ProGuard不会混淆依赖关系的JAR [英] ProGuard doesn't obfuscate JAR with dependencies
问题描述
我有一个项目,下面提供了pom.xml
文件.当我发出命令mvn clean compile assembly:single install
时,我希望Maven生成一个JAR,其中包含
I have a project with the pom.xml
file given below. When I issue the command mvn clean compile assembly:single install
I want Maven to generate a JAR, which contains
- 所有依赖项和
- 我的代码的混淆版本.
它不起作用-我的代码未在"jar-with-dependencies"文件中模糊处理.
It doesn't work - my code is not obfuscated in the "jar-with-dependencies" file.
当我运行mvn clean compile install
时,结果文件包含应用程序的混淆代码,但没有依赖关系.
When I run mvn clean compile install
the resulting file contains obfuscated code of my application, but no dependencies.
要拥有一个具有所有依赖关系和混淆代码的JAR文件,我该怎么办?
What can I do in order to have a JAR file with all the dependencies and my obfuscated code?
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
</project>
更新1(2016年1月17日19:54 MSK):更改了ProGuard的配置,如下所示,但是mvn clean compile assembly:single
仍会生成具有清晰类文件的JAR.
Update 1 (17.01.2016 19:54 MSK): Changed the ProGuard configuration like shown below, but mvn clean compile assembly:single
still produces a JAR with unobfuscated class files.
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
更新2(17.01.2016 20:29 MSK): mvn clean compile assembly:single install
失败.在此处
推荐答案
proguard-maven-plugin
将混淆项目的主要工件,而不是maven-assembly-plugin
生成的辅助工件jar-with-dependencies
.
proguard-maven-plugin
will obfuscate the primary artifact of your project, not the secondary artifact jar-with-dependencies
that the maven-assembly-plugin
generated.
You need to configure the plugin to obfuscate the jar-with-dependencies
by specifying the injar
attribute:
指定要处理的应用程序的输入jar名称(或wars,ears,zips).
Specifies the input jar name (or wars, ears, zips) of the application to be processed.
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
现在,在您的POM中,插件的执行顺序也存在问题:我们需要确保maven-assembly-plugin
在proguard-maven-plugin
之前执行.因此,最好为绑定到package
阶段的maven-assembly-plugin
定义显式执行,而不是使用assembly:single
从命令行手动调用它.这将是配置:
Now, there is also a problem in the order of execution of plugins in your POM: we need to make sure that the maven-assembly-plugin
is executed before the proguard-maven-plugin
. As such, it is best to define an explicit execution for the maven-assembly-plugin
bound to the package
phase instead of manually invoking it from the command line with assembly:single
. This would be the configuration:
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
然后,您只需要确保proguard-maven-plugin
插件配置在POM中之后即可.
and then, you just need to make sure that the proguard-maven-plugin
plugin configuration is after that in your POM.
这样做,用mvn clean install
调用Maven将导致具有依赖性的混淆jar.
Having done that, invoking Maven with mvn clean install
will result in an obfuscated jar with dependencies.
为了测试您的实际POM,我添加了两个存储库:
To test with your actual POM, I added two repositories:
-
https://repo.spongepowered.org/maven
来解决spongeapi
依赖性. -
http://maven.restlet.com
解决org.restlet.jse
依赖关系.
https://repo.spongepowered.org/maven
to resolve thespongeapi
dependency.http://maven.restlet.com
to resolve theorg.restlet.jse
dependencies.
对于这2个依赖项,ProGuard会生成警告,因为org.restlet.ext.jackson
依赖项利用了不在构建路径上的com.sun.msv.*
类.由于我认为您的代码当前正在运行,因此这意味着不需要包含这些类,并且可以忽略这些警告.因此,我添加了-dontwarn
选项,以使ProGuard在出现警告时不会出错.
With those 2 dependencies, warnings were generated by ProGuard because the org.restlet.ext.jackson
dependency utilizes com.sun.msv.*
classes that are not on the buildpath. Since I figure that your code is currently working, it means those classes don't need to be included and that those warnings can be ignored. As such, I added the -dontwarn
option so that ProGuard doesn't error when there is a warning.
我最终能够成功混淆依赖关系的jar的以下POM是:
The final POM for which I was able to successfully obfuscate the jar with dependencies is the following:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<repositories>
<repository>
<id>spongepowered</id>
<url>https://repo.spongepowered.org/maven</url>
</repository>
<repository>
<id>restlet</id>
<url>http://maven.restlet.com</url>
</repository>
</repositories>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
<configuration>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
</project>
这篇关于ProGuard不会混淆依赖关系的JAR的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!