Creating XIP files in OSX

A few years ago Apple introduced XIP files to OS X. I recently noticed Apple are using them for delivery of the Xcode 8 beta’s so I thought now was a good time for a quick overview of creating xip files in osx.

XIP files are an analog to ZIP files. They can archive one or more files and directories into a single file, the same way you can with ZIP files.
However they have one main advantage. You can add a digital signature to them before they are un-archived.
Allowing the receiving system to test their integrity also makes them GateKeeper friendly.
To sign them you will need a certificate and corresponding private key, added to one of your keychains.
The simplest way to get these are by taking out an Apple Developer Account and create some installer certs.
Un-archiving is easy, they use the same Archive Utility that zip files use on OS X. Just double click them to expand.
To create an XIP file, you use the ‘xip‘ command line tool.
When using the tool you specify:

  • The identity of the cert you wish to use. You use the ‘–sign‘ argument to specify this. By default it will use your default keychain but you can specify a different keychain by using  the ‘–keychain‘ argument
  • The path to one or more files and / or directories
  • The name of the archive you wish to create

So for instance this example will create a signed XIP file from the directory specified
xip  –sign ‘Amsys plc’   ~/Desktop/MyFiles   ~/Desktop/MyFiles.xip
If you are distributing archives in your organisation to OS X clients, then by using XIP files you make them more secure.