SignCheck should validate files without extensions

[ellahathaway]

We currently skip verifying files without extensions, but we should verify them because they can technically be signed.

[ellahathaway]

We should not check all extensionless files because not all extensionless files are signable. Rather, we should only check extensionless files that the user specifically specifies and/or are included as ItemsToSign, if we're using a build manifest for sign checking.

[mmitche]

Unfortunately the build manifest won't contain the signing information any longer, and wouldn't have had it anyway unless post build signing was on. Is there a way to identify whether an extensionless file is an executable on Linux/Mac?

[ellahathaway]

Unfortunately the build manifest won't contain the signing information any longer

Good to know. Current SignCheck infra assumes that it does, so I'll file an issue to get that logic cleaned up. Edit: Filed dotnet/arcade#15621

Is there a way to identify whether an extensionless file is an executable on Linux/Mac?

Yes, one option is to shell out to the command line and use "file". Another option may be to read the first two bytes of the file & check that or use some existing API

[ellahathaway]

See dotnet/arcade#15623 (comment). Closing this issue and opening a new issue for verifying MachO files instead.