aspnetcore/build/CodeSign.targets

<Project>

  <PropertyGroup>
    <CodeSignDependsOn>$(CodeSignDependsOn);CollectFileSignInfo</CodeSignDependsOn>
    <RedistNetCorePath>$(IntermediateDir)ar\$(SharedFxRid)\</RedistNetCorePath>
  </PropertyGroup>

  <Target Name="CollectFileSignInfo">
    <ItemGroup>
      <FilesToSign Include="$(ArtifactsShippingPackagesDir)*.jar" Certificate="MicrosoftJAR" />
      <FilesToSign Include="$(ArtifactsShippingPackagesDir)*.nupkg" Exclude="$(ArtifactsShippingPackagesDir)*.symbols.nupkg" Certificate="NuGet" />
      <FilesToSign Include="$(ArtifactsNonShippingPackagesDir)*.nupkg" Exclude="$(ArtifactsNonShippingPackagesDir)*.symbols.nupkg" Certificate="NuGet" />
      <FilesToSign Include="$(VisualStudioSetupOutputPath)*.vsix" Certificate="VsixSHA2" />
      <!-- "None" means don't sign the .zip file itself, but still scan the contents of the .zip for signable files. -->
      <FilesToSign Include="$(InstallersOutputPath)*.zip" Certificate="None" />

      <!-- These files should already be signed by the .NET Core team. They have to be listed again here because we recreate a redistributable which includes the Microsoft.NETCore.App runtime. -->
      <FilesToExcludeFromSigning Include="$(RedistNetCorePath)shared\Microsoft.NETCore.App\**\*.dll" />
      <FilesToExcludeFromSigning Include="$(RedistNetCorePath)host\**\*.dll" />
      <FilesToExcludeFromSigning Include="$(RedistNetCorePath)dotnet.exe" />
    </ItemGroup>
  </Target>
</Project>