Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gh-120522: Add a --with-app-store-compliance configure option to patch out problematic code #120984

Merged
merged 14 commits into from
Jun 30, 2024

Conversation

freakboy3742
Copy link
Contributor

@freakboy3742 freakboy3742 commented Jun 25, 2024

Apple’s macOS App Store is auto-rejects any app that has the string itms-services in it. This is the custom URL prefix used for requesting an app installation from the iTunes App Store; however, sandboxed apps are prohibited from using these URLs. Apple’s automagical review processes are catching on the code in urllib’s parser’s handling of these URLs - even if the app in question never uses an itms-services:// URL. It’s present in the standard library; therefore the app is rejected.

Following a discussion on discuss.python.org, this PR adds a --with-app-store-compliance option to configure that will patch out any code that is known to be an issue with app store compliance.

There is currently a single patch, in the Mac resources directory, patching the known occurrences of itms-services. This patch is optionally applied on macOS if the configure flag is enabled, but the patch is applied in as "dry run" if the flag is not enabled. This ensures that a standard macOS CI pass will identify any drift in the patch.

The same patch is also used by iOS builds, as the review issues are the same. On iOS, the patch is always applied, because all apps will need to pass App Store compliance.

The option allows for a custom patch file to be provided (in case App Store rules change after support for a Python release has ceased. This also a platform other than iOS or macOS to apply a "compliance" patch by manually supplying one; although there's no known use case for this at present.

Fixes #120522.


📚 Documentation preview 📚: https://cpython-previews--120984.org.readthedocs.build/

@freakboy3742 freakboy3742 added OS-mac 3.12 bugs and security fixes 3.13 bugs and security fixes OS-ios 3.14 new features, bugs and security fixes needs backport to 3.13 bugs and security fixes labels Jun 25, 2024
@freakboy3742 freakboy3742 requested review from a team, erlend-aasland and corona10 as code owners June 25, 2024 07:45
@freakboy3742
Copy link
Contributor Author

I've flagged this for backport to 3.13, and documented the option as being added in 3.13. The issue also exists in (and was originally reported against) 3.12; I'm not sure what the policy is regarding a backport of a new (strictly optional) configuration option.

@freakboy3742
Copy link
Contributor Author

!buildbot iOS

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @freakboy3742 for commit eee0c93 🤖

The command will test the builders whose names match following regular expression: iOS

The builders matched are:

  • iOS ARM64 Simulator PR

Doc/using/ios.rst Outdated Show resolved Hide resolved
Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Doc/using/mac.rst Outdated Show resolved Hide resolved
Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
@nineteendo
Copy link
Contributor

Did this get fixed already? https://buildbot.python.org/all/#/builders/1382/builds/32

patch -p1 --dry-run < ../../Mac/Resources/app-store-compliance.patch
File to patch: 
No file found--skip this patch? [y] 
/bin/sh: line 1: 33119 Segmentation fault: 11  patch -p1 --dry-run < ../../Mac/Resources/app-store-compliance.patch
make: *** [app-store-compliance] Error 139

@freakboy3742
Copy link
Contributor Author

Did this get fixed already?

No - the patch command isn't quite right for out-of-tree builds. I need to make a small tweak.

@freakboy3742
Copy link
Contributor Author

!buildbot iOS

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @freakboy3742 for commit 2d5a0a7 🤖

The command will test the builders whose names match following regular expression: iOS

The builders matched are:

  • iOS ARM64 Simulator PR

@freakboy3742 freakboy3742 marked this pull request as draft June 25, 2024 10:17
@freakboy3742
Copy link
Contributor Author

Hrm... that still isn't quite right. I'll need to take another look in the morning.

@bedevere-app
Copy link

bedevere-app bot commented Jun 30, 2024

GH-121173 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Jun 30, 2024
@freakboy3742 freakboy3742 added the needs backport to 3.12 bug and security fixes label Jun 30, 2024
@miss-islington-app
Copy link

Thanks @freakboy3742 for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Sorry, @freakboy3742, I could not cleanly backport this to 3.12 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 48cd104b0cf05dad8958efa9cb9666c029ef9201 3.12

freakboy3742 added a commit to freakboy3742/cpython that referenced this pull request Jun 30, 2024
… option to patch out problematic code (pythonGH-120984)

* Add --app-store-compliance configuration option.

* Added blurb.

* Correct tab-vs-spaces formatting issue.

* Correct source file name in docs.

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Correct source code reference in Mac docs

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Only apply the patch forward, and ensure the working directory is correct.

* Make patching reslient to multiple builds.

* Documentation fixes found during review

Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>

* Documentation and configure.ac syntax improvements

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>

* Regenerate configure script.

* Silence the patch echo output.

---------

(cherry picked from commit 48cd104)

Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
freakboy3742 added a commit to freakboy3742/cpython that referenced this pull request Jun 30, 2024
… option to patch out problematic code (pythonGH-120984)

* Add --app-store-compliance configuration option.

* Added blurb.

* Correct tab-vs-spaces formatting issue.

* Correct source file name in docs.

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Correct source code reference in Mac docs

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Only apply the patch forward, and ensure the working directory is correct.

* Make patching reslient to multiple builds.

* Documentation fixes found during review

Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>

* Documentation and configure.ac syntax improvements

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>

* Regenerate configure script.

* Silence the patch echo output.

---------

(cherry picked from commit 48cd104)

Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
freakboy3742 added a commit to freakboy3742/cpython that referenced this pull request Jun 30, 2024
… option to patch out problematic code (pythonGH-120984)

* Add --app-store-compliance configuration option.

* Added blurb.

* Correct tab-vs-spaces formatting issue.

* Correct source file name in docs.

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Correct source code reference in Mac docs

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Only apply the patch forward, and ensure the working directory is correct.

* Make patching reslient to multiple builds.

* Documentation fixes found during review

Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>

* Documentation and configure.ac syntax improvements

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>

* Regenerate configure script.

* Silence the patch echo output.

---------

(cherry picked from commit 48cd104)

Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
@bedevere-app
Copy link

bedevere-app bot commented Jun 30, 2024

GH-121174 is a backport of this pull request to the 3.12 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.12 bug and security fixes label Jun 30, 2024
freakboy3742 added a commit that referenced this pull request Jun 30, 2024
…n to patch out problematic code (GH-120984) (#121173)

gh-120522: Add a `--with-app-store-compliance` configure option to patch out problematic code (GH-120984)

* Add --app-store-compliance configuration option.

* Added blurb.

* Correct tab-vs-spaces formatting issue.

* Correct source file name in docs.



* Correct source code reference in Mac docs



* Only apply the patch forward, and ensure the working directory is correct.

* Make patching reslient to multiple builds.

* Documentation fixes found during review



* Documentation and configure.ac syntax improvements



* Regenerate configure script.

* Silence the patch echo output.

---------

(cherry picked from commit 48cd104)

Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
mrahtz pushed a commit to mrahtz/cpython that referenced this pull request Jun 30, 2024
… to patch out problematic code (python#120984)

* Add --app-store-compliance configuration option.

* Added blurb.

* Correct tab-vs-spaces formatting issue.

* Correct source file name in docs.

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Correct source code reference in Mac docs

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Only apply the patch forward, and ensure the working directory is correct.

* Make patching reslient to multiple builds.

* Documentation fixes found during review

Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>

* Documentation and configure.ac syntax improvements

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>

* Regenerate configure script.

* Silence the patch echo output.

---------

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
@erlend-aasland
Copy link
Contributor

Oh, next time, remember to edit the commit message upon merging, @freakboy3742 :)

@freakboy3742
Copy link
Contributor Author

@erlend-aasland Will do; might be worth adding notes on this to the dev guide about this; AFAICT, there's nothing about the format/style of final commit messages.

@ned-deily
Copy link
Member

Sorry for the late comment but I believe the approach in this PR has some incompatibilities that need to be addressed. See the comment in the issue.

noahbkim pushed a commit to hudson-trading/cpython that referenced this pull request Jul 11, 2024
… to patch out problematic code (python#120984)

* Add --app-store-compliance configuration option.

