"End-of-central-directory signature not found." when installing Xcode 8 beta xip file

xcode xcode8
chris P picture chris P · Jun 14, 2016 · Viewed 48.6k times · Source

I've download the Xcode 8 beta .xip file. I cannot unzip. Opening the file just sits there for hours saying "Verifying..."

If I try from command line I get the following... 

Downloads unzip Xcode_8_beta.xip 
Archive:  Xcode_8_beta.xip
  End-of-central-directory signature not found.  Either this file 
  is not a zipfile, or it constitutes one disk of a multi-part archive.        

  In the latter case the central directory and zipfile comment will be
  found on the last disk(s) of this archive. unzip:  cannot find 
  zipfile directory in one of Xcode_8_beta.xip or Xcode_8_beta.xip.zip, 
  and cannot find Xcode_8_beta.xip.ZIP, period.

Answer

FredericJacobs picture FredericJacobs · Jun 16, 2016

The .xip file format contains an archive (xar containing a gzip archive and metadata) and a signature of the archive. The signature is important, since previously Xcode downloads have been altered (eg. XcodeGhost) to inject malicious code into apps. Therefore, approaches like skipping the verification (xattr -d com.apple.quarantine Xcode_8_beta.xip) seems irresponsible.

I strongly encourage you to try to open it with Archive Utility.app in your finder. If the signature check doesn't work, try re-downloading.

If you want to investigate whether the .xip is validly signed or for whatever reason want to expand it without Archive Utility, you can use pkgutil:

pkgutil --check-signature Xcode_8_beta.xip

The output should be something like this: 

    Package "Xcode_8_beta.xip":
       Status: signed Apple Software
       Certificate Chain:
        1. Software Update
           SHA1 fingerprint: 1E 34 E3 91 C6 44 37 DD 24 BE 57 B1 66 7B 2F DA 09 76 E1 FD
           -----------------------------------------------------------------------------
        2. Apple Software Update Certification Authority
           SHA1 fingerprint: FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BF
           -----------------------------------------------------------------------------
        3. Apple Root CA
           SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60

If that signature isn't signed by an Apple Root CA that is in your Keychain, you should probably stop right there. If all is good so far, you can then run the following commands:

xar -xf Xcode_8_beta.xip
sudo tar zxvf Content

Related questions

Xcode error: Code signing is required for product type 'Application' in SDK 'iOS 10.0'

I have Xcode 8 installed on OS X El Capitan. I get this error: Signing for "target" requires a development team. Select a development team in the project editor. Code signing is required for product type 'Application' in SDK 'iOS 10.0'

Read More
How can I delete derived data in Xcode 8?

The projects page seems to be disappeared from Xcode 8. I used this page for deleting the derived data. Any idea how can I delete derived data from within Xcode 8?

Read More
Linker Command failed with exit code 1 (use -v to see invocation), Xcode 8, Swift 3

I can't get rid of this error! I have tried all sorts of things like clearing Derived Data(Preferences->Locations->click gray arrow to open Derived Data folder in Finder->right-click, move to trash), cleaning the project(…

Read More