From 15ac9485de282e39577e59744d5b153614a14924 Mon Sep 17 00:00:00 2001
From: Aditya Patwardhan <adityap@microsoft.com>
Date: Fri, 22 Oct 2021 16:45:51 -0700
Subject: [PATCH] Fix issues reported by code signing verification tool
 (#16291)

---
 build.psm1                                                    | 4 ++++
 .../Microsoft.PowerShell.GlobalTool.Shim.csproj               | 1 +
 .../releaseBuild/azureDevOps/templates/windows-packaging.yml  | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/build.psm1 b/build.psm1
index e278ff39b..ab5060ad6 100644
--- a/build.psm1
+++ b/build.psm1
@@ -441,6 +441,10 @@ Fix steps:
     # Add --self-contained due to "warning NETSDK1179: One of '--self-contained' or '--no-self-contained' options are required when '--runtime' is used."
     if ($Options.Runtime -like 'fxdependent*') {
         $Arguments += "--no-self-contained"
+        # The UseAppHost = false property avoids creating ".exe" for the fxdependent packages.
+        # The ".exe" is not a cross-platform executable, but specific to the platform that it was built on.
+        # We do not need to ship that.
+        $Arguments += "/property:UseAppHost=false"
     }
     else {
         $Arguments += "--self-contained"
diff --git a/src/Microsoft.PowerShell.GlobalTool.Shim/Microsoft.PowerShell.GlobalTool.Shim.csproj b/src/Microsoft.PowerShell.GlobalTool.Shim/Microsoft.PowerShell.GlobalTool.Shim.csproj
index aa845a781..d0203344c 100644
--- a/src/Microsoft.PowerShell.GlobalTool.Shim/Microsoft.PowerShell.GlobalTool.Shim.csproj
+++ b/src/Microsoft.PowerShell.GlobalTool.Shim/Microsoft.PowerShell.GlobalTool.Shim.csproj
@@ -6,6 +6,7 @@
     <AssemblyName>Microsoft.PowerShell.GlobalTool.Shim</AssemblyName>
     <OutputType>EXE</OutputType>
     <RootNamespace>Microsoft.PowerShell.GlobalTool.Shim</RootNamespace>
+    <UseAppHost>False</UseAppHost>
   </PropertyGroup>
 
   <Import Project="Sdk.props" Sdk="Microsoft.NET.Sdk" Condition="'$(SDKToUse)' == 'Microsoft.NET.Sdk' " />
diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml
index 07063f071..35da87bde 100644
--- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml
+++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml
@@ -177,7 +177,7 @@ jobs:
       Update-PSSignedBuildFolder -BuildPath $BuildPath -SignedFilesPath $SignedFilesPath
       $dlls = Get-ChildItem $BuildPath\*.dll, $BuildPath\*.exe -Recurse
       $signatures = $dlls | Get-AuthenticodeSignature
-      $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned'}| select-object -ExpandProperty Path
+      $missingSignatures = $signatures | Where-Object { $_.status -eq 'notsigned' -or $_.SignerCertificate.Issuer -notmatch '^CN=Microsoft.*'}| select-object -ExpandProperty Path
 
       Write-Verbose -verbose "to be signed:`r`n $($missingSignatures | Out-String)"