ProGuard不会混淆依赖关系的JAR [英] ProGuard doesn't obfuscate JAR with dependencies
问题描述
我有一个项目,下面提供了pom.xml文件.当我发出命令mvn clean compile assembly:single install时,我希望Maven生成一个JAR,其中包含
I have a project with the pom.xml file given below. When I issue the command mvn clean compile assembly:single install I want Maven to generate a JAR, which contains
- 所有依赖项和
- 我的代码的混淆版本.
它不起作用-我的代码未在"jar-with-dependencies"文件中模糊处理.
It doesn't work - my code is not obfuscated in the "jar-with-dependencies" file.
当我运行mvn clean compile install时,结果文件包含应用程序的混淆代码,但没有依赖关系.
When I run mvn clean compile install the resulting file contains obfuscated code of my application, but no dependencies.
要拥有一个具有所有依赖关系和混淆代码的JAR文件,我该怎么办?
What can I do in order to have a JAR file with all the dependencies and my obfuscated code?
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
</project>
更新1(2016年1月17日19:54 MSK):更改了ProGuard的配置,如下所示,但是mvn clean compile assembly:single仍会生成具有清晰类文件的JAR.
Update 1 (17.01.2016 19:54 MSK): Changed the ProGuard configuration like shown below, but mvn clean compile assembly:single still produces a JAR with unobfuscated class files.
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
更新2(17.01.2016 20:29 MSK): mvn clean compile assembly:single install失败.在此处
推荐答案
proguard-maven-plugin将混淆项目的主要工件,而不是maven-assembly-plugin生成的辅助工件jar-with-dependencies.
proguard-maven-plugin will obfuscate the primary artifact of your project, not the secondary artifact jar-with-dependencies that the maven-assembly-plugin generated.
You need to configure the plugin to obfuscate the jar-with-dependencies by specifying the injar attribute:
指定要处理的应用程序的输入jar名称(或wars,ears,zips).
Specifies the input jar name (or wars, ears, zips) of the application to be processed.
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
现在,在您的POM中,插件的执行顺序也存在问题:我们需要确保maven-assembly-plugin在proguard-maven-plugin之前执行.因此,最好为绑定到package阶段的maven-assembly-plugin定义显式执行,而不是使用assembly:single从命令行手动调用它.这将是配置:
Now, there is also a problem in the order of execution of plugins in your POM: we need to make sure that the maven-assembly-plugin is executed before the proguard-maven-plugin. As such, it is best to define an explicit execution for the maven-assembly-plugin bound to the package phase instead of manually invoking it from the command line with assembly:single. This would be the configuration:
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
然后,您只需要确保proguard-maven-plugin插件配置在POM中之后即可.
and then, you just need to make sure that the proguard-maven-plugin plugin configuration is after that in your POM.
这样做,用mvn clean install调用Maven将导致具有依赖性的混淆jar.
Having done that, invoking Maven with mvn clean install will result in an obfuscated jar with dependencies.
为了测试您的实际POM,我添加了两个存储库:
To test with your actual POM, I added two repositories:
-
https://repo.spongepowered.org/maven来解决spongeapi依赖性. -
http://maven.restlet.com解决org.restlet.jse依赖关系.
https://repo.spongepowered.org/mavento resolve thespongeapidependency.http://maven.restlet.comto resolve theorg.restlet.jsedependencies.
对于这2个依赖项,ProGuard会生成警告,因为org.restlet.ext.jackson依赖项利用了不在构建路径上的com.sun.msv.*类.由于我认为您的代码当前正在运行,因此这意味着不需要包含这些类,并且可以忽略这些警告.因此,我添加了-dontwarn选项,以使ProGuard在出现警告时不会出错.
With those 2 dependencies, warnings were generated by ProGuard because the org.restlet.ext.jackson dependency utilizes com.sun.msv.* classes that are not on the buildpath. Since I figure that your code is currently working, it means those classes don't need to be included and that those warnings can be ignored. As such, I added the -dontwarn option so that ProGuard doesn't error when there is a warning.
我最终能够成功混淆依赖关系的jar的以下POM是:
The final POM for which I was able to successfully obfuscate the jar with dependencies is the following:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<repositories>
<repository>
<id>spongepowered</id>
<url>https://repo.spongepowered.org/maven</url>
</repository>
<repository>
<id>restlet</id>
<url>http://maven.restlet.com</url>
</repository>
</repositories>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
<configuration>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
</project>
这篇关于ProGuard不会混淆依赖关系的JAR的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
