Automic VaultAutomic Vault

brew

Install zsign with Homebrew, Nix

Cross-platform codesigning tool for iOS apps. Version 1.0.8 via Homebrew; verified 2026-07-08.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install zsign

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#zsign

nixpkgs package indexes · pkgs/by-name/zs/zsign/package.nix · source: api.github.com

overview

Package summary

Cross-platform codesigning tool for iOS apps

Commands and aliases

  • zsign

history

Project history and usage

zsign is a fast cross-platform command-line code-signing tool for iOS apps. It focuses on signing IPA/app bundles with certificates, provisioning profiles, entitlements, and embedded frameworks outside Apple's Xcode GUI workflow.

Project history

The public GitHub repository was created on 2019-09-19. Its README presents zsign as a fast cross-platform iOS code-signing tool and documents command-line signing examples for `.ipa`, `.app`, `.dylib`, and `.framework` targets.

zsign appeared in a tooling niche created by Apple's signing model: iOS apps require valid signatures and provisioning data, but developers, CI systems, jailbreak-adjacent workflows, and enterprise resigning flows often need a scriptable tool rather than a full Xcode-driven build.

Adoption history

Adoption has been practical and tooling-driven. The repository has substantial GitHub interest for a small native utility, and Homebrew/Nix packaging makes it easier to install on developer machines and CI runners that need repeatable resigning commands.

Because iOS signing is platform-sensitive and operationally finicky, zsign's appeal is not broad consumer usage; it is operators and developers who already have certificates and provisioning profiles and need a concise command-line path.

How it is used

Typical usage passes a certificate, mobile provisioning profile, entitlements, and an input IPA or app bundle to `zsign`, producing a resigned output artifact. The README also documents signing embedded dynamic libraries and frameworks, which matters because iOS bundles contain nested code that must be signed consistently.

Package users should treat it as a signing automation tool, not a credential manager. Certificates, private keys, and provisioning profiles remain external inputs supplied by the user or CI environment.

Why package nerds care

zsign is package-nerd significant because it packages a piece of mobile-release infrastructure as a small Unix-style CLI. It turns a GUI-heavy Apple platform operation into something package managers can install and scripts can call.

It also sits at an interesting boundary between legitimate CI/app-distribution workflows and more informal IPA resigning ecosystems, so clear package metadata and source provenance matter.

Timeline

  • 2019-09-19: The zhlynn/zsign GitHub repository is created.
  • 2020s: zsign becomes available through package managers such as Homebrew and Nix for command-line iOS signing workflows.
  • 2026: The GitHub repository remains active, with recent pushes in 2026 according to GitHub metadata.

Related projects

  • Related projects include Apple's codesign, Xcode signing tools, ldid, fastlane sigh/gym, ios-deploy, AltStore-related signing workflows, and mobile provisioning-profile tooling.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 2 runtime dependencies.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
zsigncliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.0.8
manager updated2026-07-08
local dataok
upstreamcurrent
latest detectedv1.0.8

https://github.com/zhlynn/zsign

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:zsign
Version1.0.8
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/zsign
Homepagehttps://github.com/zhlynn/zsign
Repositoryhttps://github.com/zhlynn/zsign
Upstream docshttps://github.com/zhlynn/zsign#readme
LicenseMIT
Source archivehttps://github.com/zhlynn/zsign/archive/refs/tags/v1.0.8.tar.gz
Last updated2026-07-08T11:12:02Z
Pulseupdated
Dependenciesminizip-ng, openssl@4
Build dependenciespkgconf
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namezsign
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

zsign

nix profile install nixpkgs#zsign
  • normalized package name match
  • Matched by: Zsign
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/zs/zsign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment