I am working on an application to be submitted to the Mac App Store. Because it is written in Xamarin.Mac, I have to add safeguards against unauthorized modifications to the C# binaries (DLLs and the main EXE file). Having read the manpage for codesign(1), I am using the following command line (in a post-build script):
codesign -s "${certificate_name}" -o kill --resource-rules="${project_dir}/Resources/ResourceRules.plist" --entitlements "${project_dir}/Entitlements.plist" "${output_dir}/${app_name}"
Since I specified the -o kill option as an argument to codesign(1), the system is supposed to terminate the program if its code signature becomes invalid. However, when I make modifications to (a copy of, for safety purposes) my built application, invalidating the code signature on both the XamMac.dll file (which is a sealed resource, thanks to my including all .dll and .exe files in the ResourceRules.plist file) and the CFBundleExecutable, the application still opens and runs successfully, even though codesign --verify says that the application is invalid. I have checked the Console, and there are no diagnostic messages there that I can find.
What can I do to ensure that if any DLL or EXE file is modified, the application no longer runs? (Try to ensure that your suggestions are App Store-compatible if possible, please.)