java 在构建“maven-plugin”包时如何使用 Proguard 混淆?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34706466/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I use Proguard obfuscation while building a "maven-plugin" package?
提问by Emily Mabrey
The generated output JAR of a "maven-plugin" project (using the maven-plugin-plugin) is broken by the obfuscation performed by the Proguardtool. Attempting to use the obfuscated JAR as a Maven plugin generates exceptions, such as a MojoExecutionException, which terminate the build with an error. What are the proper Proguard configuration options to allow the generation of a working "maven-plugin" JAR containing an automatically generated plugin descriptor?
“maven-plugin”项目(使用maven-plugin-plugin)生成的输出 JAR被Proguard工具执行的混淆破坏了。尝试使用混淆的 JAR 作为 Maven 插件会生成异常,例如MojoExecutionException,它会因错误而终止构建。允许生成包含自动生成的插件描述符的工作“maven-plugin”JAR 的正确 Proguard 配置选项是什么?
回答by Emily Mabrey
Basics of Maven Plugins and the Proguard Tool
Maven 插件和 Proguard 工具的基础知识
In order to generate a Maven plugin (maven packaging type "maven-plugin", which generates a JAR containing plugin specific configuration resources) we must instruct the maven-plugin-pluginon the location and name of our Mojos. Assuming a properly configured maven-plugin-plugin execution, either using annotationsor other configuration options, the generated JAR will contain a plugin.xml file within the META-INF directory at the root of the JAR. This plugin.xml file describes your plugin's goals and configurable parameters using static references to Java class and package names (you can find more information on this file here).
为了生成一个 Maven 插件(maven 打包类型“maven-plugin”,它生成一个包含插件特定配置资源的 JAR),我们必须指示maven-plugin-plugin我们的 Mojos 的位置和名称。假设正确配置了 maven-plugin-plugin 执行,使用注释或其他配置选项,生成的 JAR 将在 JAR 根目录的 META-INF 目录中包含 plugin.xml 文件。这个 plugin.xml 文件使用对 Java 类和包名称的静态引用来描述您的插件的目标和可配置参数(您可以在此处找到有关此文件的更多信息)。
Special care must be taken to incorporate obfuscation into a build of a "maven-plugin" JAR; here we explain the steps taken in using the Proguard obfuscation library. When using the default Proguard configuration for library obfuscation, the generated JAR will no longer work correctly because Proguard renames, shrinks, relocates and obfuscates important files for the Maven plugin. Attempting to use your plugin will likely result in an exception which terminates the build with an error related to the Maven runtime's inability to locate and process the plugin's configuration and class files.
必须特别注意将混淆合并到“maven-plugin”JAR 的构建中;在这里,我们解释了使用Proguard 混淆库所采取的步骤。当对库混淆使用默认的 Proguard 配置时,生成的 JAR 将不再正常工作,因为 Proguard 为 Maven 插件重命名、缩小、重新定位和混淆重要文件。尝试使用您的插件可能会导致异常终止构建,并出现与 Maven 运行时无法定位和处理插件的配置和类文件相关的错误。
With a little reconfiguration, however, we can instruct Proguard to properly maintain the generated plugin files and directory structure of your "maven-plugin" JAR. The necessary changes to the Proguard options are as follows (please see the notes regarding the following links):
然而,通过一些重新配置,我们可以指示 Proguard 正确维护生成的插件文件和“maven-plugin”JAR 的目录结构。Proguard 选项的必要更改如下(请参阅有关以下链接的说明):
Custom Proguard Configuration
自定义 Proguard 配置
Directory Structure目录结构-keepdirectories
This instructs Proguard to maintain the input JAR directory structure instead of moving all files to the root directory. Maven expects the plugin.xml file to be located within the /META-INF/maven/ directory which is preserved alongside all other directories via this option. You can filter the kept directories more specifically by specifying a directory filter, however I have chosen to indiscriminately maintain all input directory structures.
这指示 Proguard 维护输入 JAR 目录结构,而不是将所有文件移动到根目录。Maven 期望 plugin.xml 文件位于 /META-INF/maven/ 目录中,该目录通过此选项与所有其他目录一起保留。您可以通过指定目录过滤器来更具体地过滤保留的目录,但是我选择不加选择地维护所有输入目录结构。
Static Package References静态包引用-keeppackagenames org.apache.maven.plugin.my.MyMojo
You should replace the placeholder package with the package containing your Mojo definitions. If your Mojo definitions do not share a common package you should specify each unique package using multiple options as needed. If you are unsure which packages need to be kept, open your generated plugin.xml file in a text editor and examine the "implementation" elements within each "mojo" definition. The "implementation" element specifies a class via a fully qualified name. Each package component of those fully qualified class names are the packages you should be specifying. For example, my basedir-plugin contains a Mojo implementation element value of "com.github.emabrey.maven.plugins.basedir.RootDirectoryGoal", so I would write the option as -keeppackagenames com.github.emabrey.maven.plugins.basedir.
您应该将占位符包替换为包含您的 Mojo 定义的包。如果您的 Mojo 定义不共享一个公共包,您应该根据需要使用多个选项指定每个唯一的包。如果您不确定需要保留哪些包,请在文本编辑器中打开生成的 plugin.xml 文件并检查每个“mojo”定义中的“implementation”元素。“implementation”元素通过一个完全限定的名称来指定一个类。这些完全限定类名的每个包组件都是您应该指定的包。例如,我的 basedir-plugin 包含一个 Mojo 实现元素值“com.github.emabrey.maven.plugins.basedir.RootDirectoryGoal”,所以我将选项写为-keeppackagenames com.github.emabrey.maven.plugins.basedir.
-keepnames class * implements org.apache.maven.plugin.AbstractMojo
This option prevents Proguard from renaming the classes which contain the implementation of a Maven plugin Mojo. If these classes were renamed the aforementioned "implementation" elements would no longer correctly identify the classes containing a Mojo implementation.
此选项可防止 Proguard 重命名包含 Maven 插件 Mojo 实现的类。如果这些类被重命名,上述“实现”元素将不再正确识别包含 Mojo 实现的类。
Private Class Fields and Methods私有类字段和方法-keepclassmembers class * implements org.apache.maven.plugin.AbstractMojo {
private <fields>;
private <methods>;
}
This option prevents Proguard from renaming the class level methods and fields within a plugin Mojo implementation. Maven uses the names of these class fields/methods to generate the configuration elements for the plugin. If Proguard renames a field the Maven execution environment will be unable to correctly populate the Mojo implementation with the user configuration.
此选项可防止 Proguard 重命名插件 Mojo 实现中的类级别方法和字段。Maven 使用这些类字段/方法的名称来生成插件的配置元素。如果 Proguard 重命名字段,Maven 执行环境将无法使用用户配置正确填充 Mojo 实现。
Completed Proguard Configuration
完成 Proguard 配置
The full configuration for version 2.0.13 (more versions here; please see the notes regarding the plugin's version), including the default library configuration alongside the mentioned modifications, is provided here for your convenience (remember to specify the ${tool.proguard.version}property with the latest version of the proguard-base artifactand replace the placeholder package "org.apache.maven.plugin.my.MyMojo" with the appropriate value(s)):
为2.0.13版本的完整配置(更多版本在这里;请参阅关于插件的版本注释),包括默认的库配置旁边的修改提到,在这里为您提供方便(切记要指定${tool.proguard.version}与物业的最新版本proguard-base 工件并用适当的值替换占位符包“org.apache.maven.plugin.my.MyMojo”):
<!-- Configures Proguard obfuscation tool to generate an
obfuscated version of the JAR file that replaces the
default unobfuscated JAR.
-->
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.13</version>
<executions>
<execution>
<id>obfuscation-packaging</id>
<phase>package</phase>
<goals>
<goal>proguard</goal>
</goals>
<configuration>
<proguardVersion>${tool.proguard.version}</proguardVersion>
<obfuscate>true</obfuscate>
<attach>true</attach>
<appendClassifier>false</appendClassifier>
<addMavenDescriptor>true</addMavenDescriptor>
<injar>${project.build.finalName}.jar</injar>
<injarNotExistsSkip>true</injarNotExistsSkip>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<options>
<option>-keepdirectories</option>
<option>-keeppackagenames org.apache.maven.plugin.my.MyMojo</option>
<option>-keepnames class * implements org.apache.maven.plugin.AbstractMojo</option>
<option>-keepclassmembers class * implements org.apache.maven.plugin.AbstractMojo {
private <![CDATA[<fields>]]>;
private <![CDATA[<methods>]]>;
}
</option>
<option>-keepparameternames</option>
<option>-renamesourcefileattribute SourceFile</option>
<option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
</option>
<option>-target 1.8</option>
<option>-keep public class * {
public protected *;
}
</option>
<option>-keepclassmembernames class * {
java.lang.Class class$(java.lang.String);
java.lang.Class class$(java.lang.String, boolean);
}
</option>
<option>-keepclasseswithmembernames,includedescriptorclasses class * {
native <![CDATA[<methods>]]>;
}
</option>
<option>-keepclassmembers,allowoptimization enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
</option>
<option>-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
</option>
</options>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>${tool.proguard.version}</version>
</dependency>
</dependencies>
</plugin>
Notes
笔记
Link Issues (9-04-2019)
链接问题 (9-04-2019)
The Proguard website has some sort of issue that means my links to the program options are not always going to the location of the anchor the way they should be for an anchor-containing link. Simply slightly scroll upwards if you don't see the option you clicked on being initially displayed on their webpage.
Proguard 网站存在某种问题,这意味着我指向程序选项的链接并不总是像包含锚点的链接那样到达锚点的位置。如果您没有看到您点击的选项最初显示在他们的网页上,只需稍微向上滚动即可。
Version Issues of proguard-maven-plugin (9-04-2019)
proguard-maven-plugin 版本问题 (9-04-2019)
The current version of the com.github.wvengen:proguard-maven-pluginis 2.0.14as of March 2017 until the making of this edit. I will be leaving the original configuration intact with version number 2.0.13because version 2.0.14contains a potentially breaking change. It now includes the seed and map files as part of the output artifact of the final Proguard obfuscated artifact. It is unlikely that most use cases would actually have any issue consuming additional files in the artifact, but instead of ninja editing the configuration to point to 2.0.14, I am instead leaving this note and letting you evaluate which version is appropriate for your project. That said, simply altering the version to <version>2.0.14</version>should be okay, as no plugin configuration changes are noted in the commit history of version 2.0.14.
的当前版本com.github.wvengen:proguard-maven-plugin是2.0.142017年三月直到编辑的决策。我将保留带有版本号的原始配置,2.0.13因为版本2.0.14包含潜在的破坏性更改。它现在包含种子和地图文件,作为最终 Proguard 混淆工件的输出工件的一部分。大多数用例实际上不太可能在使用工件中的其他文件时出现任何问题,但我不是忍者编辑配置以指向2.0.14,而是留下此注释并让您评估哪个版本适合您的项目。也就是说,简单地将版本更改为<version>2.0.14</version>应该没问题,因为在 version 的提交历史记录中没有注意到插件配置更改2.0.14。
