如何使用Spring Boot 2和Gradle构建设置Proguard混淆?
你好尝试使用gradle插件和Proguard gradle插件设置Spring Boot应用程序的代码混淆。 Google大多为旧版的spring-boot-gradle-plugin版本提供了一些方法(即this closest one使用不存在的bootRepackage任务)或使用maven插件(具有重新打包的目标)。
据我所知,想法是在jar打包之前混淆类,但是在当前gradle插件版本中看不到任何入口点,并且希望避免手动提取和回退。
有人在使用那个组合吗? Spring Boot版本> = 2.0.3。
答案 0 :(得分:3)
您是否尝试过在build.gradle中为其编写任务?
task obfuscate(type: proguard.gradle.ProGuardTask, dependsOn: jar) {
mustRunAfter ('javadoc')
inputs.file file("${jar.archivePath}")
outputs.file file("$buildDir/proguard/${project.name}-${project.version}.jar")
injars "${jar.archivePath}"
// JDK 8 and below use jars on the classpath
if (JavaVersion.current().java8Compatible && !JavaVersion.current().java9Compatible) {
println "Obfuscation inputs based on JDK 8 layout."
libraryjars "$javaHome/lib/rt.jar"
libraryjars "$javaHome/lib/jce.jar"
libraryjars "$javaHome/lib/ext/jfxrt.jar"
} else {
// JDK 9 and above use modules on the module-path
println "Obfuscation inputs based on JDK 9+ module layout."
def jdkModuleList = [
'java.base', 'java.datatransfer', 'java.desktop',
'java.instrument', 'java.logging',
'java.management', 'java.prefs', 'java.rmi',
'java.scripting', 'java.xml',
'jdk.attach'
]
jdkModuleList.forEach {
libraryjars "$javaHome/jmods/${it}.jmod", jarfilter: '!**.jar', filter: '!module-info.class'
}
target '10' // JDK 9 is obsolete, would target 11, but Proguard can't deal with 11's class files yet
}
// dependencies
configurations.runtime.files.each {
libraryjars it, filter: '!META-INF/versions/**'
}
outjars "$buildDir/proguard/${project.name}-${project.version}.jar"
printseeds "$buildDir/proguard/proguard_seeds.txt"
printmapping "$buildDir/proguard/proguard_map.txt"
configuration 'src/main/proguard/configuration.pro'
}
此线程可能对您的情况有所帮助: https://discuss.gradle.org/t/obfuscated-jars-what-are-the-best-practices/18834/6
答案 1 :(得分:2)
我认为今天是不可能的,您必须手动提取并拉回拉链。
一个手动提取和压缩后的示例可能会有所帮助:
build.gradle
version = '0.1.0'
buildscript {
dependencies {
classpath 'net.sf.proguard:proguard-gradle:6.0.3'
classpath 'net.sf.proguard:proguard-base:6.0.3'
}
}
apply plugin: 'java'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
task extractJar(type: Copy) {
def zipFile = file("${buildDir}/libs/your_project_name-${version}.jar")
def outputDir = file("${buildDir}/unpacked/")
from zipTree(zipFile)
into outputDir
}
task proguard(type: proguard.gradle.ProGuardTask) {
doFirst {
tasks.extractJar.execute();
}
configuration 'proguard.conf'
injars "${buildDir}/unpacked/BOOT-INF/classes"
outjars "${buildDir}/obfClasses"
libraryjars "${System.getProperty('java.home')}/lib/rt.jar"
libraryjars "${buildDir}/unpacked/BOOT-INF/lib"
doLast {
tasks.deleteClasses.execute();
}
}
task deleteClasses(type: Delete) {
delete "${buildDir}/unpacked/BOOT-INF/classes/"
doLast {
tasks.copyObfuscatedClasses.execute()
}
}
task copyObfuscatedClasses(type: Copy) {
from "${buildDir}/obfClasses"
into "${buildDir}/unpacked/BOOT-INF/classes/"
include 'com/**'
include '*.properties'
doLast {
tasks.copyObfuscatedJars.execute()
}
}
task copyObfuscatedJars(type: Copy) {
from "${buildDir}/obfClasses"
into "${buildDir}/unpacked/BOOT-INF/lib/"
include '*.jar'
doLast {
tasks.deleteObfuscated.execute()
}
}
task deleteObfuscated(type: Delete) {
delete 'build/obfClasses'
doLast {
tasks.repackage.execute()
}
}
task repackage(type: Zip) {
from "${buildDir}/unpacked"
entryCompression ZipEntryCompression.STORED
archiveName "your_project_name-${version}-obf.jar"
destinationDir(file("${buildDir}/libs"))
}
proguard.conf
-ignorewarnings
-keepdirectories
-keep interface com.your_package.** { *; }
-keep class com.your_package.main{ *; }
-keep class com.your_package.model.** { *; }
-keepparameternames
-keepclassmembers @org.springframework.** class * {
*;
}
-keepclassmembers @org.springframework.** interface * {
*;
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep @org.springframework.** class *
-keepclassmembers @javax.** class * { *; }
-dontwarn org.springframework.**
-dontwarn javax.**
-dontwarn org.yaml.snakeyaml.**
-dontwarn okhttp3.**