Add a script for signing packages which can only be produced on non-Windows platforms (#6823)

Author: natemcmaster

eng/tools/XplatPackageSigner/XplatPackageSigner.proj

@@ -0,0 +1,38 @@
+<!--
+  Code signing of .nupkg's built on Linux/macOS cannot be code-signed on the same machine which built the package.
+  This project takes as inputs a folder of *.nupkg packages and code signs them using MicroBuild.
+
+  Note: because Authenticode signing of .dll's is not something Linux and macOS can verify anyways, this signing
+  process only code-signs the .nupkg itself, not the contents.
+-->
+<Project DefaultTargets="AfterBuild" InitialTargets="CheckForRequiredProperties">
+  <PropertyGroup>
+    <SignType>$([MSBuild]::ValueOrDefault($(SignType),'real'))</SignType>
+  </PropertyGroup>
+
+  <Import Project="..\..\..\Directory.Build.props" />
+  <Import Project="..\..\targets\MicroBuild.Plugin.props" Condition="'$(MicroBuildSentinelFile)' == ''" />
+  <Import Project="$(MicroBuildPluginDirectory)\MicroBuild.Plugins.*\**\build\MicroBuild.Plugins.*.props" Condition=" '$(MicroBuildPluginDirectory)' != ''" />
+
+  <PropertyGroup>
+    <OutDir>$(RepositoryRoot)bin\$(MSBuildProjectName)\</OutDir>
+    <IntermediateOutputPath>$(RepositoryRoot)obj\$(MSBuildProjectName)\</IntermediateOutputPath>
+  </PropertyGroup>
+
+  <ItemGroup Condition="'$(DirectoryToSign)' != ''">
+    <SymbolsPackages Include="$([MSBuild]::NormalizeDirectory($(DirectoryToSign)))**\*.symbols.nupkg" />
+    <FilesToSign Include="$([MSBuild]::NormalizeDirectory($(DirectoryToSign)))**\*.nupkg">
+      <Authenticode>$(PackageSigningCertName)</Authenticode>
+    </FilesToSign>
+  </ItemGroup>
+
+  <Target Name="CheckForRequiredProperties">
+    <Error Text="Missing required property: DirectoryToSign" Condition="'$(DirectoryToSign)' == ''"/>
+    <Error Text="Missing required property: PackageSigningCertName" Condition="'$(PackageSigningCertName)' == ''"/>
+    <Error Text="Could not find any packages to sign in $(DirectoryToSign)" Condition="@(FilesToSign->Count()) == 0"/>
+  </Target>
+
+  <!-- MicroBuild code-signing chains onto this target. -->
+  <Target Name="AfterBuild" />
+  <Import Project="$(MicroBuildPluginDirectory)\MicroBuild.Plugins.*\**\build\MicroBuild.Plugins.*.targets" Condition=" '$(MicroBuildPluginDirectory)' != ''" />
+</Project>

eng/tools/XplatPackageSigner/sign-packages.cmd

@@ -0,0 +1,15 @@
+@ECHO OFF
+
+SET DirToSign=%1
+
+IF "%DirToSign%"=="" (
+    echo Error^: Expected argument ^<DirToSign^>
+    echo Usage^: sign-packages.cmd ^<DirToSign^>
+
+    exit /b 1
+)
+
+SET RepoRoot=%~dp0..\..\..
+SET Project=%~dp0\XplatPackageSigner.proj
+
+%RepoRoot%\build.cmd "-restore:$false" -projects %project% /p:DirectoryToSign=%DirToSign% /bl:%RepoRoot%\artifacts\logs\XplatSign.binlog