xip(1) BSD General Commands Manual xip(1)NAME
xip -- Create or expand a secure archive for secure distribution.
SYNOPSIS
xip [options] --sign identity input-file ... output-archive
DESCRIPTION
The xip tool is used to create a digitally signed archive. As of macOS Sierra, only archives that are signed by Apple are trusted, and the
format is deprecated for third party use.
ARGUMENTS AND OPTIONS --sign identity-name
The name of the identity to use for signing the archive.
--keychain keychain-path
Specify a specific keychain to search for the signing identity.
--timestamp
Include a trusted timestamp with the signature.
--timestamp=none
Disable trusted timestamp, regardless of identity.
input-file ...
The path to one or more files or directories to be archived.
output-archive
The path to which the signed archive will be written.
--expand <input-file>
Expands the archive into the current working directory. This option cannot be used with any other arguments.
macOS September 23, 2011 macOS
Check Out this Related Man Page
productsign(1) BSD General Commands Manual productsign(1)NAME
productsign -- Sign an OS X Installer product archive
SYNOPSIS
productsign [options] --sign identity input-product-path output-product-path
DESCRIPTION
productsign adds a digital signature to a product archive previously created with productbuild(1). Although you can add a digital signature
at the time you run productbuild(1), you may wish to add a signature later, once the product archive has been tested and is ready to deploy.
If you run productsign on a product archive that was previously signed, the existing signature will be replaced.
To sign a product archive, you will need to have a certificate and corresponding private key -- together called an ``identity'' -- in one of
your accessible keychains. To add a signature, specify the name of the identity using the --sign option. The identity's name is the same as
the ``Common Name'' of the certificate.
If you want to search for the identity in a specific keychain, specify the path to the keychain file using the --keychain option. Otherwise,
the default keychain search path is used.
productsign will embed the signing certificate in the product archive, as well as any intermediate certificates that are found in the key-
chain. If you need to embed additional certificates to form a chain of trust between the signing certificate and a trusted root certificate
on the system, use the --cert option to give the Common Name of the intermediate certificate. Multiple --cert options may be used to embed
multiple intermediate certificates.
The signature can optionally include a trusted timestamp. This is enabled by default when signing with a Developer ID identity, but it can be
enabled explicitly using the --timestamp option. A timestamp server must be contacted to embed a trusted timestamp. If you aren't connected
to the Internet, you can use --timestamp=none to disable timestamps, even for a Developer ID identity.
ARGUMENTS AND OPTIONS --sign identity-name
The name of the identity to use for signing the product archive.
--keychain keychain-path
Specify a specific keychain to search for the signing identity.
--cert certificate-name
Specify an intermediate certificate to be embedded in the product archive.
--timestamp
Include a trusted timestamp with the signature.
--timestamp=none
Disable trusted timestamp, regardless of identity.
input-product-path
The product archive to be signed.
output-product-path
The path to which the signed product archive will be written. Must not be the same as input-product-path.
SEE ALSO productbuild(1)Mac OS September 15, 2010 Mac OS