a hard-coded .xcprivacy file in the cpython repo for a third-party package (i.e. OpenSSL in step 2). While that is probably innocuous in this particular case as of current OpenSSL releases, there's no guarantee that it won't change in the future and is setting a precedent that might be problematic for another third-party package in the future. Since OpenSSL now provides .xcprivacy files in their current source releases (I looked at 3.0.17 and 3.5.3), we should be using the files as released which means that they should be included in any binary releases of the third-party packages that we use and copied from there.

When we get to the stage of building these third-party libs for iOS as part of the Python release process, it would be easy to handle this directly. I don't know how difficult it would be to include it with the beeware package that is being used at the moment but it seems to me that that would be the right place to pick it up from. There might have to be an interim solution but we should aim to not be duplicating such files in cpython: we shouldn't be making privacy assertions for other projects.

@freakboy3742
Copy link
Contributor Author

If I understand correctly, while copying .xcprivacy for third-party libs into the Python xcframework seems like the right thing to do (i.e. change 1 above), I don't think we should be supplying a hard-coded .xcprivacy file in the cpython repo for a third-party package (i.e. OpenSSL in step 2). While that is probably innocuous in this particular case as of current OpenSSL releases, there's no guarantee that it won't change in the future and is setting a precedent that might be problematic for another third-party package in the future. Since OpenSSL now provides .xcprivacy files in their current source releases (I looked at 3.0.17 and 3.5.3), we should be using the files as released which means that they should be included in any binary releases of the third-party packages that we use and copied from there.

That's a fair point. It's not a major issue to add that file as part of the OpenSSL artefact generated as part of BeeWare's cpython-apple-source-deps repository; and I agree that it makes more sense to go direct to the source, rather than hard-code a version into CPython's codebase.

I'm about to head to the airport to head back home; I'll work those changes through and update this PR once I'm back in the office.

@freakboy3742
Copy link
Contributor Author

!buildbot iOS

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @freakboy3742 for commit ba3d408 🤖

Results will be shown at:

https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F139163%2Fmerge

The command will test the builders whose names match following regular expression: iOS

The builders matched are:

  • iOS ARM64 Simulator PR

@freakboy3742
Copy link
Contributor Author

@ned-deily I've pushed an updated version of the OpenSSL library, which includes the .xcprivacy file as a resource. The build copies from that version, rather than including it as part of CPython sources.

ned-deily
ned-deily approved these changes Sep 28, 2025
View reviewed changes
Copy link
Member

@ned-deily ned-deily left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@freakboy3742 freakboy3742 merged commit 195d13c into python:main Sep 28, 2025
50 checks passed
@freakboy3742 freakboy3742 deleted the xcprivacy branch September 28, 2025 21:50
@freakboy3742 freakboy3742 added the needs backport to 3.14 bugs and security fixes label Sep 28, 2025
@miss-islington-app
Copy link

Thanks @freakboy3742 for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Sorry, @freakboy3742, I could not cleanly backport this to 3.14 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 195d13c85e17ab5cf6ac2a6de098bbf514cae207 3.14

@freakboy3742
Copy link
Contributor Author

Ah - this can't be cherry picked until #139204 is merged.

@freakboy3742 freakboy3742 added needs backport to 3.14 bugs and security fixes and removed needs backport to 3.14 bugs and security fixes labels Sep 29, 2025
@miss-islington-app
Copy link

Thanks @freakboy3742 for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 29, 2025
@freakboy3742 @miss-islington
pythongh-132006: Add support for handling XCPrivacy manifests (python…
470eb64 
…GH-139163)

Adds a PrivacyInfo.xcprivacy file when packaging `_hashlib` and `_ssl` modules
for iOS (based on the original OpenSSL sources); and adds handling to the build
script to allow any app to add `xcprivacy` handling for a binary module.
(cherry picked from commit 195d13c)

Co-authored-by: Russell Keith-Magee <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Sep 29, 2025

GH-139410 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Sep 29, 2025
hugovk pushed a commit that referenced this pull request Oct 1, 2025
@miss-islington @freakboy3742
[3.14] gh-132006: Add support for handling XCPrivacy manifests (GH-13…
86bc87b 
…9163) (#139410)

Co-authored-by: Russell Keith-Magee <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ned-deily ned-deily ned-deily approved these changes

Assignees

@freakboy3742 freakboy3742

Labels
OS-ios
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@freakboy3742 @bedevere-bot @ned-deily