From 746e2ef9fce8f7dff35f45e3d52e7d2e1e57bd89 Mon Sep 17 00:00:00 2001 From: Jaken Herman Date: Tue, 8 Jul 2025 13:53:10 -0700 Subject: [PATCH 1/3] Added optional `fips_compliant` field to `WixConfig` This allows users to set the `-fips` flag at the `tauri.windows.conf.json` level instead of using the environment variable `TAURI_BUNDLER_WIX_FIPS_COMPLIANT`. To me this makes for smoother FIPS-compliant builds. As with other environment variables that also have config fields, the environment variable will override whatever is set in the config. --- .changes/add-fips-to-wix-config.md | 5 +++++ crates/tauri-cli/config.schema.json | 8 ++++++++ crates/tauri-cli/schema.json | 8 ++++++++ crates/tauri-cli/src/helpers/config.rs | 10 +++++++--- crates/tauri-cli/tauri.config.schema.json | 8 ++++++++ .../tauri-schema-generator/schemas/config.schema.json | 8 ++++++++ crates/tauri-utils/src/config.rs | 3 +++ crates/tauri-utils/src/config_v1/mod.rs | 3 +++ 8 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 .changes/add-fips-to-wix-config.md diff --git a/.changes/add-fips-to-wix-config.md b/.changes/add-fips-to-wix-config.md new file mode 100644 index 000000000000..c0caa251a2b2 --- /dev/null +++ b/.changes/add-fips-to-wix-config.md @@ -0,0 +1,5 @@ +--- +"@tauri-apps/tauri-utils": patch:enhance +--- + +Added optional `fips_compliant` field to `WixConfig` diff --git a/crates/tauri-cli/config.schema.json b/crates/tauri-cli/config.schema.json index 0d46677dd27c..dca9559fb9a9 100644 --- a/crates/tauri-cli/config.schema.json +++ b/crates/tauri-cli/config.schema.json @@ -2735,6 +2735,14 @@ "string", "null" ] + }, + "fipsCompliant": { + "description": "Enables FIPS compliant algorithms.", + "default": null, + "type": [ + "boolean", + "null" + ] } }, "additionalProperties": false diff --git a/crates/tauri-cli/schema.json b/crates/tauri-cli/schema.json index 1edc55e78b96..6bd2b3bc87bf 100644 --- a/crates/tauri-cli/schema.json +++ b/crates/tauri-cli/schema.json @@ -2330,6 +2330,14 @@ "string", "null" ] + }, + "fipsCompliant": { + "description": "Enables FIPS compliant algorithms.", + "default": null, + "type": [ + "boolean", + "null" + ] } }, "additionalProperties": false diff --git a/crates/tauri-cli/src/helpers/config.rs b/crates/tauri-cli/src/helpers/config.rs index 1404650c2333..94c207b0a7d4 100644 --- a/crates/tauri-cli/src/helpers/config.rs +++ b/crates/tauri-cli/src/helpers/config.rs @@ -1,4 +1,4 @@ -// Copyright 2019-2024 Tauri Programme within The Commons Conservancy +// Copyright 2019-2025 Tauri Programme within The Commons Conservancy // SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: MIT @@ -11,7 +11,7 @@ pub use tauri_utils::{config::*, platform::Target}; use std::{ collections::HashMap, - env::{current_dir, set_current_dir, set_var, var_os}, + env::{current_dir, set_current_dir, set_var}, ffi::OsStr, process::exit, sync::{Arc, Mutex, OnceLock}, @@ -70,6 +70,11 @@ pub fn wix_settings(config: WixConfig) -> tauri_bundler::WixSettings { tauri_bundler::WixSettings { version: config.version, upgrade_code: config.upgrade_code, + fips_compliant: std::env::var("TAURI_BUNDLER_WIX_FIPS_COMPLIANT") + .ok() + .map(|v| v == "true") + .or(config.fips_compliant) + .unwrap_or_default(), language: tauri_bundler::WixLanguage(match config.language { WixLanguage::One(lang) => vec![(lang, Default::default())], WixLanguage::List(languages) => languages @@ -98,7 +103,6 @@ pub fn wix_settings(config: WixConfig) -> tauri_bundler::WixSettings { enable_elevated_update_task: config.enable_elevated_update_task, banner_path: config.banner_path, dialog_image_path: config.dialog_image_path, - fips_compliant: var_os("TAURI_BUNDLER_WIX_FIPS_COMPLIANT").is_some_and(|v| v == "true"), } } diff --git a/crates/tauri-cli/tauri.config.schema.json b/crates/tauri-cli/tauri.config.schema.json index 1edc55e78b96..6bd2b3bc87bf 100644 --- a/crates/tauri-cli/tauri.config.schema.json +++ b/crates/tauri-cli/tauri.config.schema.json @@ -2330,6 +2330,14 @@ "string", "null" ] + }, + "fipsCompliant": { + "description": "Enables FIPS compliant algorithms.", + "default": null, + "type": [ + "boolean", + "null" + ] } }, "additionalProperties": false diff --git a/crates/tauri-schema-generator/schemas/config.schema.json