Heat.exe doesn't support FIPS-compliant ids; it always uses MD5. It's a reasonable feature request, however, if you want to file one at http://wixtoolset.org/issues/.
Question
Let me establish some background context first. I've done everything I can do to disable fips on my system. If it's still enabled then it's so deep that not even my sysadmin here can get it out with his credentials.
Also, I've added: to every msbuild.exe.config that I can find on my system.
That being said I'm getting the dreaded:
Exception Type: System.InvalidOperationException
Stack Trace:
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
at Microsoft.Tools.WindowsInstallerXml.Common.GenerateIdentifier(String prefix, Boolean fipsCompliant, String[] args)
at Microsoft.Tools.WindowsInstallerXml.Extensions.DirectoryHarvester.HarvestDirectory(String path, String relativePath, Boolean harvestChildren)
at Microsoft.Tools.WindowsInstallerXml.Extensions.DirectoryHarvester.Harvest(String argument)
at Microsoft.Tools.WindowsInstallerXml.Harvester.Harvest(String argument)
at Microsoft.Tools.WindowsInstallerXml.Tools.Heat.Run(String[] args)
Drilling down into the code I've found that the class and method:
Microsoft.Tools.WindowsInstallerXml.Common.GenerateIdentifier
Source for above class on github
has a argument that will switch to a fips compatible algorithm. The problem is, I can't seem to figure out how to get that value through heat.exe and into it. I've tried a number of command line configurations but none seem to work.
I'm not a primary .NET developer, so it's possible missing something really obvious.
Solution 2
OTHER TIPS
This was fixed with a recent PR https://github.com/wixtoolset/wix3/pull/540
To use it you need to add the -fips
flag to your heat.exe
command line calls.
As of today it's not available in the official release but you can get it by using the development build. It only took 8 years to fix.