Sources/PackageManagerDocs/Documentation.docc/PackageCollections/PackageCollectionAdd.md
@Metadata { @PageImage(purpose: icon, source: command-icon) @Available("Swift", introduced: "5.5") }
Add a new collection.
This subcommand adds a package collection hosted on the web (HTTPS required):
$ swift package-collection add https://www.example.com/packages.json
Added "Sample Package Collection" to your package collections.
Or found in the local file system:
$ swift package-collection add file:///absolute/path/to/packages.json
Added "Sample Package Collection" to your package collections.
The optional order hint can be used to order collections and may potentially influence ranking in search results:
$ swift package-collection add https://www.example.com/packages.json [--order N]
Added "Sample Package Collection" to your package collections.
Publishers of a package collection may sign a collection to protect its contents. The package manager will check if a signed collection's signature is valid before importing it. If the validation check fails, the package manager returns an error:
$ swift package-collection add https://www.example.com/bad-packages.json
The collection's signature is invalid. If you would like to continue please rerun command with '--skip-signature-check'.
Users may continue adding the collection despite the error or preemptively skip the signature check on a package collection by passing the --skip-signature-check flag:
$ swift package-collection add https://www.example.com/packages.json --skip-signature-check
For package collections hosted on the web, publishers may ask the package manager to enforce the signature requirement. If a package collection is expected to be signed but it isn't, users will see the following error message:
$ swift package-collection add https://www.example.com/bad-packages.json
The collection is missing required signature, which means it might have been compromised.
Users should NOT add the package collection in this case.
For more details on signature validation, see doc:PackageSecurity#Signed-package-collections.
The package manager validates the certificate of a signed collection as a part of its signature validation to make sure that the root certificate is trusted.
$ swift package-collection add https://www.example.com/packages.json
The collection's signature cannot be verified due to missing configuration.
Users can explicitly specify they trust a publisher and any collections they publish, by obtaining that publisher's root certificate and saving it to ~/.swiftpm/config/trust-root-certs. The
root certificates must be DER-encoded. Since the package manager trusts all certificate chains under a root, depending on what roots are installed, some publishers may already be trusted implicitly and users don't need to explicitly specify each one.
Users will get an error when trying to add an unsigned package collection:
$ swift package-collection add https://www.example.com/packages.json
The collection is not signed. If you would still like to add it please rerun 'add' with '--trust-unsigned'.
To continue, users must confirm their trust by passing the --trust-unsigned flag:
$ swift package-collection add https://www.example.com/packages.json --trust-unsigned
The --skip-signature-check flag has no effects on unsigned collections.
package-collection add <collection-url> [--order=<order>]
[--trust-unsigned] [--skip-signature-check]
[--package-path=<package-path>] [--cache-path=<cache-path>]
[--config-path=<config-path>]
[--security-path=<security-path>]
[--scratch-path=<scratch-path>]
[--swift-sdks-path=<swift-sdks-path>]
[--toolset=<toolset>...]
[--pkg-config-path=<pkg-config-path>...]
[--enable-dependency-cache] [--disable-dependency-cache]
[--enable-build-manifest-caching]
[--disable-build-manifest-caching]
[--manifest-cache=<manifest-cache>]
[--enable-experimental-prebuilts]
[--disable-experimental-prebuilts] [--verbose]
[--very-verbose|vv] [--quiet] [--color-diagnostics]
[--no-color-diagnostics] [--disable-sandbox] [--netrc]
[--enable-netrc] [--disable-netrc]
[--netrc-file=<netrc-file>] [--enable-keychain]
[--disable-keychain]
[--resolver-fingerprint-checking=<resolver-fingerprint-checking>]
[--resolver-signing-entity-checking=<resolver-signing-entity-checking>]
[--enable-signature-validation]
[--disable-signature-validation] [--enable-prefetching]
[--disable-prefetching]
[--force-resolved-versions|disable-automatic-resolution|only-use-versions-from-resolved-file]
[--skip-update] [--disable-scm-to-registry-transformation]
[--use-registry-identity-for-scm]
[--replace-scm-with-registry]
[--default-registry-url=<default-registry-url>]
[--configuration=<configuration>] [--=<Xcc>...]