b/crates/tauri-schema-generator/schemas/config.schema.json index 0d46677dd27c..dca9559fb9a9 100644 --- a/crates/tauri-schema-generator/schemas/config.schema.json +++ b/crates/tauri-schema-generator/schemas/config.schema.json @@ -2735,6 +2735,14 @@ "string", "null" ] + }, + "fipsCompliant": { + "description": "Enables FIPS compliant algorithms.", + "default": null, + "type": [ + "boolean", + "null" + ] } }, "additionalProperties": false diff --git a/crates/tauri-utils/src/config.rs b/crates/tauri-utils/src/config.rs index 29db41d891f0..0f46215f2f58 100644 --- a/crates/tauri-utils/src/config.rs +++ b/crates/tauri-utils/src/config.rs @@ -788,6 +788,9 @@ pub struct WixConfig { /// The required dimensions are 493px × 312px. #[serde(alias = "dialog-image-path")] pub dialog_image_path: Option, + /// Enables FIPS compliant algorithms. + #[serde(default, alias = "fips-compliant")] + pub fips_compliant: Option, } /// Compression algorithms used in the NSIS installer. diff --git a/crates/tauri-utils/src/config_v1/mod.rs b/crates/tauri-utils/src/config_v1/mod.rs index 5729e562b83c..eb5772888465 100644 --- a/crates/tauri-utils/src/config_v1/mod.rs +++ b/crates/tauri-utils/src/config_v1/mod.rs @@ -486,6 +486,9 @@ pub struct WixConfig { /// The required dimensions are 493px × 312px. #[serde(alias = "dialog-image-path")] pub dialog_image_path: Option, + /// Enables FIPS compliant algorithms. + #[serde(default, alias = "fips-compliant")] + pub fips_compliant: Option, } /// Compression algorithms used in the NSIS installer. From c445a2ad2eceb741cacfc4c57afee18493460330 Mon Sep 17 00:00:00 2001 From: FabianLars Date: Tue, 5 Aug 2025 20:11:08 +0200 Subject: [PATCH 2/3] small cleanup --- .changes/add-fips-to-wix-config.md | 4 ++-- crates/tauri-cli/config.schema.json | 13 +++++-------- crates/tauri-cli/src/helpers/config.rs | 7 +++---- .../schemas/config.schema.json | 13 +++++-------- crates/tauri-utils/src/config.rs | 7 ++++--- crates/tauri-utils/src/config_v1/mod.rs | 5 +---- 6 files changed, 20 insertions(+), 29 deletions(-) diff --git a/.changes/add-fips-to-wix-config.md b/.changes/add-fips-to-wix-config.md index c0caa251a2b2..f8a4eb4ef646 100644 --- a/.changes/add-fips-to-wix-config.md +++ b/.changes/add-fips-to-wix-config.md @@ -1,5 +1,5 @@ --- -"@tauri-apps/tauri-utils": patch:enhance +tauri-utils": minor:enhance --- -Added optional `fips_compliant` field to `WixConfig` +Added `fips_compliant` field to `WixConfig` so that it can be configured via `tauri.conf.json` as well. diff --git a/crates/tauri-cli/config.schema.json b/crates/tauri-cli/config.schema.json index fa2d491533aa..adb707224149 100644 --- a/crates/tauri-cli/config.schema.json +++ b/crates/tauri-cli/config.schema.json @@ -1071,14 +1071,14 @@ ] }, { - "description": "A policy where a web view that’s not in a window fully suspends tasks. This is usually the default behavior in case no policy is set.", + "description": "A policy where a web view that's not in a window fully suspends tasks. This is usually the default behavior in case no policy is set.", "type": "string", "enum": [ "suspend" ] }, { - "description": "A policy where a web view that’s not in a window limits processing, but does not fully suspend tasks.", + "description": "A policy where a web view that's not in a window limits processing, but does not fully suspend tasks.", "type": "string", "enum": [ "throttle" @@ -2789,12 +2789,9 @@ ] }, "fipsCompliant": { - "description": "Enables FIPS compliant algorithms.", - "default": null, - "type": [ - "boolean", - "null" - ] + "description": "Enables FIPS compliant algorithms.