Add an Apple privacy info file for OpenSSL. by slontis · Pull Request #24032 · openssl/openssl

slontis · 2024-04-04T04:35:50Z

Checklist

documentation is added or updated
tests are added or updated

Fixes openssl#23494

slontis · 2024-04-04T04:47:54Z

Fixes #23494

t8m · 2024-04-04T08:50:45Z

Should we treat it as a bug fix and add it on all branches?

t8m · 2024-04-04T08:51:30Z

Or documentation actually.

t8m · 2024-04-04T08:53:22Z

As @fwh-dc is the community maintainer of iOS platforms I kindly ask him to review this.

fwh-dc · 2024-04-04T09:56:04Z

LGTM.

I have one minor thing to consider:
Should we copy this file to the install location of ios build targets to make it more convenient when packaging an xcframework?

kroeckx · 2024-04-04T10:18:37Z

There is also a discussion about this at #23262

paulidale

I'm fine back merging this anywhere.

slontis · 2024-04-05T02:44:32Z

someone with better knowledge of the config/perl would need to add it to the install process.. At least this gives a reference file.

t8m · 2024-04-05T07:15:50Z

@fwh-dc Which directory it should be installed to? The same where the libcrypto/libssl .dylib is installed to? BTW the iOS targets by default disable shared build so there is actually no .dylib built. So I would skip installing this anywhere for now.

The iOS targets really need some fine-tuning/cleanups IMO to be more comprehensive and useful.

fwh-dc · 2024-04-05T08:00:47Z

@fwh-dc Which directory it should be installed to? The same where the libcrypto/libssl .dylib is installed to? BTW the iOS targets by default disable shared build so there is actually no .dylib built. So I would skip installing this anywhere for now.

Good question. I think it's fine to just have the file for reference as suggested. We can always improve from there.

MichaelWellsSM · 2024-04-05T18:02:40Z

Doesn't this need to be added to the appropriate directory in the podspec and packaging (resource bundle) ?

davidben · 2024-04-05T21:52:33Z

Based on #23494 (comment), I take it this was derived from the BoringSSL one? Keep in mind that stat appears in this list:
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc

We have an empty one, but we'd also removed our remaining stat call. I haven't looked too carefully at this, but it's possible you all may need either code changes or a different manifest.

openssl-machine · 2024-04-05T23:00:09Z

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

paulidale · 2024-04-06T05:16:43Z

I do not see a need for us to install this. It's useful documentation for folks building for Apple products.
This is very unlikely to stand by itself as the only things an application needs.

t8m · 2024-04-08T09:51:00Z

Based on #23494 (comment), I take it this was derived from the BoringSSL one? Keep in mind that stat appears in this list: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc

We have an empty one, but we'd also removed our remaining stat call. I haven't looked too carefully at this, but it's possible you all may need either code changes or a different manifest.

Yeah maybe we need to declare C617.1 Although we never use the timestamp info obtained with stat.

t8m · 2024-04-16T08:27:51Z

OTC: We are OK with adding the file. The contents need to be right. It seems we need to declare C617.

kroeckx · 2024-04-17T06:39:19Z

C617 is probably not right, and we might need to ask apple for a new id.

t8m · 2024-04-18T15:48:30Z

C617 is probably not right, and we might need to ask apple for a new id.

Any reason why C617 is not right?

kroeckx · 2024-04-19T03:37:46Z

I guess I was confused, it looks right

kroeckx · 2024-04-19T03:47:43Z

Apple's description is unclear to me, but it seems like the best match given the documentation. For instance, how do we check certificates on iOS, and do those files belong to the app as the documentation seems to imply? It's also not clear if that code means it can be transferred off the device or not, which we don't do.

tom-cosgrove-arm · 2024-04-21T07:55:01Z

PrivacyInfo.xcprivacy

+<plist version="1.0">
+<!--
+This is an Apple related Privacy Manifest File for OpenSSL as required by
+ https://developer.apple.com/support/third-party-SDK-requirements/


(minor) should there be a space at the beginning of this line?

slontis · 2024-04-23T04:52:58Z

Is there someone who actually has Xcode installed who can generate this file
I dont feel comfortable trying to add this entry manually - and I dont have access to Xcode + MAC to do this..

