How to handle a Swift Package's dependent artifact checksum?

Asked 6/7, 2020 at 17:53 Answered 18/4 at 9:2

Using Xcode 12 beta and swift-tools-version 5.3, you can link to a framework, like this:

        .binaryTarget(
            name: "Stripe",
            url: "https://github.com/stripe/stripe-ios/releases/download/v19.3.0/Stripe.xcframework.zip",
            checksum: "fe459dd443beee5140018388fd6933e09b8787d5b473ec9c2234d75ff0d968bd"
        )

But when I needed to update the checksum (I had it wrong) I get

: artifact of binary target 'Stripe' has changed checksum; this is a potential security risk so the new artifact won't be downloaded

How can I reset this, or override it when I need to change the checksum?

Maroon answered 6/7, 2020 at 17:53 Comment(2)

Sorry, maybe i didn't understand. The checksum is only declared in the library, and updated whenever a new artifact is generated. So every new binary will have its own checksum stated on library's side, Package.swift. You should be able to update this checksum on Library's side. – Count 20/7, 2020 at 15:19

I had to remove items related to "bitbucket.org" from macOS Keychain in order to eliminate checksum error. See details in my comment: github.com/facebook/facebook-ios-sdk/issues/… – Cicatrix 1/6, 2022 at 19:9

In order to get rid of the error, you need to purge Xcode's local package caches.

In Xcode's File menu, select 'Swift Packages' and then 'Reset Package Caches'

Ruthenic answered 25/9, 2020 at 19:5 Comment(0)

Unfortunately in my case, the Reset Package Caches was not enough. I had to manually delete caches. After that, it started all working.

rm -rf ~/Library/Caches/org.swift.swiftpm
rm -rf ~/Library/org.swift.swiftpm/configuration
rm -rf ~/Library/org.swift.swiftpm/security

I found out those folders are symlinks in ~/.swiftpm. Not sure if it resets some configuration done in the SPM.

Hope it helps.

Leff answered 18/4 at 9:2 Comment(0)

Recommended topics

Hot tags