* Added blurb.

* Correct tab-vs-spaces formatting issue.

* Correct source file name in docs.

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Correct source code reference in Mac docs

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Only apply the patch forward, and ensure the working directory is correct.

* Make patching reslient to multiple builds.

* Documentation fixes found during review

Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>

* Documentation and configure.ac syntax improvements

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>

* Regenerate configure script.

* Silence the patch echo output.

---------

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
ned-deily added a commit to ned-deily/cpython that referenced this pull request Jul 16, 2024
…e option to patch out problematic code (python#120984)"

This reverts commit 48cd104 prior
to the release of 3.13.0b4 to allow for additional review time.
ned-deily added a commit that referenced this pull request Jul 16, 2024
…on to patch out problematic code" (gh-120984) (#121844)

This reverts commit 48cd104 prior
to the release of 3.13.0b4 to allow for additional review time.
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jul 16, 2024
…e option to patch out problematic code" (pythongh-120984) (pythonGH-121844)

This reverts commit 48cd104 prior
to the release of 3.13.0b4 to allow for additional review time.
(cherry picked from commit f27593a)

Co-authored-by: Ned Deily <nad@python.org>
estyxx pushed a commit to estyxx/cpython that referenced this pull request Jul 17, 2024
… to patch out problematic code (python#120984)

* Add --app-store-compliance configuration option.

* Added blurb.

* Correct tab-vs-spaces formatting issue.

* Correct source file name in docs.

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Correct source code reference in Mac docs

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>

* Only apply the patch forward, and ensure the working directory is correct.

* Make patching reslient to multiple builds.

* Documentation fixes found during review

Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>

* Documentation and configure.ac syntax improvements

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>

* Regenerate configure script.

* Silence the patch echo output.

---------

Co-authored-by: Nice Zombies <nineteendo19d0@gmail.com>
Co-authored-by: Alyssa Coghlan <ncoghlan@gmail.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
estyxx pushed a commit to estyxx/cpython that referenced this pull request Jul 17, 2024
…e option to patch out problematic code" (pythongh-120984) (python#121844)

This reverts commit 48cd104 prior
to the release of 3.13.0b4 to allow for additional review time.
@kcoombs
Copy link

kcoombs commented Jan 23, 2025

Not sure where this best belongs, but relevant to Python App Store compliance issues, I ran into this Apple rejection today:

Guideline 2.5.1 - Performance - Software Requirements

Your app uses or references the following non-public or deprecated APIs:

Contents/Frameworks/Python.framework/Versions/3.12/lib/libtk8.6.dylib

Symbols:

• _NSWindowDidOrderOnScreenNotification

The use of non-public or deprecated APIs is not permitted on the App Store, as they can lead to a poor user experience should these APIs change and are otherwise not supported on Apple platforms.

Note, this is the framework inserted into the app by Briefcase 0.3.20.

@freakboy3742
Copy link
Contributor Author

@kcoombs I've opened #129247 to track the problem; however, there's not much we can do to address this.

If your app actually uses Tkinter, unfortunately, you're out of luck. It appears that Tk cannot be distributed on the macOS App Store (see the upstream Tk bug).

If your app doesn't use Tkinter, you can safely delete the tk dylibs from your app bundle (and in the process, dramatically reduce the size of your app!). In Briefcase, you can do this with the cleanup_paths option; other tools may have analogous options.

@kcoombs
Copy link

kcoombs commented Jan 23, 2025

@freakboy3742, thanks for the info. I don't use Tkinter, so I'll just use briefcase to remove it, as suggested.

@freakboy3742
Copy link
Contributor Author

@kcoombs I've logged this as beeware/briefcase#2131, and provided a sample configuration fix.

@kcoombs
Copy link

kcoombs commented Jan 24, 2025

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes OS-ios OS-mac
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Python 3.12 change results in Apple App Store rejection
7 participants