search

krzyzanowskim / OpenSSL

OpenSSL package for SwiftPM, CocoaPod, and Carthage, multiplatform
https://swift.best
Other
928 stars 340 forks source link

Privacy Manifest in 3.1.5000 is invalid #204

Closed 0xpablo closed 7 months ago

0xpablo commented 7 months ago

Hi there, after updating OpensSSL to the latest version (3.1.5000) via SPM, we received an iTunes Connect warning about the manifest being invalid:

ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid: “Contents/Frameworks/OpenSSL.framework/Versions/A/Resources/PrivacyInfo.xcprivacy”. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, keys and values in your app’s privacy manifest must be in a valid format. For more details about privacy manifest files, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files.

I noticed that the current manifest looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyCollectedDataTypes</key>
    <array/>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict/>
    </array>
    <key>NSPrivacyTrackingDomains</key>
    <array/>
    <key>NSPrivacyTracking</key>
    <false/>
</dict>
</plist>

Looking at other OSS empty manifests, they omit the inner dictionary inside the NSPrivacyAccessedAPITypes array, like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyTracking</key>
    <false/>
    <key>NSPrivacyCollectedDataTypes</key>
    <array/>
    <key>NSPrivacyTrackingDomains</key>
    <array/>
    <key>NSPrivacyAccessedAPITypes</key>
    <array/>
</dict>
</plist>

I haven't yet uploaded a build with another 3rd party framework with an empty manifest so I cannot say that will work for sure, but the current manifest is invalid.

Thanks in advance!

krzyzanowskim commented 7 months ago

which is weird to me as this is how Xcode create that file when add new one

Screenshot 2024-04-16 at 12 48 07

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict/>
    </array>
</dict>
</plist>
0xpablo commented 7 months ago

which is weird to me as this is how Xcode create that file when add new one

Surprised and not surprised at the same time 😂. Maybe it's worth opening a bug report so that they fix their server side checks or their blank template, whichever one is wrong.

Another alternative is that they simply not allow empty manifest although I'm not sure about that.

Thanks for the quick reply!

krzyzanowskim commented 7 months ago

they do allow empty, and quick googling reveal to me that it is most likely the dict/ that they don't like. the documentation is so much not helpful for the file format

krzyzanowskim commented 7 months ago

fixed on the main branch 308e1db0592935fe46d3520c55e4d884d5accaa5. to be released soon.

krzyzanowskim commented 7 months ago

Fixed in 3.1.5001 (allegedly)