Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

在你的最新的 commit 后使用 Swift Package Manger 的方式引入报错 #162

Open
2 tasks done
WymanY opened this issue Sep 19, 2024 · 5 comments
Open
2 tasks done

Comments

@WymanY
Copy link

WymanY commented Sep 19, 2024

检查清单

  • 我已阅读 README.md,但没找到我需要的信息。
  • 我已查看 已知的问题,但没有相似的提问/请求。

问题描述

在你的最新的 commit 之后,97f66a5#diff-62bd2b94df67e500d0bcc4f14bba20a84ffe68db558b43094b5f464dbafabe3e 使用 Swift package Manger 的方式引入报错。

展开讲讲

具体的报错是这个。
image

重现步骤

(估计跟最新系统没关系,应该就是你的最新的 commit 后出的问题)
Xcode 16.0 Swift 5.5 ,Mac 系统 Sequoia

@Kirow-masterpilot
Copy link

Same problem

Revision 97f66a5800dc272206be453ad19604548ff0e0e0 for efqrcode remoteSourceControl https://github.com/EFPrefix/EFQRCode.git version 6.2.2 does not match previously recorded value 2991c2f318ad9529d93b2a73a382a3f9c72c64ce

@Kirow-masterpilot
Copy link

Ok, understood the problem. Because there was force-push to the repository that overwrite git history - we have fingerprint mismatch.
To solve the issue we need to remove cache and stored fingerprints for this repo.

rm -rf ~/Library/Caches/org.swift.swiftpm
rm -rf  ~/Library/org.swift.swiftpm

or only files related to the repo, but clean all is easier

@WymanY
Copy link
Author

WymanY commented Sep 29, 2024

Ok, understood the problem. Because there was force-push to the repository that overwrite git history - we have fingerprint mismatch. To solve the issue we need to remove cache and stored fingerprints for this repo.

rm -rf ~/Library/Caches/org.swift.swiftpm
rm -rf  ~/Library/org.swift.swiftpm

or only files related to the repo, but clean all is easier

亲测上面方案好用,但有点好奇的是我在 Xcode 里,使用 Package > Reset Package Cache 这个为什么不起作用,难道 Xcode 本身就没有办法解决这个问题?

@Kirow-masterpilot
Copy link

亲测上面方案好用,但有点好奇的是我在 Xcode 里,使用 Package > Reset Package Cache 这个为什么不起作用,难道 Xcode 本身就没有办法解决这个问题?

Safety measure. If Xcode will deal with it automatically - you will never know that someone played with past repo commits. This situation should never happen to open source repo. I don't know what was maintainer thinking when making this update.

In general imagine situation that some criminal have taken control over some popular open source project, and then embed some malicious code or script somewhere inside commit that was 3 years ago and then made force push. What will be the chance that user will search and investigate what exactly were modified and if it safe? General user will make this rm -rf and continue to use as-is or simply remove repo from dependencies.

@marcoboerner
Copy link

I agree, this should not be done on the main or release branch. If you really need to rebase and/or force push, better open a new branch and merge the changes into the main branch and add a new tag. Took me ages to figure this out! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants