BuildCommand: verify NuGet package signatures after signing

PostSharpAgent · claude · PostSharpAgent · commit 70b295441107 · 2026-03-07T17:04:57.000+01:00
Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/PostSharp.Engineering.BuildTools/Build/BuildCommand.cs b/src/PostSharp.Engineering.BuildTools/Build/BuildCommand.cs
@@ -293,6 +293,21 @@ void Sign( string filter )
                         return false;
                     }
 
+                    // Verify signed NuGet packages.
+                    foreach ( var nupkg in Directory.EnumerateFiles( publicArtifactsDirectory, "*.nupkg" ) )
+                    {
+                        if ( !ToolInvocationHelper.InvokeTool(
+                                context.Console,
+                                "dotnet",
+                                $"nuget verify --all \"{nupkg}\"",
+                                context.RepoDirectory ) )
+                        {
+                            context.Console.WriteError( $"Signature verification failed for '{Path.GetFileName( nupkg )}'." );
+
+                            return false;
+                        }
+                    }
+
                     // Zipping public artifacts.
                     CreateZip( publicArtifactsDirectory );
 
