Add content hash to verify output (#6542)

Author: zivkan

src/NuGet.Core/NuGet.Commands/Strings.Designer.cs

@@ -1161,4 +1161,7 @@ NuGet requires HTTPS sources. Refer to https://aka.ms/nuget-https-everywhere for
     <value>The following PackageReference item(s) do not have a version specified: {0}</value>
     <comment>0 - List of package names</comment>
   </data>
+  <data name="VerifyCommand_ContentHash" xml:space="preserve">
+    <value>Content hash: {0}</value>
+  </data>
 </root>

src/NuGet.Core/NuGet.Commands/Strings.resx

@@ -119,6 +119,10 @@ private async Task<int> VerifySignatureForPackageAsync(string packagePath, ILogg
                 logger.LogMinimal(Environment.NewLine + string.Format(CultureInfo.CurrentCulture,
                     Strings.VerifyCommand_VerifyingPackage,
                     packageIdentity.ToString()));
+                string contentHash = packageReader.GetContentHash(CancellationToken.None);
+                logger.LogMinimal(string.Format(CultureInfo.CurrentCulture,
+                    Strings.VerifyCommand_ContentHash,
+                    contentHash));
                 logger.LogInformation($"{packagePath}{Environment.NewLine}");
 
                 var logMessages = verificationResult.Results.SelectMany(p => p.Issues).ToList();

src/NuGet.Core/NuGet.Commands/VerifyCommand/VerifyCommandRunner.cs

@@ -4,11 +4,13 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Threading;
 using System.Threading.Tasks;
 using FluentAssertions;
 using Microsoft.Internal.NuGet.Testing.SignedPackages;
 using Microsoft.Internal.NuGet.Testing.SignedPackages.ChildProcess;
 using NuGet.Common;
+using NuGet.Packaging;
 using NuGet.Test.Utility;
 using Test.Utility.Signing;
 using Xunit;
@@ -54,6 +56,33 @@ public async Task Verify_UnSignedPackage_Fails()
             }
         }
 
+        [Fact]
+        public async Task Verify_AnyPackage_OutputsContentHash()
+        {
+            // Arrange
+            using (var packageDir = TestDirectory.Create())
+            {
+                var packageId = "Unsigned.PackageX";
+                var packageVersion = "1.0.0";
+                var packageFile = await TestPackagesCore.GetRuntimePackageAsync(packageDir, packageId, packageVersion);
+
+                //Act
+                var result = _dotnetFixture.RunDotnetExpectFailure(
+                    packageDir,
+                    $"nuget verify {packageFile.FullName}",
+                    testOutputHelper: _testOutputHelper);
+
+                // Assert
+                string contentHash;
+                using (var packageReader = new PackageArchiveReader(packageFile.FullName))
+                {
+                    contentHash = packageReader.GetContentHash(CancellationToken.None);
+                }
+
+                result.Output.Should().Contain(contentHash);
+            }
+        }
+
         [PlatformFact(Platform.Windows, Platform.Linux)]
         public void Verify_AuthorSignedAndTimestampedPackageWithOptionAll_Succeeds()
         {