Add keychain types for per-app access groups#25648
Conversation
Generated by 🚫 Danger |
The suites share KeychainStub's class-level state, and .serialized on an individual suite only orders the tests inside it; without a common serialized ancestor, separate suites race on the stub.
The copy is insert-only: a retried copy after a partial failure must not revert credentials the app wrote after the update. It also skips the counterpart's WP.com token, which would otherwise outlive the counterpart's logout inside this app's private group. The sweep runs only when both apps have recorded a copy at the current migration version; there is deliberately no counterpart-not-installed shortcut, because keychain items survive uninstalls and scheme probing is unreliable outside production builds.
crazytonyli
force-pushed
the
task/keychain-shared-1-types
branch
from
c0f969d to
9149194
Compare
|
| App Name | Jetpack | |
| Configuration | Release-Alpha | |
| Build Number | 32586 | |
| Version | PR #25648 | |
| Bundle ID | com.jetpack.alpha | |
| Commit | 9149194 | |
| Installation URL | 3sm0v0ak744do |
🤖 Build Failure AnalysisThis build has failures. Claude has analyzed them - check the build annotations for details. |
|
| App Name | WordPress | |
| Configuration | Release-Alpha | |
| Build Number | 32586 | |
| Version | PR #25648 | |
| Bundle ID | org.wordpress.alpha | |
| Commit | 9149194 | |
| Installation URL | 6lgsn3ek7m6go |
jkmassel
left a comment
jkmassel
left a comment
There was a problem hiding this comment.
Early review – there's a potential bug here if only one of the keychain deletions succeeds on logout. The app will still have a keychain entry, so on the next read I think it'll repopulate it?
I think the easiest fix here might just be to write a flag to UserDefaults when we copy from the shared keychain, then never do it again once that flag is written?
4 participants
Note
First of a three-PR stack, followed by #25649 and #25650. Nothing in this PR is called by app code yet.
Description
The WordPress and Jetpack apps share a single keychain access group, and because it is the only group in the entitlements, every keychain item both apps write is cross-app by accident. This stack moves each app onto its own private access group, keeping the shared group only for the WordPress-to-Jetpack migration contract.
This PR adds the types, with no call sites yet:
AppKeychainscopes keychain access to the app's private group. Reads fall back to the legacy shared group during the transition, writes go to the private group only, and deletes clear both groups so a logout cannot be undone by the fallback read.SharedKeychainis the explicit window into the legacy shared group. Its doc comment restricts it to the three migration call sites, which the next PRs wire up.KeychainGroupMigratorperforms a one-time, insert-only copy of the shared group into the private group, then sweeps the shared group's leftovers once both apps have recorded a copy at the current migration version.