(Submit a new PR if you want)
Basically the NSPrivacyAccessedAPITypes section needs
NSPrivacyAccessedAPIType=APICategoryFileTimeStamp
NSPrivacyAccessedAPITypeReasons=C617.1

mattcaswell · 2024-10-29T14:09:40Z

In light of #24260 can this be closed now?

slontis · 2024-10-30T21:56:47Z

I would think so.

slontis added branch: master Applies to master branch approval: review pending This pull request needs review by a committer approval: otc review pending labels Apr 4, 2024

Add an apple privacy info file for OpenSSL.

629ddce

Fixes openssl#23494

slontis force-pushed the apple_privacyinfo branch from a2a5c48 to 629ddce Compare April 4, 2024 04:46

t8m added triaged: bug The issue/pr is/fixes a bug triaged: documentation The issue/pr deals with documentation (errors) tests: exempted The PR is exempt from requirements for testing labels Apr 4, 2024

t8m added branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) branch: 3.2 Applies to openssl-3.2 (EOL) branch: 3.3 Applies to openssl-3.3 labels Apr 4, 2024

t8m approved these changes Apr 4, 2024

View reviewed changes

t8m removed the approval: otc review pending label Apr 4, 2024

paulidale approved these changes Apr 4, 2024

View reviewed changes

paulidale added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Apr 4, 2024

t8m added the hold: discussion The community needs to establish a consensus how to move forward with the issue or PR label Apr 10, 2024

t8m removed approval: done This pull request has the required number of approvals hold: discussion The community needs to establish a consensus how to move forward with the issue or PR labels Apr 16, 2024

levitte approved these changes Apr 19, 2024

View reviewed changes

tom-cosgrove-arm reviewed Apr 21, 2024

View reviewed changes

This was referenced Apr 24, 2024

Add an Apple privacy info file for OpenSSL #24251

Closed

Add an Apple privacy info file for OpenSSL #24259

Closed

Add an Apple privacy info file for OpenSSL #24260

Closed

slontis closed this Oct 30, 2024

Uh oh!

Conversation

slontis commented Apr 4, 2024

Checklist

Uh oh!

slontis commented Apr 4, 2024

Uh oh!

t8m commented Apr 4, 2024

Uh oh!

t8m commented Apr 4, 2024

Uh oh!

t8m commented Apr 4, 2024

Uh oh!

fwh-dc commented Apr 4, 2024

Uh oh!

kroeckx commented Apr 4, 2024

Uh oh!

paulidale left a comment

Choose a reason for hiding this comment

Uh oh!

slontis commented Apr 5, 2024

Uh oh!

t8m commented Apr 5, 2024

Uh oh!

fwh-dc commented Apr 5, 2024

Uh oh!

MichaelWellsSM commented Apr 5, 2024

Uh oh!

davidben commented Apr 5, 2024

Uh oh!

openssl-machine commented Apr 5, 2024

Uh oh!

paulidale commented Apr 6, 2024

Uh oh!

t8m commented Apr 8, 2024

Uh oh!

t8m commented Apr 16, 2024

Uh oh!

kroeckx commented Apr 17, 2024 via email

Uh oh!

t8m commented Apr 18, 2024

Uh oh!

kroeckx commented Apr 19, 2024 via email

Uh oh!

kroeckx commented Apr 19, 2024 via email

Uh oh!

tom-cosgrove-arm Apr 21, 2024

Choose a reason for hiding this comment

Uh oh!

slontis commented Apr 23, 2024

Uh oh!

mattcaswell commented Oct 29, 2024

Uh oh!

slontis commented Oct 30, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants