New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Xcode 14.3 doesn't use credentials (from netrc or keychain) for auth to a package registry #6395
Comments
rdar://107679395 |
cc @abertelrud |
Hi @yim-lee, @abertelrud |
@FirstAM The fix is in Xcode. We will post back here when it becomes available. |
@yim-lee Can you confirm this will be available in a Xcode 14.x.x update or is it more likely this will be available only in the upcoming Xcode 15 beta? |
@lukepistrol We will let you know the version when it's available. |
Seems to be included in the Xcode 15 Beta! |
@lukepistrol Yep! |
@felipeska That's for npm? |
Hello @yim-lee, No. I'm using https://jfrog.com/help/r/jfrog-artifactory-documentation/swift-registry. It's possible to use private and authenticated repository from XCode? Thanks! |
@felipeska Xcode only supports registry credentials saved in Keychain. Is there an internet password entry for the registry you use in Keychain? |
Xcode15 should make use of registry credentials from keychain, so closing this. Please create new issue if you still experience problem. |
Same issue, doesn't work with Xcode 15.0.1 |
@saschpe I'm also having a hard time getting this working in Xcode. Have you gotten anywhere with this since? |
Package registry credentials need to be added to Keychain via the At the end you should have an entry like this in Keychain: Note that this is different from source control account. Registry operations do not use source control credentials. If it still doesn't work after ensuring the registry credentials are in Keychain, one thing you might check is if there is more than one entry for the same registry in Keychain. In this case, delete all the entries for the registry and create a new entry again. We don't know what causes multiple entries to be saved for the same registry, for we can't reproduce it consistently, so it would be great to get more information if that's what's happening for you. |
@yim-lee How can this work in a CI environment? The proposal included using netrc, which would work for a CI environment, but that doesn't seem to work anymore. How are we supposed to allow remote machines to auth private repos such as Artifactory? |
@justin-doordash What problem do you run into with netrc? netrc should still work, it's just that it's no longer the default if Keychain is available, but one can override that using the --netrc Use netrc file even in cases where other credential stores are preferred |
@yim-lee Yes the command correctly adds the credentials to netrc, however xcodebuild refuses to utilize them. xcodebuild fails on Resolve Package Graph saying |
@justin-doordash I see. I will check with the team to see if we can fix/workaround this. In the meantime maybe there is some way to disable the Keychain prompt in CI? |
@yim-lee There doesn't seem to be a way to disable the keychain prompt, but even if we did the package resolution would still fail because it's not using the netrc for auth. Should I open a new issue and describe the issue in depth? |
I was thinking you could use Keychain to store credentials if that's available in your CI environment.
Yes, that would be great. Thanks @justin-doordash. |
@yim-lee The multiple credentials issue repeatedly happened to me. I also was unable to connect to an authenticated repo with Xcode 15. I've found that this problem seems to be due to upgrading from Xcode 14 to Xcode 15. I've installed Xcode through the App Store and was constantly having these problems. Once I deleted Xcode, and also deleted Xcode settings files like |
@jeremybarr Yeah we were unable to reproduce the multiple credentials issue ourselves, so we didn't know what caused it or how to fix/workaround it. I am sorry for not able to offer solutions or alternatives when you ran into that problem. Glad to hear you figured that out and I am sure your notes will help others as well! |
I see there's been a variety of questions here regarding authentication, but I still can't get past the adding the package as a local repository to an Xcode Project. We're trying it similar to @felipeska with Atrifactory, but can't get past the File -> Add package dependency step. Am I missing something? We have .netrc file with the token credentials at the user level, there's a keychain (internet password type) item looking the same as @yim-lee posted above, but I still constantly get a dialog saying "authentication failed". 😞 Any help or pointers appreciated. |
Yes, I am experiencing the same issue. Trying to add package dependency from the protected Artifactory Swift registry and failing at the Xcode Authentication screen. Keychain has credentials to connect to Artifactory. When I open "Add Package Dependency" window - Xcode prompts me to get access to keychain, which I grant. Then when I enter Artifactory URL to locate the package, Xcode displays Authentication window with error: "Authentication failed because the credentials were rejected". Once I manually enter User name/password - authentication still fails. |
Registry package dependency is specified with package id in dependencies: [
.package(id: "mona.LinkedList", .upToNextMajor(from: "1.0.0")),
], I suggest that you try editing Note that the corresponding Artifactory repo must have the "Swift" package type. |
@ncharniauski Can you create a new issue detailing the steps it takes to reproduce the issue? Please include example of values you enter in the UI. e.g., do you type in Artifactory URL or package identifier? |
new issue is created: #7237 |
Description
I'd tried to use this solution (self hosted spm registry )
The main thing is - after success auth, utility append new credentials to ~/.netrc file or mac os keychain
In my case all credential was appended, but credential getting from netrc or keychain only when i use command line utility
If i try to use Xcode, i got auth error status response that means credentials didn't send.
I've checked request headers, and exactly as i thought, credential didn't send
In my case file content seems like that:
.swiftpm/configuration/registries.json
~/.netrc
Expected behavior
Xcode use credentials from netrc or keychain
Actual behavior
Credential was used only when i run cmd utility
Steps to reproduce
Swift Package Manager version/commit hash
No response
Swift & OS version (output of
swift --version && uname -a
)The text was updated successfully, but these errors were encountered: