volks73/cargo-wix

Can not add a Firewall Exception

Closed this issue ยท 7 comments

I have written a Rust program that runs as a Windows service and listens on port 3000 for HTTP calls via axum.

Everything works fine. I have cargo-wix creating an .msi file that installs the program, creates and starts the service. The last thing I need is to have the Windows Defender Firewall allow port 3000 to be accessible.

I have modified the top XML element to include the schema:

<Wix xmlns='http://schemas.microsoft.com/wix/2006/wi' xmlns:fire='http://schemas.microsoft.com/wix/FirewallExtension'>

And added this inside the <File> element of the .exe:

<fire:FirewallException
    Id="FWX1" 
    Name="Allow My Application Through Firewall"
    Port="3000" 
    Protocol="tcp"
    Scope="any"/>

However when I run cargo wix -C -ext -C WixFirewallExtension --nocapture I get the following error:

light.exe : error LGHT0182 : Cannot find the table definitions for the 'WixFirewallException' table.  This is likely due to a typing error or missing extension.  Please ensure all the necessary extensions are supplied on the command line with the -ext parameter.

Any assistance would be appreciated.

While it sounds like you were able to get pretty far with the cargo wix utility, I am sorry you are encountering an issue with adding a firewall configuration through the WixFirewallExtension. Unfortunately, I am not familiar with the WixFirewallExtension.

I think you need to use the -L,--linker-arg instead of the -C,--compiler-arg. The error message is from light.exe which is the "linker" while candle.exe is the compiler. The -C arguments are passed to the compiler and the -L arguments are passed to the linker.

The next debugging step is to execute the light.exe command "manually" without the cargo wix subcommand and see if you can build the MSI without this subcommand getting in the way.

@volks73 -- Brilliant!!! I was so close. Reading your docs I did see the -L,--linker-arg and tried that in place of -C,--compiler-arg.

What I failed to notice, is that it was a DIFFERENT error, this one complaining about candle. So...

cargo wix -C -ext -C WixFirewallExtension -L -ext -L WixFirewallExtension and everything works like a charm!!!

Great! I am happy to hear you were able to get the extension to eventually work. Extensions can be for the compiler (candle.exe), the linker (light.exe), or both. The WixFirewallExtension appears to be needed for both.

In the past, I have also wanted to distribute applications as Windows services. Are you able to share your project so others, myself included, can see how you built the MSI for a Windows service?

I am going to close this issue.

I can not share this exact project as it is an internal company project, but over the weekend I can throw something together that is basically a ping axum server. The key for me was the windows_service crate. So between your work and theirs, I was able to piece something together.

As an aside, I head up a team that uses Linux w/ Rust, Go, JavaScript, and Python for a SaaS company. A sales guy promised a client we could build this one HTTP listener that could run a Stored Procedure in their MS SQL Server database that we would hit via site-to-site VPN. They of course did not want to give us direct access to the DB outside a controlled endpoint. So, as I would rather saw off both my hands then write C#, I found your guys two crates and said, "I can pull this off in Rust."

@volks73 Feel free to checkout a mock of what I did. Hope it helps and thanks for the crate, would have never gotten through WiX as quickly on my own.

@devinstewart Awesome! Thank you for sharing the project. Nicely organized, and very easy to read. I happy cargo-wix worked so well for you. You might be able to add the -L and -C options to the Cargo.toml file under a [package.metadata.wix] section so you do not need to always pass the arguments for every build of the MSI.

See the Configuration section in the documentation. The compiler-args and linker-args fields are supported as arrays.

Thanks! Done and done.