EFQRCode
EFQRCode copied to clipboard
EFPrefix
在你的最新的 commit 后使用 Swift Package Manger 的方式引入报错
检查清单
问题描述
在你的最新的 commit 之后,https://github.com/EFPrefix/EFQRCode/commit/97f66a5800dc272206be453ad19604548ff0e0e0#diff-62bd2b94df67e500d0bcc4f14bba20a84ffe68db558b43094b5f464dbafabe3e 使用 Swift package Manger 的方式引入报错。
展开讲讲
具体的报错是这个。
重现步骤
(估计跟最新系统没关系,应该就是你的最新的 commit 后出的问题) Xcode 16.0 Swift 5.5 ,Mac 系统 Sequoia
Same problem
Revision 97f66a5800dc272206be453ad19604548ff0e0e0 for efqrcode remoteSourceControl https://github.com/EFPrefix/EFQRCode.git version 6.2.2 does not match previously recorded value 2991c2f318ad9529d93b2a73a382a3f9c72c64ce
Ok, understood the problem. Because there was force-push to the repository that overwrite git history - we have fingerprint mismatch. To solve the issue we need to remove cache and stored fingerprints for this repo.
rm -rf ~/Library/Caches/org.swift.swiftpm
rm -rf ~/Library/org.swift.swiftpm
or only files related to the repo, but clean all is easier
Ok, understood the problem. Because there was force-push to the repository that overwrite git history - we have fingerprint mismatch. To solve the issue we need to remove cache and stored fingerprints for this repo.
rm -rf ~/Library/Caches/org.swift.swiftpm rm -rf ~/Library/org.swift.swiftpmor only files related to the repo, but clean all is easier
亲测上面方案好用,但有点好奇的是我在 Xcode 里,使用 Package > Reset Package Cache 这个为什么不起作用,难道 Xcode 本身就没有办法解决这个问题?
亲测上面方案好用,但有点好奇的是我在 Xcode 里,使用 Package > Reset Package Cache 这个为什么不起作用,难道 Xcode 本身就没有办法解决这个问题?
Safety measure. If Xcode will deal with it automatically - you will never know that someone played with past repo commits. This situation should never happen to open source repo. I don't know what was maintainer thinking when making this update.
In general imagine situation that some criminal have taken control over some popular open source project, and then embed some malicious code or script somewhere inside commit that was 3 years ago and then made force push. What will be the chance that user will search and investigate what exactly were modified and if it safe? General user will make this rm -rf and continue to use as-is or simply remove repo from dependencies.
I agree, this should not be done on the main or release branch. If you really need to rebase and/or force push, better open a new branch and merge the changes into the main branch and add a new tag. Took me ages to figure this out! :)
Another situation with the same flavor...
This package has dependency to the swift_qrcodejs. Previously I used 2.3.0 817ba220a2eba840bae888e7eeb11207bec05f8c, few days ago it was updated to 2.3.1 d1605333f7edac39b4518538ef4f2638fdd2e4d6. But there is no commit 817ba220a2eba840bae888e7eeb11207bec05f8c in the git history anymore, neither the tag 2.3.0.
@EyreFree Can you explain what and why are you doing?
Hello,
The original ApolloZhu/swift_qrcodejs has been archived, so we forked a copy to EFPrefix/swift_qrcodejs for independent maintenance to adapt to subsequent functional development.
Therefore, the latest commit (unreleased version) of the previous EFQRCode 6.x version may have some reference errors or dangling issues, and we have made every effort to fix them.
The current EFQRCode 7.0.0 version already points to EFPrefix/swift_qrcodejs and addresses the above issues. If there are still errors, please file an issue or submit a PR.
Sorry for causing you trouble. Thank you to everyone who pointed out the issues.