[--=<Xswiftc>...] [--=<Xlinker>...] [--=<Xcxx>...]
[--triple=<triple>] [--sdk=<sdk>] [--toolchain=<toolchain>]
[--swift-sdk=<swift-sdk>] [--sanitize=<sanitize>...]
[--auto-index-store] [--enable-index-store]
[--disable-index-store]
[--enable-parseable-module-interfaces] [--jobs=<jobs>]
[--use-integrated-swift-driver]
[--explicit-target-dependency-import-check=<explicit-target-dependency-import-check>]
[--build-system=<build-system>] [--=<debug-info-format>]
[--enable-dead-strip] [--disable-dead-strip]
[--disable-local-rpath] [--version] [--help]
URL of the collection to add.
Sort order for the added collection.
Trust the collection even if it is unsigned.
Skip signature check if the collection is signed.
Specify the package path to operate on (default current directory). This changes the working directory before any other operation.
Specify the shared cache directory path.
Specify the shared configuration directory path.
Specify the shared security directory path.
Specify a custom scratch directory path. (default .build)
Path to the directory containing installed Swift SDKs.
Specify a toolset JSON file to use when building for the target platform. Use the option multiple times to specify more than one toolset. Toolsets will be merged in the order they're specified into a single final toolset for the current build.
Specify alternative path to search for pkg-config .pc files. Use the option multiple times to
specify more than one path.
Use a shared cache when fetching dependencies.
term --enable-build-manifest-caching|disable-build-manifest-caching:
term --manifest-cache=<manifest-cache>:
Caching mode of Package.swift manifests. Valid values are: (shared: shared cache, local: package's build directory, none: disabled)
Whether to use prebuilt swift-syntax libraries for macros.
Increase verbosity to include informational output.
Increase verbosity to include debug output.
Decrease verbosity to only include error output.
Enables or disables color diagnostics when printing to a TTY. By default, color diagnostics are enabled when connected to a TTY and disabled otherwise.
Disable using the sandbox when executing subprocesses.
Use netrc file even in cases where other credential stores are preferred.
Load credentials from a netrc file.
Specify the netrc file path.
Search credentials in macOS keychain.
term --resolver-fingerprint-checking=<resolver-fingerprint-checking>:
term --resolver-signing-entity-checking=<resolver-signing-entity-checking>:
term --enable-signature-validation|disable-signature-validation:
Validate signature of a signed package release downloaded from registry.
term --enable-prefetching|disable-prefetching:
term --force-resolved-versions|disable-automatic-resolution|only-use-versions-from-resolved-file:
Only use versions from the Package.resolved file and fail resolution if it is out-of-date.
Skip updating dependencies from their remote during a resolution.
Disable source control to registry transformation.
Look up source control dependencies in the registry and use their registry identity when possible to help deduplicate across the two origins.
Look up source control dependencies in the registry and use the registry to retrieve them instead of source control when possible.
Default registry URL to use, instead of the registries.json configuration file.
Build with configuration
Pass flag through to all C compiler invocations.
Pass flag through to all Swift compiler invocations.
Pass flag through to all linker invocations.
Pass flag through to all C++ compiler invocations.
term --triple=<triple>:
term --sdk=<sdk>:
term --toolchain=<toolchain>:
term --swift-sdk=<swift-sdk>:
Filter for selecting a specific Swift SDK to build with.
Turn on runtime checks for erroneous behavior, possible values: address, thread, undefined, scudo.
Enable or disable indexing-while-building feature.
term --enable-parseable-module-interfaces:
term --jobs=<jobs>:
The number of jobs to spawn in parallel during the build process.
term --use-integrated-swift-driver:
term --explicit-target-dependency-import-check=<explicit-target-dependency-import-check>:
A flag that indicates this build should check whether targets only import their explicitly-declared dependencies.
term --build-system=<build-system>:
term --=<debug-info-format>:
The Debug Information Format to use.
Disable/enable dead code stripping by the linker.
Disable adding $ORIGIN/@loader_path to the rpath by default.
Show the version.
Show help information.