ProGuard不会使用依赖项混淆JAR
我有一个项目,其中的
pom.xml
文件如下所示。当我发出命令mvn clean compile assembly:single install
时,我希望Maven生成一个JAR,它包含
- 所有依赖项和
- 我的代码的模糊版本。
它不起作用-我的代码在"有依赖项的JAR"文件中没有混淆。
当我运行mvn clean compile install
时,结果文件包含我的应用程序的模糊代码,但没有依赖项。
如何才能拥有包含所有依赖项和模糊代码的JAR文件?
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
</project>
更新1(17.01.2016 19:54 MSK):如下所示更改了ProGuard配置,但mvn clean compile assembly:single
仍生成包含未混淆类文件的JAR。
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
更新2(17.01.2016 20:29 MSK):mvn clean compile assembly:single install
失败。可以看到最后一条消息here。
解决方案
proguard-maven-plugin
将混淆项目的主要项目,而不是maven-assembly-plugin
生成的次要项目jar-with-dependencies
。
您需要通过指定injar
属性将插件配置为对jar-with-dependencies
进行模糊处理:
指定要处理的应用程序的输入JAR名称(或WAR、EAR、ZIP)。
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
现在,POM中插件的执行顺序也有一个问题:我们需要确保maven-assembly-plugin
在proguard-maven-plugin
之前执行。因此,最好为绑定到package
阶段的maven-assembly-plugin
定义显式执行,而不是使用assembly:single
从命令行手动调用它。这将是配置:
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
然后,您只需确保proguard-maven-plugin
插件配置在您的POM中之后。
完成此操作后,使用mvn clean install
调用Maven将导致带有依赖项的混淆JAR。
为了测试您的实际POM,我添加了两个存储库:
https://repo.spongepowered.org/maven
解析spongeapi
依赖项。http://maven.restlet.com
解析org.restlet.jse
依赖项。
org.restlet.ext.jackson
依赖项使用了不在构建路径上的com.sun.msv.*
类。由于我认为您的代码当前正在运行,这意味着不需要包含这些类,并且可以忽略这些警告。因此,我添加了-dontwarn
选项,以便ProGuard在出现警告时不会出错。
我能够使用依赖项成功混淆JAR的最终POM如下:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<repositories>
<repository>
<id>spongepowered</id>
<url>https://repo.spongepowered.org/maven</url>
</repository>
<repository>
<id>restlet</id>
<url>http://maven.restlet.com</url>
</repository>
</repositories>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
<configuration>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
</project>
相关文章