Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feat] Allow usage of Wix extensions (FirewallException etc) #4546

Closed
betamos opened this issue Jun 30, 2022 · 3 comments
Closed

[feat] Allow usage of Wix extensions (FirewallException etc) #4546

betamos opened this issue Jun 30, 2022 · 3 comments

Comments

@betamos
Copy link
Contributor

betamos commented Jun 30, 2022

Describe the problem

On Windows, apps are typically intercepted for a user prompt when they accept incoming network connections through TCP or UDP.

I have an app targeted toward non-technical users which does not work without this. My app's sidecar is the one that does the networking. I would like a way to suppress these warnings for the intended use.

Turns out that it's supported and fairly common to add firewall rules during install through Wix directives.

First, you need to reference the schema:

<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:fire="http://schemas.microsoft.com/wix/FirewallExtension">

Then you need to add your rules to something.. I nested it within a <File> tag for my sidecar binary, but there may be other options:

<File ...>
    <fire:FirewallException Id="ArbitraryId1" Name="App Name (TCP)" Profile="all" Protocol="tcp" Scope="any" IgnoreFailure="yes" />
    <fire:FirewallException Id="ArbitraryId2" Name="App Name (UDP)" Profile="all" Protocol="udp" Scope="any" IgnoreFailure="yes" />
</File>

Finally, both candle and light needs a flag to turn on the extension:

candle.exe -ext WixFirewallExtension [...]
light.exe -ext WixFirewallExtension [...]

Describe the solution you'd like

Unclear.. It doesn't seem realistic that tauri maintains a complex structure of different options in Wix, plist etc.
It may be smart to offer flexibility, since both firewall rules and my rules in particular are quite specific use cases.

  1. For the light & candle flags, as well as the schema parts:
    a. Perhaps it's possible to simply enable all extensions by default? Or
    b. Offer a way to add wix extensions through the WixConfig object.
  2. For the actual directives:
    a. Perhaps WixConfig.fragmentPaths (or similar) already works today? It would need a way to reference template variables (the sidecar binary in my case). I don't know how to do that.
    b. Override the wsx template entirely (works today, but requires more maintenance)

Alternatives considered

No response

Additional context

No response

@feoff3
Copy link

feoff3 commented Jul 12, 2022

Upvote. I want to use a difx extension for WiX to manipulate system drivers.

@lucasfernog
Copy link
Member

lucasfernog commented Jul 12, 2022

With #4656 this is the fragment i'm using to set a firewall exception:

<?xml version="1.0" encoding="utf-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:fire="http://schemas.microsoft.com/wix/FirewallExtension">
  <Fragment>
    <DirectoryRef Id="TARGETDIR">
      <Component Id="FirewallExceptions" Guid="de95bf40-7d9c-4ee6-8c47-1a06f3b7ebe3">
        <fire:FirewallException Id="ArbitraryId1" Name="App Name (TCP)" Program="[!Path]" Profile="all" Protocol="tcp" Scope="any" />
      </Component>
    </DirectoryRef>
  </Fragment>
</Wix>

and the tauri.conf.json:

{
  "tauri": {
    "bundle": {
      "windows": {
        "wix": {
          "fragmentPaths": ["./frag.wxs"],
          "componentRefs": ["FirewallExceptions"]
        } 
      }
    }
  }
}

This adds the rule to the main binary (Path id). I'll change the bundler to produce a known ID too - right now it's a random GUID.

@betamos
Copy link
Contributor Author

betamos commented Jun 20, 2024

For anyone else: my sidecar is named pld which becomes pld.exe on Windows, with externalBin": ["../build/pld"] in tauri.conf.json.

The prefix of the file id is Bin_, so I tried a few different permutations:

  • File="Bin_pld.exe" (best)
  • Program="[#Bin_pld.exe]" (works too)
  • Program="pld.exe" (doesn't work because it needs the full abs path with C:...)

If you need to reference the main binary, you can use File="Path" instead (a bit non-descriptive name, but I just checked and it works for me).

My frag.wxs:

<?xml version="1.0" encoding="utf-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:fire="http://schemas.microsoft.com/wix/FirewallExtension">
  <Fragment>
    <DirectoryRef Id="TARGETDIR">
      <Component Id="FirewallExceptions" Guid="de95bf40-7d9c-4ee6-8c47-1a06f3b7ebe3">
        <fire:FirewallException Id="PayloadAgentTCP" File="Bin_pld.exe" Name="Payload (TCP)" Profile="all" Protocol="tcp" Scope="any" IgnoreFailure="yes" />
        <fire:FirewallException Id="PayloadAgentUDP" File="Bin_pld.exe" Name="Payload (UDP)" Profile="all" Protocol="udp" Scope="any" IgnoreFailure="yes" />
      </Component>
    </DirectoryRef>
  </Fragment>
</Wix>

Obligatory 2 year late thanks and much love to Lucas for fixing such an esoteric issue. Hope more people have use for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants