Swift Package Manager fails to clone from private Git repositories

If you are using Swift Package Manager as part of the xcodebuild process, you may find that this fails with the following error message:

xcodebuild: error: Could not resolve package dependencies:
  Authentication failed because the credentials were rejected

Or

xcodebuild: error: Could not resolve package dependencies:
  The server SSH fingerprint failed to verify.

This issue will only occur when trying to access private git repos when using SSH key authentication.

This is caused by a bug in the way that xcodebuild handles SSH keys and has been a known bug since the debut of Xcode 11, occurring both locally, but more specifically, in a CI environment.

xcodebuild does not conform to the system ssh config and does not access the keys CircleCI stores in ssh-agent. We can work around this by requesting Xcode uses the main system version of ssh which will behave as expected.

The workaround for this is to add the following lines to your config file, directly after the checkout step:

- run: sudo defaults write com.apple.dt.Xcode IDEPackageSupportUseBuiltinSCM YES
- run: rm ~/.ssh/id_rsa || true
- run: for ip in $(dig @8.8.8.8 bitbucket.org +short); do ssh-keyscan bitbucket.org,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true
- run: for ip in $(dig @8.8.8.8 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true
Was this article helpful?
10 out of 20 found this helpful

Comments

0 comments

Article is closed for comments.