9

如何使用 spring boot 2 和 gradle build 设置 proguard 混淆?

你好。尝试使用其 gradle 插件和 Proguard gradle 插件设置 Spring Boot 应用程序的代码混淆。Google 主要为较旧的 spring-boot-gradle-plugin 版本(即使用不存在的 bootRepackage 任务的最接近的版本)或使用 maven 插件(具有重新打包目标)提供了一些方法。

据我了解,想法是在 jar 打包之前对类进行混淆,但我在当前的 gradle 插件版本中看不到任何入口点,并且希望避免手动提取和压缩。

有人在用那个组合吗?Spring Boot 版本 >=2.0.3。

4

2 回答 2

11

我认为今天是不可能的,你必须通过手动提取和拉回来做到这一点。

手动提取和拉回的示例可能会有所帮助:

构建.gradle

version = '0.1.0'

buildscript {
    dependencies {
        classpath 'net.sf.proguard:proguard-gradle:6.0.3'
        classpath 'net.sf.proguard:proguard-base:6.0.3'
    }
}

apply plugin: 'java'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'

task extractJar(type: Copy) {
    def zipFile = file("${buildDir}/libs/your_project_name-${version}.jar")
    def outputDir = file("${buildDir}/unpacked/")

    from zipTree(zipFile)
    into outputDir
}

task proguard(type: proguard.gradle.ProGuardTask) {
    doFirst {
        tasks.extractJar.execute();
    }
    configuration 'proguard.conf'
    injars  "${buildDir}/unpacked/BOOT-INF/classes"
    outjars "${buildDir}/obfClasses"

    libraryjars "${System.getProperty('java.home')}/lib/rt.jar"
    libraryjars "${buildDir}/unpacked/BOOT-INF/lib"

    doLast {
        tasks.deleteClasses.execute();
    }
}

task deleteClasses(type: Delete) {
    delete "${buildDir}/unpacked/BOOT-INF/classes/"

    doLast {
        tasks.copyObfuscatedClasses.execute()
    }
}

task copyObfuscatedClasses(type: Copy) {
    from "${buildDir}/obfClasses"
    into "${buildDir}/unpacked/BOOT-INF/classes/"
    include 'com/**'
    include '*.properties'

    doLast {
        tasks.copyObfuscatedJars.execute()
    }
}

task copyObfuscatedJars(type: Copy) {
    from "${buildDir}/obfClasses"
    into "${buildDir}/unpacked/BOOT-INF/lib/"
    include '*.jar'

    doLast {
        tasks.deleteObfuscated.execute()
    }
}

task deleteObfuscated(type: Delete) {
    delete 'build/obfClasses'

    doLast {
        tasks.repackage.execute()
    }
}

task repackage(type: Zip) {
    from  "${buildDir}/unpacked"
    entryCompression ZipEntryCompression.STORED
    archiveName "your_project_name-${version}-obf.jar"
    destinationDir(file("${buildDir}/libs"))
}

proguard.conf

-ignorewarnings
-keepdirectories

-keep interface com.your_package.** { *; }
-keep class com.your_package.main{ *; }
-keep class com.your_package.model.** { *; }

-keepparameternames
-keepclassmembers @org.springframework.** class * {
    *;
}

-keepclassmembers @org.springframework.** interface * {
    *;
}

-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

-keep @org.springframework.** class *
-keepclassmembers @javax.** class * { *; }

-dontwarn org.springframework.**
-dontwarn javax.**
-dontwarn org.yaml.snakeyaml.**
-dontwarn okhttp3.**
于 2018-11-07T14:23:42.633 回答
4

您是否尝试过在 build.gradle 中为其编写任务?

task obfuscate(type: proguard.gradle.ProGuardTask, dependsOn: jar) {
    mustRunAfter ('javadoc')
    inputs.file  file("${jar.archivePath}")
    outputs.file file("$buildDir/proguard/${project.name}-${project.version}.jar")

    injars  "${jar.archivePath}"

    // JDK 8 and below use jars on the classpath
    if (JavaVersion.current().java8Compatible &&    !JavaVersion.current().java9Compatible) {
        println "Obfuscation inputs based on JDK 8 layout."
        libraryjars "$javaHome/lib/rt.jar"
        libraryjars "$javaHome/lib/jce.jar"
        libraryjars "$javaHome/lib/ext/jfxrt.jar"
    } else {
        // JDK 9 and above use modules on the module-path
        println "Obfuscation inputs based on JDK 9+ module layout."
        def jdkModuleList = [
            'java.base', 'java.datatransfer', 'java.desktop',
            'java.instrument', 'java.logging',
            'java.management', 'java.prefs', 'java.rmi',
            'java.scripting', 'java.xml',
            'jdk.attach'
        ]
        jdkModuleList.forEach {
            libraryjars "$javaHome/jmods/${it}.jmod", jarfilter: '!**.jar', filter: '!module-info.class'
    }
        target '10' // JDK 9 is obsolete, would target 11, but Proguard can't deal with 11's class files yet
    }
    // dependencies
    configurations.runtime.files.each {
        libraryjars it, filter: '!META-INF/versions/**'
    }
    outjars "$buildDir/proguard/${project.name}-${project.version}.jar"
    printseeds "$buildDir/proguard/proguard_seeds.txt"
    printmapping "$buildDir/proguard/proguard_map.txt"

    configuration 'src/main/proguard/configuration.pro'
}

此线程可能对您的情况有所帮助: https ://discuss.gradle.org/t/obfuscated-jars-what-are-the-best-practices/18834/6

于 2018-11-05T19:04:31.333 回答