From 11ca693efe79942bc3b2ffd721a7610c8209fc16 Mon Sep 17 00:00:00 2001
From: Geoffrey Huntley <ghuntley@ghuntley.com>
Date: Mon, 14 Nov 2022 05:29:45 +0000
Subject: [PATCH] feat(windows): add product information to coder.exe

---
 .github/workflows/release.yaml |   3 +++
 .gitignore                     |   2 ++
 cmd/coder/coder.exe.ico        | Bin 0 -> 192254 bytes
 cmd/coder/coder.exe.manifest   |  17 +++++++++++++
 cmd/coder/versioninfo.json     |  44 +++++++++++++++++++++++++++++++++
 docs/CONTRIBUTING.md           |   3 ++-
 dogfood/Dockerfile             |   1 +
 flake.nix                      |   1 +
 go.mod                         |   5 ++++
 go.sum                         |   4 +++
 scripts/build_go.sh            |  25 ++++++++++++++++++-
 scripts/sign_windows.sh        |  38 ++++++++++++++++++++++++++++
 12 files changed, 141 insertions(+), 2 deletions(-)
 create mode 100644 cmd/coder/coder.exe.ico
 create mode 100644 cmd/coder/coder.exe.manifest
 create mode 100644 cmd/coder/versioninfo.json
 create mode 100755 scripts/sign_windows.sh

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 8444e30baa030..da114ac091eda 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -119,6 +119,9 @@ jobs:
           AC_APIKEY_ISSUER_ID: ${{ secrets.AC_APIKEY_ISSUER_ID }}
           AC_APIKEY_ID: ${{ secrets.AC_APIKEY_ID }}
           AC_APIKEY_FILE: /tmp/apple_apikey.p8
+          CODER_SIGN_WINDOWS: "0"
+          AUTHENTICODE_CERTIFICATE_FILE: /tmp/windows_cert.pkcs12
+          AUTHENTICODE_CERTIFICATE_PASSWORD_FILE: /tmp/windows_cert_password.txt
 
       - name: Delete Apple Developer certificate and API key
         run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
diff --git a/.gitignore b/.gitignore
index 25c5e1c798913..9bb066d5f53a6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,6 +44,8 @@ site/out/
 *.lock.hcl
 .terraform/
 
+**/*.syso
+
 .vscode/*.log
 .vscode/launch.json
 **/*.swp
diff --git a/cmd/coder/coder.exe.ico b/cmd/coder/coder.exe.ico
new file mode 100644
index 0000000000000000000000000000000000000000..37cbd495d195f7d3a972644362a61ad29334011a
GIT binary patch
literal 192254
zcmeI537i~7y~j5R5I`W|442t(i72QbiUP98C8FXJL_wci3J7vvay;0@$DyFW!yu=M
zfFQ`}2Lw673Ic*4pddF{AOdm*2oSF1eSb64vpqdCyEENY)zvfg=ksN!ySl3W^{@I@
zS65YcdV0q2U(X+V`2Uoi=UyJ$vs6z{&xb*$_XM3U$wOnyf5ZQMw7|kBwK{wa_Jbe8
zsql*i==@3Wvo<)6YmaV&A93yBZE_IT@82T3aNQSS4OkN9g}h}C6qwrvbGY_xcpaXD
zN8xt36n+Z3LLW?q`5;KJK->Zga<DE8z>V+}yaDe+JMGYyYvm8py%pZ!y4T=oxC?#<
zhrkzLd6)-WOS}F*n%z~#m*D}p1k^vS2NNMk_gY{fioP}c0bYU8+EF)!zll8_hVx)Y
zSP5M91-p}%O<SvfoC&wWVW6>(591!x2;#s3dI0+zTnW0*+iYu{koJ4n=m|I*wtxv>
zQ$9lCgW$q;>I?o2r@^PdRUb!IL2|IbBIJ1}=sD3v`|7kj)L-5NJHe7*OD2=>g`mF2
zl?~M<PJk&8r1LDG=h^c?&x5YoRHx=68~zn`hQ+{!C|%u`-vw88)Og??_$q|407mE#
zS($QN3#wmNZK)gb(Y*UK_%e(K)1qgMQ@~{(pnB7M;o+b;q9Db#z;dY1%53m^i#B+b
zw9kMKfoah*+f;D*ETBF>eVh88uugyx3My(lzkzPJ7yD4g`?2-5V0xWhK6nneE~EM!
z^*w4wL5gL8F{pbGgy(&?e)AeO|0!q-oJr9*?s{<D2fRz3$AalTjU<Cuw7|Ngt+gH3
z?Iq+_-g|U4w*RQ%`dy3k9?qdowYP9b2vQ6Sd;m4I|1<bvzBag*I_NXpWWGUq+P~wv
zZXYGjPZ%ysNY0K0wj|kE;JS^3{OWB!oqEvw6nY*rAzGI^9`abr`7QY_V4@Hq4Qm!q
z{agXT7yYrpGt|d6V5$#ThO}<Zp^kM=QC}9sUkm8D|78gN@0Sfs_W{~-kjHa?){+;7
zAbwh)AGLz-`)Pw2)XnCGn$5hVb9xSS{RVmdm!UF*WXxJX{qju^{NG<2JV^a~+EBHx
zPCC<bsPBu()5d;BLuTpPWc2Qs#+kwY{kDOg-FpqS(t#Z6`&se~YXOET&|or}_t(D7
z;Q#*HK>IRHJV&ocIvP{BuJZ%QGl*Xn*cWwNw}X&hI-6@>=D{%5Kok1k9O_;Bo8~v5
zdq~2Z1+*?4{INJT&^z~=7^wa=NaJb8b+7zZHK2P)!kh)pB&p#4#j?Ro)Y+trO<)}H
z&vIP%8ozu!quwF9SquD%<bwYf%LdxV*AH3u2I)J-TAOoO|3{Nw5PvM-lmF}8(YHYF
zj`)K1uSqAp)8^7oM$1cM=}$oxS)9nX!)SS#48MZ>!h3;PYRzoiy!~JIAAJ`~@4s#j
z8^L-Wv3^A-ja&DDsc;Lt2)YlO^o@4YI+y&juBi_=F2jA~w<HAd!vcBvzt$YD0ev@a
zF~~ZWB?%`YJ@sviwL#zg*Zp%gwClSjuAfQ1n?V-YfXMn5kqLcTN#j}aS}lvhA+Avi
z<l+A>P=W(N->NIRXbk<|@E6eYODjHL@|ugtQ}1u3l_iLH7nsy(q_k#{*M<<p4-2^V
z|EDPSRxs9&;v3UqDN;HdbblME{hJQc7+_;aD;m$72B!6DmY(KO^u4nneptYz|Gz?!
zxAUXeR<ux`rt$Qx(5(I2IDa<z%>!v=XClr48@e@0bFZ|DhIqy;;L88izK(?~?bLYT
zEhV@D>0Sb^{yjvk1+1Q-ET1K=%Q=9747!G>W-Z{#|26MB*{tebr=~gX^T1Ufp!t-v
zvOEzVfkyXg8|O|+t7wR4+yXBAU-$kj?bCRn9VIx4d@ctYK9o#zkbJZ*kw*0G$7zsE
z)7G)}oCfj30xtZ221V6-#@#3@QfTdOu;oipx|&;AH>H6!2Y9Xn9V1;eE>fO0MbDX9
zn^_t3uEVOZG=#lJ7$GJu{Qp|=%d$olQ@4;mH$rQ@w-dF0TYnG9U>(iP*wQPR?giv!
z%m0@l?d{=wxCfqs|A6j655Q%xH>h723*9a*{Qtx*H?rFL5ny{R;A--iKc%hZ6G=a{
zb*#Bj)4r#2%kQ<9VYI#4s)xtmFwnYfH;W7Z@5X2UWSi31^ER;MQ%d(q(0wh9e49vf
zz@~mt+PVju^ndLiJsI9;Q-AdX8k?H_H&;lqFyg}h!+LMIIqb-vcOdcu(|>1^_E#W{
zD4zCYo7SmOdM5pU5p>pkVwSPh9mLlhK{rb9e|NRM1X<bM8>BI98u>htW<eu=HGR&M
z|7#4P@|x&VuO}Ui(Yj57|GTa61IW&_KgHA2+}gMlMOueA+DjZy%hqpG{=XjjnwnSD
zv(HhWxtea0;QwxGThE&R23x-MSJIxCqDX5J=Ov4J#mj5L|Hq^2Zw%`@M0#2FQ4+my
z68zt7m1&;(Dv0}o$=^eyJq6kowR^pnX;PPFX_@f<b<x$-y+5w!;q4l(;MWKLcVB^e
zW{tNwlfPdk?KJ;Zi1x>5o!q1@&C)XA|3{;%#_Y}VNPB)7X)XlaBEkRN*Yp--sk!>J
zZFHn~n#12bMUg&492@u3M!K5t|36!@-&3T!QVRPOHA?V*_cf=z(6+u4pmi{<<+m$E
z^Z#ckV57bz>p9JV>V3#=k>LOCYg&8G?uV>xwORZ<QWU9Z{%>oqg4RGkpTd4cjS~Fd
zea$UQmbXAN|IK>-z!XI)n*V3DQM35+{|!^vuc%Ri|GTd_tpWTAnzg~K=hMt#7tR0Q
zwPe3HNp}<I7770EzNY6ROTDX;)z6#7KO#kuist{XS+bw{l`T`)uc%Ri|GTd_y$gLE
