Added optional fips_compliant field to WixConfig

JakenHerman · JakenHerman · commit 746e2ef9fce8 · 2025-07-09T13:56:06.000-07:00
This allows users to set the `-fips` flag at the `tauri.windows.conf.json` level instead of using the environment variable `TAURI_BUNDLER_WIX_FIPS_COMPLIANT`. To me this makes for smoother FIPS-compliant builds.

As with other environment variables that also have config fields, the environment variable will override whatever is set in the config.
diff --git a/.changes/add-fips-to-wix-config.md b/.changes/add-fips-to-wix-config.md
@@ -0,0 +1,5 @@
+---
+"@tauri-apps/tauri-utils": patch:enhance
+---
+
+Added optional `fips_compliant` field to `WixConfig`
diff --git a/crates/tauri-cli/config.schema.json b/crates/tauri-cli/config.schema.json
@@ -2735,6 +2735,14 @@
             "string",
             "null"
           ]
+        },
+        "fipsCompliant": {
+          "description": "Enables FIPS compliant algorithms.",
+          "default": null,
+          "type": [
+            "boolean",
+            "null"
+          ]
         }
       },
       "additionalProperties": false
diff --git a/crates/tauri-cli/schema.json b/crates/tauri-cli/schema.json
@@ -2330,6 +2330,14 @@
             "string",
             "null"
           ]
+        },
+        "fipsCompliant": {
+          "description": "Enables FIPS compliant algorithms.",
+          "default": null,
+          "type": [
+            "boolean",
+            "null"
+          ]
         }
       },
       "additionalProperties": false
diff --git a/crates/tauri-cli/src/helpers/config.rs b/crates/tauri-cli/src/helpers/config.rs
@@ -1,4 +1,4 @@
-// Copyright 2019-2024 Tauri Programme within The Commons Conservancy
+// Copyright 2019-2025 Tauri Programme within The Commons Conservancy
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT
 
@@ -11,7 +11,7 @@ pub use tauri_utils::{config::*, platform::Target};
 
 use std::{
   collections::HashMap,
-  env::{current_dir, set_current_dir, set_var, var_os},
+  env::{current_dir, set_current_dir, set_var},
   ffi::OsStr,
   process::exit,
   sync::{Arc, Mutex, OnceLock},
@@ -70,6 +70,11 @@ pub fn wix_settings(config: WixConfig) -> tauri_bundler::WixSettings {
   tauri_bundler::WixSettings {
     version: config.version,
     upgrade_code: config.upgrade_code,
+    fips_compliant: std::env::var("TAURI_BUNDLER_WIX_FIPS_COMPLIANT")
+    .ok()
+    .map(|v| v == "true")
+    .or(config.fips_compliant)
+    .unwrap_or_default(),
     language: tauri_bundler::WixLanguage(match config.language {
       WixLanguage::One(lang) => vec![(lang, Default::default())],
       WixLanguage::List(languages) => languages
@@ -98,7 +103,6 @@ pub fn wix_settings(config: WixConfig) -> tauri_bundler::WixSettings {
     enable_elevated_update_task: config.enable_elevated_update_task,
     banner_path: config.banner_path,
     dialog_image_path: config.dialog_image_path,
-    fips_compliant: var_os("TAURI_BUNDLER_WIX_FIPS_COMPLIANT").is_some_and(|v| v == "true"),
   }
 }
 
diff --git a/crates/tauri-cli/tauri.config.schema.json b/crates/tauri-cli/tauri.config.schema.json
@@ -2330,6 +2330,14 @@
             "string",
             "null"
           ]
+        },
+        "fipsCompliant": {
+          "description": "Enables FIPS compliant algorithms.",
+          "default": null,
+          "type": [
+            "boolean",
+            "null"
+          ]
         }
       },
       "additionalProperties": false
diff --git a/crates/tauri-schema-generator/schemas/config.schema.json b/crates/tauri-schema-generator/schemas/config.schema.json
@@ -2735,6 +2735,14 @@
             "string",
             "null"
           ]
+        },
+        "fipsCompliant": {
+          "description": "Enables FIPS compliant algorithms.",
+          "default": null,
+          "type": [
+            "boolean",
+            "null"
+          ]
         }
       },
       "additionalProperties": false
diff --git a/crates/tauri-utils/src/config.rs b/crates/tauri-utils/src/config.rs
@@ -788,6 +788,9 @@ pub struct WixConfig {
   /// The required dimensions are 493px × 312px.
   #[serde(alias = "dialog-image-path")]
   pub dialog_image_path: Option<PathBuf>,
+  /// Enables FIPS compliant algorithms.
+  #[serde(default, alias = "fips-compliant")]
+  pub fips_compliant: Option<bool>,
 }
 
 /// Compression algorithms used in the NSIS installer.
diff --git a/crates/tauri-utils/src/config_v1/mod.rs b/crates/tauri-utils/src/config_v1/mod.rs
@@ -486,6 +486,9 @@ pub struct WixConfig {
   /// The required dimensions are 493px × 312px.
   #[serde(alias = "dialog-image-path")]
   pub dialog_image_path: Option<PathBuf>,
+  /// Enables FIPS compliant algorithms.
+  #[serde(default, alias = "fips-compliant")]
+  pub fips_compliant: Option<bool>,
 }
 
 /// Compression algorithms used in the NSIS installer.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@tauri-apps/tauri-utils": patch:enhance
 +---
++
 +Added optional `fips_compliant` field to `WixConfig`
Original file line number	Diff line number	Diff line change
`@@ -788,6 +788,9 @@ pub struct WixConfig {`
`788`	`788`	`/// The required dimensions are 493px × 312px.`
`789`	`789`	`#[serde(alias = "dialog-image-path")]`
`790`	`790`	`pub dialog_image_path: Option<PathBuf>,`
	`791`	`+ /// Enables FIPS compliant algorithms.`
	`792`	`+ #[serde(default, alias = "fips-compliant")]`
	`793`	`+ pub fips_compliant: Option<bool>,`
`791`	`794`	`}`
`792`	`795`
`793`	`796`	`/// Compression algorithms used in the NSIS installer.`
Original file line number	Diff line number	Diff line change
`@@ -486,6 +486,9 @@ pub struct WixConfig {`
`486`	`486`	`/// The required dimensions are 493px × 312px.`
`487`	`487`	`#[serde(alias = "dialog-image-path")]`
`488`	`488`	`pub dialog_image_path: Option<PathBuf>,`
	`489`	`+ /// Enables FIPS compliant algorithms.`
	`490`	`+ #[serde(default, alias = "fips-compliant")]`
	`491`	`+ pub fips_compliant: Option<bool>,`
`489`	`492`	`}`
`490`	`493`
`491`	`494`	`/// Compression algorithms used in the NSIS installer.`