I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

T-Shirt Size: XS/S

If this is formally covered by https://github.com/dotnet/release/issues/732 then this is likely as simple as running SignCheck over all the binaries.

SignCheck does not run on .NET Core, so it's a bit tricky to implement this as a "post-build" step after each repo build. Rather than augment the entire SignCheck tool to work on core, I think that the best approach here would be to validate the produced package artifacts after the final join point.

This test build is an example of what that validation would look like. Note that this validation only checks the artifacts in PackageArtifacts/.

New test build: https://dev.azure.com/dnceng/internal/_build/results?buildId=2614215&view=results

My test runs are failing due to unrelated build issues, so I will have to wait until those are resolved to get a final validation build.

I plan on doing two builds:

• Build with dry run signing enabled
• Build with real signing enabled in windows (current state)

The latter build will take a few hours, so best case I'll have final test runs by tomorrow morning.