zH1prA=YN=@NJaDi85ZrgTMGLXHA?V*_cb?xEN_FXe%>tpekqDnH2>H4<eHT~>-nFg
zuwPN51pjwmbIXwBLy)zdHjBSYiXs)w|F5!Wzbi>w`-{6lg8#d(<&Tl&^U%zHvz*tz
zLGtw!MJk&A>wW($b{Z+}qoh4Kg$;`sCHTMlTKgJVns{fmQ5)7bFg8k2q@wx%UX)RN
zT_YQ0J@*#rcFP=K@c$Ifk}=9LmfEe_z4q{@`Ibe|{C_jbX=@EYcKij5flim;|88qo
zbALBO)_YX5_?lPH{6f1@H2+_P0_q!n&Fql%yq*D8Y}bedygvB9+e%xX?DVbftnIT|
z{2NGn!4yR*n*ZzHEU>wUY7Xh|pTdqsixT|bZH=8kcFla(#CeTd(@4?$UuD!foe7&Y
zOGDoe|DZDJU<v;3u5$HW=_Amry=6VGdsf=LD@FAGttqdqc~sSf?0Fb;vIPHkSG)aW
zmDR^bil61()gt=8zI8ri*``mD{@T!~68zsy&8|r{YD**eZ`LsFiPO8qX{3n$KOY6X
z1hU#~wD?z$$D(PBT7Wpg|Ls?j=Bh4$(b`$o@L!V0*p$U7qW`O?yMn%XlGS!2#n(GQ
zKZ1Fo(<J!6{TlrNS!hqmNNp@@nA+&KG8Cn#{=X_^wmq&=-Dt0Y_Eo3tUy16a1pl{N
zEt``3GmzE4M~knu@GR@qMfLxADEGMz>?`}f2-`y^^#Q^EsZdMuY0~{CjOM#0!hcOZ
zY5v`hsOUxYf9bEix^IFBJC2sd3*_@X=#*yxJu{A0=B(k`tKDs~9tFM^vf8ed`1+Rc
zRv8UkWdGOP+|7<`t@?Ns24Er-U8YiiR@zvWYr4t*bzj&Ho^W8-s7~%6uO%Ui6xsh(
zZtZ(`4<eh`{;T<x%V8}j@_PbDIj~u`_<t|9JP~w%u-*RR=^sdbS*7UyKM4b<AB@|@
z#qa6lc@QiOMHJ0x+O|`t`@inJvZKcPw%4MPb@ecLY9CBiDZ2lw{ND%Nmy<TKeXMcE
zU7&TIUMSN1;HK!ScgAhns1yBvJT}w6<Dq}gSN9#8`%p)!n<L5Fgmi-cYwwfI@2Zbf
z4+>L1@Ccj&Uxvw`=Ru!E_YT|Zr@r{Vp3{W-=Oj@WL3N^e^@Tw7xdH48m%$8heZP;l
zK~wjBiqW$Q6zSjplFp4}8&2B3pT+B-*>COlP+xEb90NPS=I~iq6SOw8F=(zx&u>2l
z^&8??*dJ6DUAq|A8dK<9(d(dDIZT{)>Ho5mp2al(zC9cUKZ7&iT(}S}1^I8p@A-WJ
zoCjJDITiFAFHVPxVGy*&{yNM76L!gxhWed@z?7^=Lh8@5=+tUl&6}xDwIOQHzlBzH
zadn;QOMSv?FcUOKq<(6oIm>ql*PesFf#&JI0_qD)%K!=5w1W%(*Enl^I0gOzvU8sI
zW}Eg@+PA?nU`l#PXgb)|Tj^g5^Mft<I0-)vF3RFE5AAWd9rgs1b+0k4`XpOrvF-oM
zq5DaozS341d`ee++g4ywmL;)=z(qOlC7&fsD&HWj-8nZKT$IOk9vU;;1>b=WKvr3p
z1g-~L<*@1hnuEI$d>E74vR^XYGbyj;A5F^QBz89>^RjXL68U`6r1A~YT8MLcp0lC9
zFKKE#a1Q9%EvxKC0wX<(WGS;P|NkI5-vC*3D_UIn=t^K(^xQlRT-oDb(*<ad-YT5a
zebQB#^2$f+Pnz$_B1;qbPOwo18~(oly6Qe?LtkIh)O~YHupyd{)7+@5vfo2qy*3Jx
zNOKd8{|&Cnl~+EGQN}G2WpDRTV*t%Lnl6J4|Nl06YW~!;uD+(HdN~|y&6|^S&vD?g
z{HKwh#_2Xi>$=|s&6&6?TON5$r;MM6w6Z7>uL0A#oA!T=`|q}(r|EK=Oz+o}cM-5D
zJCpePU{ddq(t4Y`&H_Ep$WLvF)`kuNt-p<=PbY+FT(ugcmGy~edc0)X{|`mSZkq4A
zj`A*_wnE#8_ZhCWxenCGzf_M8!qK3y`pPf~mTZFNDbk468;=JY<J(5%%JbaClr!zU
zLjCZbpt(g;WiaXgA4ac74eDm9jJDFz+>XlZLgaIQ2U}$sEnPj&Jq-`R15MbT^J!&a
zBAyJL-Uq0BdKV$BnC>f0`u{N$YP5FLDdG1~*0s}CVv2a``%eX*?YCcwa>b*l570b^
z$@`m+_WBoP)N@r@G1*s|@_*e2p8y~2ZCWQi$E}mL@-oEJ9J21irpse0y?ry3EsCo9
z+YiC@vyLenw3^O9RN$0<)dw5}+N<1Zo{g^CJ!SsMXx(z}|1$;uShDbrjwh1OAT+8+
zAI_QZf0=R~_zpY;K9tLb4jKcj09izHr{9EsK$<x>-Ald*Sw(Z2kAn?6`I4sQ-Y<hJ
z<2Isa7Wu_n;EP@2dYJP6$VeOTL+?_=^XR1C{gh45by;N!2^<Lz!n@F_jntkeKo*hy
zoqq3EKY1e9-WT6WJ!nn-B51XaU0!F}|7DL}I0HIyPGE>~nHo!uB`w)%2RIXM28}T^
zAD`p_&gq@SDUemxB7sgGrwviQonbuqB5R<?{ovBKTgl6Y|I6kJz>c8%TPu1L>6%|r
zCe3-66!itVPv|{FtxYGH#5p}<Wfkdt4iw4Wt?H_Enkzwb{3ga|Bx6*x9zPvgEsu-q
zZ25m=xK;RZD!lAjxwF_-->ldciYVVk=~<Aa{65CjT*f|-_1TCdtjb2DelPf9L)-o@
zW6lSg!d0N>GGEG`MGwv2Y5lB7@)4BPb3~SM`xf^l%JU0Y9elj!qgI`$-JAzL^usRv
zKQe&Ew_k;;Jt=$EwyZgwiBJSt3?(mttY!8kzWn|-@Hx=^rD(Ds3U3Y9!E2D0U0wP=
z#Vm=|!M_X_z;lph9V{<<#q)g+-H!#I=9y5ZPV~%w0!ZJu{zdz(cJd^g4n_5QRId@;
z6ZK4>G0d~zx=!-&e~MWW`OTW}KX41o1lQ%ynxCF$WW#abqs)s^dcUWrYccZqS6~|K
z4;nlBYHL($ThuqN52rx4`G4G4nzxZ1)E8U}Pr=)e)jwUtSHHCfn3$g@8DpaURX&sF
z_%e<CXQT5FXujx&@LAB9v6Dp4EStflp#Ck5olL~Z^Zrk<8;aHrwQjH_909+BJ7Eaq
zYw8!?gGS}o{X+X`bidPjP@`*XoYS7(LqNLwAR1Q=fXn&Tx5)2)&=_6zkp16>q`g%~
zsz3R;)`gycTj5+d7`A|wK=;N@lqnSIR8U(^+Q#*<kN%HYYDD+diLfGk8omfx$J!mF
zzwQwS!rt&**akL)<DgOdvt?to|DVIskf%&0^Iw9?{!cd5+WWE~-_<=^b38kM-ksbJ
z4uE}NH`oqz|63b+LHGAg8rM^th9bM%4z}80yXh9e{~H>zg_9rTn)@8vTK&y5*Z^F&
zXZ4d`0JX0<&~97Ea=rFM$lrrBx4`EJdJwYM*>v1a_J7rc%Gc~!!L%*o={-ljN5cv*
z25ig9WS}|zmmsc(tKWJ?^X1tGRlJi`(dh5ssy<rHr_=p^DQvE1%U11S@;Z$L{so7E
z#>8X6q$oY5dl2Zp;`*K++3I=n*1auAV+$<E>GL77mrs8?-Tzf1-+);;+F$*^<1iI8
zccDHhZC{{xOTZ?eHKWHs>F3#|P9%TV&pKpT7}*w0--JBts9E0K;Qtzzp67}EH6MR3
zoCUjr?wfi>SPXQZ(7KR(N$d7HUKDy^UDz2;gS$b`+s*3K<@tZ2hn_uxG`4`&wQmHM
zb<$2=-QfSKnU90+mF?KZ_O%+XYi(ZZW%B78;16&KXfFMFxC^GktC077K4}k)sk9Cg
zq`3t)Cn(RcXR^+c$KB%ps-fLLYjjB)gyVEJIU8Gc>KZ*o%PgAr{Xg)zeeIXIl*LIv
z<LPt2=lUp$ZW^zIaX&^FK{QVzJLOfUZ<F`4@G#s0*Co*Sax3U2S&72l33=5?C*=D)
z_S>SH8coWwu0y;$_VzwQzGs4bdo|F0w1q+QU`giTT(`+a6nF-7f-kx*gZAud%$Rol
zf~Z|1J5f^Cb2fwIxgKZ^IY@I0>`0L2)Li>dk@Hhqo(g)73NpF{e#|8<>-%Q%(^^uH
z(Ji3$wZlQrNG|KB$a!6at@KPAWONJY{;NHauIl?m^4fTGwZauK3w(gzKZAF`RXr6o
zpKGyEF9d1L0(#D#2CnM+Jo3^#El7J7(7ebg@GiKjtD@!eCv3AK1Zmv@i*u>=Zn&sx
zwcYJnS1nwbu)rc5pA2CfP~TpI?<X2di-*f{-9zBQ|DPkDkG7~+xU8`SG!FO)g#AI~
