What is the format of a .xip file

According to the xip manual page:

A XIP file is an analog to zip(1), but allows for a digital signature to be applied and verified on the receiving system, before the archive is expanded. When a XIP file is opened (by double-clicking), Archive Utility will automatically expand it (but only if the digital signature is intact).

Essentially, an .xip file is just a .zip with a signature to verify that the file has not changed since its creator saved it. This protects from both damage from a disk error and from a third-party tampering with the file.

The .xip file format contains an archive (xar containing a gzip archive and metadata) and a signature of the archive.

To decode an .xip file, use the following commands:

pkgutil --check-signature <xip-file>
xar -xf <xip-file>
tar -zxvf <xar-file>

See the following links where developers discuss this format and its implications:

• Sparkle issue #821 - Add xip support for signed, compressed, application updates
• “End-of-central-directory signature not found.” when installing Xcode 8 beta xip file
• TheUnarchiver source code: "Kludge support for XIP files to XAR parser"

Not for Public Use

Apple has since removed xip from public use. The format has been reserved for Apple's exclusive use in the future, see TN2206:

Important: Starting with macOS Sierra, only XIP archives signed by Apple will be expanded. Developers who have been using XIP archives will need to move to using signed installer packages or disk images.

To my knowledge xip is a xar derivative using gzip compression, with a toc header xml containing checksum, timestamp, certificates, user id/name, creation/modification/access date&time etc.

The Unarchiver and command line (xar, tar) utilities didn't work for me on MacOS 10.12.6. What did work was right clicking on the .xip file and select "Archive Utility", it was able to expand the .xip file successfully.