The single-file bundler adds additional contents (the apps's dependencies) at the end of the host-binary. This violates the strict consistency checks performed by codesign tool in MAC.

This work item track the effort to make the MAC bundle amenable to signing.

Original issue

dotnet/core#2811

Repro stesps

1. Create a console "Hello world" executable on macOS.
2. Generate a single file executable followed: https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-core-3-0#single-file-executables
3. run codesign with this exe.

You will get error message: main executable failed strict validation

If you add --no-strict option in codesign, you will get more detailed error messages:

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate: the __LINKEDIT segment does not cover the end of the file (can't be processed) in: /Volumes/Data/temp/HelloDotNet/bin/Release/netcoreapp3.0/osx.10.12-x64/publish/MacOS/HelloDotNet
/Volumes/Data/temp/HelloDotNet/bin/Release/netcoreapp3.0/osx.10.12-x64/publish/MacOS/HelloDotNet: the codesign_allocate helper tool cannot be found or used