XIP file

I know there has been a bit of discussion about XIP vs ZIP vs DMG… but this question is related to XIP (and the the merits or demerits of)

XIP creates a SIGNED compressed format… but I assume that you should (must) SIGN the apps that you put into a XIP first?

  • create APP
  • codesign APP
  • create codesigned XIP to include signed APP

And does XIP get signed by the INSTALLER cert? or the App Cert?

Oddly, when I tried this, it appears to need the App Cert. (Maybe Installer Cert is for a PKG or app store)

And yes, sign the app before Xipping, then sign the Xip

Thanks… since all these various signing schemes need to be used for one thing or another when Sierra hits, I’m cobbling together a little app to do “Simple Signing”… it is nothing like AppWrapper (not even close)… as all mine does is well “Simple Signing” :slight_smile:

Please note:
macOS Sierra only extracts .xip’s which are signed by Apple.
If you’re going to sign a .xip with your Developer ID, it won’t be extracted on macOS Sierra.

And here’s a simple example of “CodeSign and DMG creation” as a Post Build Script.