zHmkY5D<I4#VT2Sig*Zdt!v7y2pGgoTn+3F&?ErWgT-2Mdd1xGT7T9Q0+7o9RvdCTZ
zyyR+)`3~}0H1`sBh636T@lALFeDzP8dd;NVN5Dd0QuNN_(QqMLU>SXHNPT&pvI?1N
zTyC?jqO|`?J`?jSYzOAO4rRIt@_MH}s#}+TAECVJ`_u=TmK{j&J#bMTt%a%n@{|ve
zdGP-{Yan~x%aDZLZSVAbLYhCm9Q2N)E!mrdUHHE8&^y+f+A2tk=?4FA(NLaWHXr(Z
z9qxus91A>6x%B-Y+vCUJ|MvR7F#e|jTb9YBul0fdfUEnM&3tr^{2hD}T<qoFg?wD~
zpRbWuALJ?F{-3Ay?c}XJo$G=8=5?^?pSIH0-2N@F4Y=ILKZX3xhuh&cizt2V>9jqb
zA&U_u`2UFJDRkfhXul;~4YR<OubNC(elOqn9^|!$U(Zt7b8Q<N^OvaImIVKA%Up%L
zSZidP!*4;)1+K=o?eq)kpRR|UVMz$$#sb0r-PqZOT*jlsT5uF-o-prky=p%HQ8)v>
z0E<8nw-yNg@7CTv<feUXy2pMAP6oaIp|wL7<AS%yN9*@`4{Qfm0W@C`Bp(X||If$n
zzT~RDK<|L95Bq}VzU~2iJL_#|XAGabR{LmXg5EE=3N-FepQAMjAD(?tqw6L3f7dsG
z8UyHFta-POf#wd?C!7cug5I&a4ekT^w8rkbm){Q>L)-+H!Rc@qYzLo#<v`CKLHx5o
z@PGg6#7B*^_OA7W383+U_Q@{|lR(cBdapzCjN!hH5eg*1{|i)ELDgUZ!xjksZ`hzA
zxnO|;Ss?g-fhsGg8Z2Pg0>S?c8#E;6g#|QUF>eQ;`4p|u*plG?wk#Xc&C3E>Uz`e8
zfZi7_GMA$NwqQ$w|J$-`NH;GF>`BJSy$D4<w)x&{@c+D8X~@@>1+@2|$o`(x{a=(v
z>#a5<_`eOShBWiEK=A+8tsnfqbz6lii(vunSxnwTi+p?s<<b5s8xs8AhE+qFd0Jp4
zGXFJ9gBuIZHR!MTKU-@6!T&LC7s?uxS>M!h`E4DSX4bly_A3`1y*FXY_f;Rk|7C^l
z6MZ}XCAbd$2R4RfL2Kqgy2k>+|GTHI<0X~<$DfI3ar_`?z4=Jk8Z<sw9u|RC_MzxL
zrR#LP*5KEH9YNn53F4;(g8%zjFSfNx`hUDH&~JU4N8^J>;8xHcnzP^p=!Zk#;L6_t
z{vHo!g7)0p29LulFb8&lAbwgP_`jd^Vq2@x{6E<rWH}E0Z@V_rryu-3z3qw|Gx&dz
zYtNkS!T-(KvPdZf|1VN)+0!-nzdhUfoO1AgpKHgRZo&WE+1jU^g8%ze8~N!H{69b2
z=b5uh|NlXr1r2$RXaV{Ee;~{JZmV%^zQ;IXAwyuD1zh_7L3O#?KcRgH^Lv7H@l~`B
z^aW_uhqGK4{NJBe;L`tp;<(t_|Nkq{_sXx$8R?*X6Vk~?*#M>V?+|D4>sI3i|M#Z_
z9O<ae)iy4GaSn^VkHfOH+V-`_+DG{YO6lKeX|)_#t_%L}PYXEQQJt&3+zGbcUu|U3
z!yJ~aRe#X_NFT-JIPfnRKzqZ3<Zl5zlegM-vtFlt#A`b&a`6AwjIDPIuY|1i+iLtl
z^3uN%6C{5N?2QVo)|-jzT+RXdIR4jt);IYG3e5l$_1j7snhVjKY>@mdurn&OQfH>F
zxt;v<?}WLK$z*a0=v~H3az;9w4q9jPO%6aIQ}x?QI(j$E=d}>u>c^%&+mN{4@oS~t
zOkDF0d41nzff8x!U1ZHU`hd;vcO;74^5GP&ybny&ZL4XVOMX7u0=2qMHl@UGK&y3U
z;<|^)?-N~TY5xkW=l+wyM4h&i#!3E}qH8r;lajxjLmRk(JXh#itLI;EjlcH-*L}bG
zi9_=*e$b#|fhqi*4(;^crmnq-eD!UiFc!oJ4rO8T(%Q&OFjbeWrZa~;cZ48*SYRS*
z+ySlDpXuwKAa8v?NON_eAHWC}MRV?ba5=mUrt7km^fcbs7=rj=0gVHH53SUlt!uRJ
z>;cd>#l8fqfchnUvv*#QjuHCzJcHC)K>cQ9pXl#=oYNZnGNA7-{s8^}c|7aI+s(7+
zuo?vM#{$QoO1zHp{5>08o`%1{AK~|KaRsfR?FvC^EuinJYHxL9C;hzw20`C)eFff!
