Monday, August 16, 2021

Switching Xcode Versions Without a Password

Keith Smiley:

sudo xcodebuild -runFirstLaunch

This works fine locally, but when updating remote CI machines, entering the password can be troublesome. Furthermore if you want to support having CI machines automatically switch between Xcode versions when testing upcoming changes, you may not have the opportunity to be prompted at all. Lucky for us, the sudoers file format, which configures the sudo command, allows us to skip password entry for specific commands with a bit of configuration.


  1. We specify just the xcode-select binary, using the absolute path. This allows all subcommands handled by xcode-select to be run without a password.
  2. The xcodebuild command also contains the one subcommand we want to be able to run without a password. Limiting this is important because otherwise you could run sudo xcodebuild build without a password, which could execute malicious run scripts or do other terrible things.

I use:

My Intel Mac running Big Sur builds for Catalina, Big Sur and Monterey all with different versions of Xcode (to get the correct DriverKit API for each OS.)

