Fix issues reported by code signing verification tool (#16291)

build.psm1

@@ -441,6 +441,10 @@ Fix steps:
     # Add --self-contained due to "warning NETSDK1179: One of '--self-contained' or '--no-self-contained' options are required when '--runtime' is used."
     if ($Options.Runtime -like 'fxdependent*') {
         $Arguments += "--no-self-contained"
+        # The UseAppHost = false property avoids creating ".exe" for the fxdependent packages.
+        # The ".exe" is not a cross-platform executable, but specific to the platform that it was built on.
+        # We do not need to ship that.
+        $Arguments += "/property:UseAppHost=false"
     }
     else {
         $Arguments += "--self-contained"

src/Microsoft.PowerShell.GlobalTool.Shim/Microsoft.PowerShell.GlobalTool.Shim.csproj

@@ -6,6 +6,7 @@
     <AssemblyName>Microsoft.PowerShell.GlobalTool.Shim</AssemblyName>
     <OutputType>EXE</OutputType>
     <RootNamespace>Microsoft.PowerShell.GlobalTool.Shim</RootNamespace>
+    <UseAppHost>False</UseAppHost>
   </PropertyGroup>
 
   <Import Project="Sdk.props" Sdk="Microsoft.NET.Sdk" Condition="'$(SDKToUse)' == 'Microsoft.NET.Sdk' " />

tools/releaseBuild/azureDevOps/templates/windows-packaging.yml

@@ -177,7 +177,7 @@ jobs:
       Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
       $dlls = Get-ChildItem $BuildPath\*.dll, $BuildPath\*.exe -Recurse
       $signatures = $dlls | Get-AuthenticodeSignature
-      $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned'}| select-object -ExpandProperty Path
+      $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned' -or $_.SignerCertificate.Issuer -notmatch '^CN=Microsoft.*'}| select-object -ExpandProperty Path
 
       Write-Verbose -verbose "to be signed:`r`n $($missingSignatures | Out-String)"