zJnJ>e`)>4D41)M$fp4LTtG(Y*J4pNY41dh#jV4>5NnYdmcI#37l-6Q{_+x>OqssHp
zZe8YaeenPKc2gw(Kd@f?a3*I9Od$WiKpy_wZl1ya>l;f^{Qosn->_c&aK-}*9FGp|
z`eGi}2mh~cEJgAEdr^I<diBE@4=k`bI^?kzq}@Iw_<wz4DT@D3MfI@8TVH=ZoLK@T
zH0R!~Kf1m?_<wzCDT4p&-twh-)x#N&EYOcGuKl^){DS}2H<%*$|81zfc)jZ3j7JvG
zI=~EQ*C$<GAN;?*!T9d~+Vi__z1rc7XBN=9?9aiaKewA#@c;To<GcUgkIGZ()edJo
zw1D0Rd<xq2OIOzi|F3T}KKsA+9qwPRaya9u1vEc<B>1vlG}*5N|F3U2KKuWlQ8%pl
z)z_KNXC|TCG)VfM568j(>syYm{{I51ZdR{uI8y)%Y=Dk>561_ekLwWpzrOMK=>Phr
zoW6A$_WIY?S5eOFgrcuP-2d|a9sIw(_4wxhn(x;){<N<=NO3KockeZK^E%}1_fh`A
z|Lfb6Z~lK7DlSv6W;jzo3q*auOmvTYFweii|LYr(FaEFlzP{J6T)m3nOo1(+K45!z
z67uwY<sJMVBP7HJ|9=ymw09)T^(QK)Lk_hr_!-c@qwDhD3rO}i!T;+URNnsoC@Osq
z^u4wqooxZ_;XVK!1C95R{%QL-_&-KZNM8Q0XTq~#jf6hou(K_ovB0WuG&~G0_X-97
z$KVNZ?f);5|3#p+{rM8Qgv0K!fWF1M0_*|TfcAUX9uoxr$H)nB;s1Jn_wR5V=zGHY
zw}XNN3q%%JkRN(?V0SnV?g8}&`kt@JJ|Xx&22F@*|JVGE_I*48S3^H+0!xC%enEl-
zMzX*>1TGDlFVwn$zAt_u+yeR@^)sMn$25II@P7=KkTm`;AD;!!gXVJn23Nu<uoq}-
zzan@!r#CkygD5HK<=jyDPb_q<?mZ<LQw|>&59GJnU|IS~@q7AfFBpn~dnS~_duzi7
ztKp=qM$Kh$8K{Q$lru{xFdW>|H&-9wmY%~>RiBXFa$$x8`K1_<jGwE?x7q>>7mux&
zbLS2a-WN|G9!}1K$#9jZDh&)!6W*r^s5O92RHe7xKtt6)eoUAvbtuNLj21pfgsO}$
znWM(QgVjKOj4K(idH9%7!l^-0si~lv^hXWvA0>XDDrkiCOX1`)EVcRfmMU;Kv|OPj
zgO(af<M6&x1f?{gVf_A5c)4xss?uTQe;ilzEmz%8({Q!q@udcmh#%EQv+$@r45$K!
zxGE7p3LlKZ`{&NB+K`h`I8n!y8el)oq_2_);gQ1<KBf{rv!}N{90Nq*L)A#J_!uAx
zAFO8DIDA09Sdv({YN(R`Kx9<aN2FgYTse&tzhSs4ppw3R)x{6tar^X-VxO$xeRb*A
z)Nj;4o7I2g@TmO_^h6Cf7C+WLTL`bTx>)>J`zL<It773p@%A4z@Y?Xm|2SJ|z_D<C
z#=<KNG!{NE96r<&-R5H9oEu+h-wH1qcsN|<jl#=)nQCA-9P{963h6KXzg)oK@S#|^
zt}QD#SoKexD&OGxOSiFd4OGHsj~j}IOBaMJ221fP$LL(nzjBO?hDzZ&D~ZCRQ9*wt
ze5e!}Y2IHR2XL;p5<b`@yi{IldY}?Mw~~K!qGT_^E5Ya^O|a}>`OG+#v?iQm6}%EY
zrW_urOQ)xBiao?1iEh{vs$(<)6kh2@^{c-W9+`)nD&eI+3Mc6arMteaCgVzY6r&H-
z%cBZ~qj)Kxe4j6$8Hk1VSHq(c_fnE_qtMlJ=ayB)4ud*Y+B0FO^t;rgOGPc$TRD6-
zT2;bJeZJ0C?8q-lj8=m>Svn|J1>uzf5RMF%f>pfoZ^A1kE#F24%He$qAL2LRl^WEq
zYW0<Vs{(aa*C9Grla?}8`0P?}X)syQ1?wYGc*R0}oQhpqZXl&xhe`?b5?*e-l{=nJ
zm%_`rD$(+lef&ZOqwsRNiZ#HgK7~niP>Nr%5vMpa9Ik_Scwbq)e#J$i`l<dNU$$<)
zP9SyRN)IWA4!4ieaXCo;ujH5rAE;hX4KLX$IvNhI7^h;(D15LQzuXSUv?l&g<M8Um
zQMaLXS`o$XjShyxYfkk=;ib$<c~nm+O7)=9FgVp8MNxS5pwh576$MBAOXZl5l0*fr
z_CJ;Ifl4^$87%8vlYZnFB{wSjPi?r4Bov?j%PzIyQ33m!ghvJJZxSAL6C~U){fZZ=
zb{mHeak^YP1LZ%p`c+&D^&&}xmn|Fx@;4D)QlQ$n8iecm-Vx%X_i*Jjh);jeAB$d>
ze>_aTllmD7AEX!>9yCjTprvq1+C;x{{2an>FB@pEnf`<QwH8e3KiD%TUj23DBjIic
zm;FlRthZ0;`~cylcHSUd=Z%FAkx{(L2Fv+Y({B*2&U3VIk|~!@KN9KJ91jpqdR5W&
zebu8<H&qv2y?In_kFm>3J#ef6l{(a9_;3$0L~gbDm(G+duUMs{n*39QS5vE|SUppl
zn!;7z3H_>9rwosoBXPejmv6Li-KMHiGH6w!lKwT}r8`t@c&xe-<B@XyHR18`PR0Jc
z)y(yy-afVA19kT6Q?#nohxb>*^kc9teob&m<(l$U56ai60;{KnIH)mi*#I@+HN`Kt
h=$i1}+Wh5uHR1h<a1@A#SAR#BVd3gI^y}66{|7~=wm1L)

literal 0
HcmV?d00001

diff --git a/cmd/coder/coder.exe.manifest b/cmd/coder/coder.exe.manifest
new file mode 100644
index 0000000000000..be7ebfd788e22
--- /dev/null
+++ b/cmd/coder/coder.exe.manifest
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
+  <assemblyIdentity
+    type="win32"
+    name="Coder.com.Coder"
+    version="1.0.0.0"
+    processorArchitecture="*"/>
+ <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
+   <security>
+     <requestedPrivileges>
+       <requestedExecutionLevel
+         level="asInvoker"
+         uiAccess="false"/>
+       </requestedPrivileges>
+   </security>
+ </trustInfo>
+</assembly>
diff --git a/cmd/coder/versioninfo.json b/cmd/coder/versioninfo.json
new file mode 100644
