If you are using Swift Package Manager as part of the xcodebuild
process, you may find that this fails with the following error message:
xcodebuild: error: Could not resolve package dependencies:
Authentication failed because the credentials were rejected
Or
xcodebuild: error: Could not resolve package dependencies: The server SSH fingerprint failed to verify.
Solution
This issue will only occur when trying to access private git repos when using SSH key authentication.
This is caused by a bug in the way that xcodebuild
handles SSH keys and has been a known bug since the debut of Xcode 11, occurring both locally, more specifically, in a CI environment.
xcodebuild
does not conform to the system ssh config and does not access the keys CircleCI stores in ssh-agent
. We can work around this by requesting Xcode uses the main system version of ssh which will behave as expected.
The workaround for this is to add the following lines to your config file, directly after the checkout
step:
- run: sudo defaults write com.apple.dt.Xcode IDEPackageSupportUseBuiltinSCM YES
- run: rm ~/.ssh/id_rsa || true
- run: for ip in $(dig @8.8.8.8 bitbucket.org +short); do ssh-keyscan bitbucket.org,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true
- run: for ip in $(dig @8.8.8.8 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true
Comments
Article is closed for comments.