\n Can also be enabled via the `TAURI_BUNDLER_WIX_FIPS_COMPLIANT` env var.", + "default": false, + "type": "boolean" } }, "additionalProperties": false diff --git a/crates/tauri-cli/src/helpers/config.rs b/crates/tauri-cli/src/helpers/config.rs index 94c207b0a7d4..c8ae52f7497f 100644 --- a/crates/tauri-cli/src/helpers/config.rs +++ b/crates/tauri-cli/src/helpers/config.rs @@ -71,10 +71,9 @@ pub fn wix_settings(config: WixConfig) -> tauri_bundler::WixSettings { version: config.version, upgrade_code: config.upgrade_code, fips_compliant: std::env::var("TAURI_BUNDLER_WIX_FIPS_COMPLIANT") - .ok() - .map(|v| v == "true") - .or(config.fips_compliant) - .unwrap_or_default(), + .ok() + .map(|v| v == "true") + .unwrap_or(config.fips_compliant), language: tauri_bundler::WixLanguage(match config.language { WixLanguage::One(lang) => vec![(lang, Default::default())], WixLanguage::List(languages) => languages diff --git a/crates/tauri-schema-generator/schemas/config.schema.json b/crates/tauri-schema-generator/schemas/config.schema.json index fa2d491533aa..adb707224149 100644 --- a/crates/tauri-schema-generator/schemas/config.schema.json +++ b/crates/tauri-schema-generator/schemas/config.schema.json @@ -1071,14 +1071,14 @@ ] }, { - "description": "A policy where a web view that’s not in a window fully suspends tasks. This is usually the default behavior in case no policy is set.", + "description": "A policy where a web view that's not in a window fully suspends tasks. This is usually the default behavior in case no policy is set.", "type": "string", "enum": [ "suspend" ] }, { - "description": "A policy where a web view that’s not in a window limits processing, but does not fully suspend tasks.", + "description": "A policy where a web view that's not in a window limits processing, but does not fully suspend tasks.", "type": "string", "enum": [ "throttle" @@ -2789,12 +2789,9 @@ ] }, "fipsCompliant": { - "description": "Enables FIPS compliant algorithms.", - "default": null, - "type": [ - "boolean", - "null" - ] + "description": "Enables FIPS compliant algorithms.\n Can also be enabled via the `TAURI_BUNDLER_WIX_FIPS_COMPLIANT` env var.", + "default": false, + "type": "boolean" } }, "additionalProperties": false diff --git a/crates/tauri-utils/src/config.rs b/crates/tauri-utils/src/config.rs index 10fbf5207638..26d31c7736c9 100644 --- a/crates/tauri-utils/src/config.rs +++ b/crates/tauri-utils/src/config.rs @@ -789,8 +789,9 @@ pub struct WixConfig { #[serde(alias = "dialog-image-path")] pub dialog_image_path: Option, /// Enables FIPS compliant algorithms. + /// Can also be enabled via the `TAURI_BUNDLER_WIX_FIPS_COMPLIANT` env var. #[serde(default, alias = "fips-compliant")] - pub fips_compliant: Option, + pub fips_compliant: bool, } /// Compression algorithms used in the NSIS installer. @@ -1495,9 +1496,9 @@ impl schemars::JsonSchema for Color { pub enum BackgroundThrottlingPolicy { /// A policy where background throttling is disabled Disabled, - /// A policy where a web view that’s not in a window fully suspends tasks. This is usually the default behavior in case no policy is set. + /// A policy where a web view that's not in a window fully suspends tasks. This is usually the default behavior in case no policy is set. Suspend, - /// A policy where a web view that’s not in a window limits processing, but does not fully suspend tasks. + /// A policy where a web view that's not in a window limits processing, but does not fully suspend tasks. Throttle, } diff --git a/crates/tauri-utils/src/config_v1/mod.rs b/crates/tauri-utils/src/config_v1/mod.rs index eb5772888465..a5ca81a87f30 100644 --- a/crates/tauri-utils/src/config_v1/mod.rs +++ b/crates/tauri-utils/src/config_v1/mod.rs @@ -482,13 +482,10 @@ pub struct WixConfig { pub banner_path: Option, /// Path to a bitmap file to use on the installation user interface dialogs. /// It is used on the welcome and completion dialogs. - + /// /// The required dimensions are 493px × 312px. #[serde(alias = "dialog-image-path")] pub dialog_image_path: Option, - /// Enables FIPS compliant algorithms. - #[serde(default, alias = "fips-compliant")] - pub fips_compliant: Option, } /// Compression algorithms used in the NSIS installer. From ce78fce894f6bae764c4a51996f10d26574a4cd6 Mon Sep 17 00:00:00 2001 From: Fabian-Lars Date: Tue, 5 Aug 2025 20:13:03 +0200 Subject: [PATCH 3/3] type in changefile --- .changes/add-fips-to-wix-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changes/add-fips-to-wix-config.md b/.changes/add-fips-to-wix-config.md index f8a4eb4ef646..5385d7b9654d 100644 --- a/.changes/add-fips-to-wix-config.md +++ b/.changes/add-fips-to-wix-config.md @@ -1,5 +1,5 @@ --- -tauri-utils": minor:enhance +tauri-utils: minor:enhance --- Added `fips_compliant` field to `WixConfig` so that it can be configured via `tauri.conf.json` as well.