index 0000000000000..3da420c00dfb9
--- /dev/null
+++ b/cmd/coder/versioninfo.json
@@ -0,0 +1,44 @@
+{
+	"FixedFileInfo":
+	{
+		"FileVersion": {
+			"Major": 0,
+			"Minor": 0,
+			"Patch": 0,
+			"Build": 0
+		},
+		"ProductVersion": {
+			"Major": 0,
+			"Minor": 0,
+			"Patch": 0,
+			"Build": 0
+		},
+		"FileFlagsMask": "3f",
+		"FileFlags ": "00",
+		"FileOS": "040004",
+		"FileType": "01",
+		"FileSubType": "00"
+	},
+	"StringFileInfo":
+	{
+		"Comments": "https://coder.com",
+		"CompanyName": "Coder Technologies, Inc",
+		"FileDescription": "Coder",
+		"FileVersion": "",
+		"InternalName": "coder",
+		"LegalCopyright": "© Coder Technologies, Inc. All rights reserved.",
+		"LegalTrademarks": "",
+		"OriginalFilename": "coder.exe",
+		"PrivateBuild": "",
+		"ProductName": "Coder®",
+		"ProductVersion": "",
+		"SpecialBuild": ""
+	},
+	"VarFileInfo":
+	{
+		"Translation": {
+			"LangID": "0409",
+			"CharsetID": "04B0"
+		}
+	}
+}
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 6a1543597d4a2..82fc30fb3c27e 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -62,7 +62,8 @@ Alternatively if you do not want to use nix then you'll need to install the need
   - on macOS, run `brew install pango`
 - [`pandoc`]()
   - on macOS, run `brew install pandocomatic`
-
+- [`osslsigncode`]()
+  - on macOS, run `brew install osslsigncode`
 
 ### Development workflow
 
diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
index a05a1266ad286..d2318f819ed8a 100644
--- a/dogfood/Dockerfile
+++ b/dogfood/Dockerfile
@@ -124,6 +124,7 @@ RUN apt-get update --quiet && apt-get install --yes \
       openjdk-11-jdk-headless \
       openssh-server \
       openssl \
+      osslsigncode \
       pkg-config \
       python3 \
       python3-pip \
diff --git a/flake.nix b/flake.nix
index dfc44b91df36f..d5ab4f1682049 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,6 +32,7 @@
             nodePackages.typescript
             nodePackages.typescript-language-server
             nodejs
+            osslsigncode
             openssh
             openssl
             postgresql
diff --git a/go.mod b/go.mod
index f38504b38d9dc..6573a2bbf8adb 100644
--- a/go.mod
+++ b/go.mod
@@ -302,3 +302,8 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	howett.net/plist v1.0.0 // indirect
 )
+
+require (
+	github.com/akavel/rsrc v0.10.2 // indirect
+	github.com/josephspurrier/goversioninfo v1.4.0 // indirect
+)
diff --git a/go.sum b/go.sum
index 29b60a8021290..43751420da431 100644
--- a/go.sum
+++ b/go.sum
@@ -170,6 +170,8 @@ github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki
 github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=
 github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
 github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
+github.com/akavel/rsrc v0.10.2 h1:Zxm8V5eI1hW4gGaYsJQUhxpjkENuG91ki8B4zCrvEsw=
+github.com/akavel/rsrc v0.10.2/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/akutz/memconn v0.1.0 h1:NawI0TORU4hcOMsMr11g7vwlCdkYeLKXBcxWu2W/P8A=
 github.com/akutz/memconn v0.1.0/go.mod h1:Jo8rI7m0NieZyLI5e2CDlRdRqRRB4S7Xp77ukDjH+Fw=
 github.com/alecthomas/chroma v0.9.4/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s=
@@ -1118,6 +1120,8 @@ github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqx
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+github.com/josephspurrier/goversioninfo v1.4.0 h1:Puhl12NSHUSALHSuzYwPYQkqa2E1+7SrtAPJorKK0C8=
