ProGuard 不会使用依赖项混淆 JAR
ProGuard doesn't obfuscate JAR with dependencies
我有一个项目,其中包含下面给出的 pom.xml
文件。当我发出命令 mvn clean compile assembly:single install
时,我希望 Maven 生成一个 JAR,其中包含
- 所有依赖项和
- 我的代码的混淆版本。
它不起作用 - 我的代码在 "jar-with-dependencies" 文件中没有被混淆。
当我 运行 mvn clean compile install
生成的文件包含我的应用程序的混淆代码,但没有依赖项。
如何获得包含所有依赖项和混淆代码的 JAR 文件?
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
</project>
更新 1 (17.01.2016 19:54 MSK): 更改了 ProGuard 配置,如下所示,但 mvn clean compile assembly:single
仍然生成一个 JAR,其中包含未混淆的 class 个文件。
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
更新 2 (17.01.2016 20:29 MSK): mvn clean compile assembly:single install
失败。可以看到最后的留言here.
proguard-maven-plugin
将混淆项目的主要工件,而不是 maven-assembly-plugin
生成的次要工件 jar-with-dependencies
。
您需要配置插件以通过指定 injar
属性来混淆 jar-with-dependencies
:
Specifies the input jar name (or wars, ears, zips) of the application to be processed.
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
现在,您的 POM 中插件的执行顺序也存在问题:我们需要确保 maven-assembly-plugin
在 proguard-maven-plugin
之前执行。因此,最好为绑定到 package
阶段的 maven-assembly-plugin
定义显式执行,而不是使用 assembly:single
从命令行手动调用它。这将是配置:
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
然后,您只需确保 proguard-maven-plugin
插件配置在您的 POM 之后。
完成后,使用 mvn clean install
调用 Maven 将产生一个带有依赖项的模糊 jar。
为了测试您的实际 POM,我添加了两个存储库:
https://repo.spongepowered.org/maven
以解决 spongeapi
依赖关系。
http://maven.restlet.com
以解决 org.restlet.jse
依赖关系。
对于这 2 个依赖项,ProGuard 生成了警告,因为 org.restlet.ext.jackson
依赖项利用了不在构建路径上的 com.sun.msv.*
类。由于我认为您的代码当前正在运行,这意味着不需要包含那些 类 并且可以忽略这些警告。因此,我添加了 -dontwarn
选项,以便 ProGuard 在出现警告时不会出错。
我能够使用依赖项成功混淆 jar 的最终 POM 如下:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<repositories>
<repository>
<id>spongepowered</id>
<url>https://repo.spongepowered.org/maven</url>
</repository>
<repository>
<id>restlet</id>
<url>http://maven.restlet.com</url>
</repository>
</repositories>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
<configuration>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
</project>
我有一个项目,其中包含下面给出的 pom.xml
文件。当我发出命令 mvn clean compile assembly:single install
时,我希望 Maven 生成一个 JAR,其中包含
- 所有依赖项和
- 我的代码的混淆版本。
它不起作用 - 我的代码在 "jar-with-dependencies" 文件中没有被混淆。
当我 运行 mvn clean compile install
生成的文件包含我的应用程序的混淆代码,但没有依赖项。
如何获得包含所有依赖项和混淆代码的 JAR 文件?
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
</project>
更新 1 (17.01.2016 19:54 MSK): 更改了 ProGuard 配置,如下所示,但 mvn clean compile assembly:single
仍然生成一个 JAR,其中包含未混淆的 class 个文件。
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
更新 2 (17.01.2016 20:29 MSK): mvn clean compile assembly:single install
失败。可以看到最后的留言here.
proguard-maven-plugin
将混淆项目的主要工件,而不是 maven-assembly-plugin
生成的次要工件 jar-with-dependencies
。
您需要配置插件以通过指定 injar
属性来混淆 jar-with-dependencies
:
Specifies the input jar name (or wars, ears, zips) of the application to be processed.
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
现在,您的 POM 中插件的执行顺序也存在问题:我们需要确保 maven-assembly-plugin
在 proguard-maven-plugin
之前执行。因此,最好为绑定到 package
阶段的 maven-assembly-plugin
定义显式执行,而不是使用 assembly:single
从命令行手动调用它。这将是配置:
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
然后,您只需确保 proguard-maven-plugin
插件配置在您的 POM 之后。
完成后,使用 mvn clean install
调用 Maven 将产生一个带有依赖项的模糊 jar。
为了测试您的实际 POM,我添加了两个存储库:
https://repo.spongepowered.org/maven
以解决spongeapi
依赖关系。http://maven.restlet.com
以解决org.restlet.jse
依赖关系。
对于这 2 个依赖项,ProGuard 生成了警告,因为 org.restlet.ext.jackson
依赖项利用了不在构建路径上的 com.sun.msv.*
类。由于我认为您的代码当前正在运行,这意味着不需要包含那些 类 并且可以忽略这些警告。因此,我添加了 -dontwarn
选项,以便 ProGuard 在出现警告时不会出错。
我能够使用依赖项成功混淆 jar 的最终 POM 如下:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<repositories>
<repository>
<id>spongepowered</id>
<url>https://repo.spongepowered.org/maven</url>
</repository>
<repository>
<id>restlet</id>
<url>http://maven.restlet.com</url>
</repository>
</repositories>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
<configuration>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
</project>