+github.com/josephspurrier/goversioninfo v1.4.0/go.mod h1:JWzv5rKQr+MmW+LvM412ToT/IkYDZjaclF2pKDss8IY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/josharian/native v1.0.0 h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk=
 github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
diff --git a/scripts/build_go.sh b/scripts/build_go.sh
index 3a8649890174f..2d10e8233f2cf 100755
--- a/scripts/build_go.sh
+++ b/scripts/build_go.sh
@@ -32,10 +32,11 @@ os="${GOOS:-linux}"
 arch="${GOARCH:-amd64}"
 slim="${CODER_SLIM_BUILD:-0}"
 sign_darwin="${CODER_SIGN_DARWIN:-0}"
+sign_windows="${CODER_SIGN_WINDOWS:-0}"
 output_path=""
 agpl="${CODER_BUILD_AGPL:-0}"
 
-args="$(getopt -o "" -l version:,os:,arch:,output:,slim,agpl,sign-darwin -- "$@")"
+args="$(getopt -o "" -l version:,os:,arch:,output:,slim,agpl,sign-darwin,sign-windows -- "$@")"
 eval set -- "$args"
 while true; do
 	case "$1" in
@@ -68,6 +69,10 @@ while true; do
 		sign_darwin=1
 		shift
 		;;
+	--sign-windows)
+		sign_windows=1
+		shift
+		;;
 	--)
 		shift
 		break
@@ -93,6 +98,20 @@ if [[ "$sign_darwin" == 1 ]]; then
 	requiredenvs AC_CERTIFICATE_FILE AC_CERTIFICATE_PASSWORD_FILE
 fi
 
+if [[ "$sign_windows" == 1 ]]; then
+	dependencies osslsigncode
+	requiredenvs AUTHENTICODE_CERTIFICATE_FILE AUTHENTICODE_CERTIFICATE_PASSWORD_FILE
+fi
+
+if [[ "$os" == "windows" ]]; then
+	goversioninfo 	-platform-specific=true \
+					-product-version=${version} \
+					-icon=cmd/coder/coder.exe.ico \
+					-manifest=cmd/coder/coder.exe.manifest \
+					cmd/coder/versioninfo.json
+fi
+
+
 build_args=(
 	-ldflags "-s -w -X 'github.com/coder/coder/buildinfo.tag=$version'"
 )
@@ -134,4 +153,8 @@ if [[ "$sign_darwin" == 1 ]] && [[ "$os" == "darwin" ]]; then
 	execrelative ./sign_darwin.sh "$output_path" 1>&2
 fi
 
+if [[ "$sign_windows" == 1 ]] && [[ "$os" == "windows" ]]; then
+	execrelative ./sign_windows.sh "$output_path" 1>&2
+fi
+
 echo "$output_path"
diff --git a/scripts/sign_windows.sh b/scripts/sign_windows.sh
new file mode 100755
index 0000000000000..7d83ab009df72
--- /dev/null
+++ b/scripts/sign_windows.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -x
+# This script signs the provided windows binary with a X.509 certificate and
+# it's associated private key.
+#
+# Usage: ./sign_windows.sh path/to/binary
+#
+# On success, the input file will be signed using the X.509 certificate.
+#
+# You can check if a binary is signed by running the following command:
+#   osslsigncode verify path/to/binary
+#
+# Depends on the osslsigncode utility. Requires the following environment variables
+# to be set:
+#  - $AUTHENTICODE_CERTIFICATE_FILE: The path to the X5.09 certificate file.
+#  - $AUTHENTICODE_CERTIFICATE_PASSWORD_FILE: The path to the file containing the password
+#    for the X5.09 certificate.
+
+set -euo pipefail
+# shellcheck source=scripts/lib.sh
+source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
+
+# Check dependencies
+dependencies osslsigncode
+requiredenvs AUTHENTICODE_CERTIFICATE_FILE AUTHENTICODE_CERTIFICATE_PASSWORD_FILE
+
+osslsigncode sign \
+	-pkcs12 "$AUTHENTICODE_CERTIFICATE_FILE" \
+	-readpass "$AUTHENTICODE_CERTIFICATE_PASSWORD_FILE" \
+	-n "Coder" \
+	-i "https://coder.com" \
+	-t "http://timestamp.sectigo.com"
+	-in "$@" \
+	-out "$@" \
+	1>&2
+
+osslsigncodeosslsigncode verify "$@" 1>&2