Mixing maven Shade with Proguard

Question

I am trying to make a complex build with Maven Shade and Proguard. The thing is that I only want to obfuscate my code and some related libraries (declared in the pom as dependencies), more libraries are present in the pom.xml but I do not want to process them with Proguard.

My current approach is the following:

Use maven shade to generate a Jar with the dependencies I want to obfuscate along with my code. (execution binded to package phase)
Use Proguard to obfuscate the code. (execution binded to package phase)
Add the missing dependencies (Storm, etc) to the final Jar via a second execution of maven shade. (execution binded to verify phase)

The thing is that in the third step (the second shade), I get in the final Jar both obfuscated packages and unobfuscated ones.

Moreover, I also tried to rename via shade the packages in the first step but the same happens, unobfuscated code along with the obfuscated renamed lives in the fat Jar.

Another thing that I tried is to exclude the unobfuscated packages in the second shade but then I do not get any code from the previous steps, only the external libraries.

Any hints or different approaches to be considered?

hi, thanks for the interest. Just solved via Proguard configuration this morning. Nevertheless, I think I need to re-study how ```Shade``` plugin works — Eingel, Oct 17 '18 at 13:46
I faced many issues with spring and shade while obfuscating using maven-proguard-plugin with multiple module project. Wish you luck. — Shailesh Chandra, Nov 13 '18 at 06:58

score 0 · Accepted Answer · answered Oct 17 '18 at 14:02

0

Just solved it via Proguard configuration, only including in the obfuscation phase those libraries that I to be obfuscated (using regular expressions for package selection).

For example:

`-keep class !com.xxx.**{**}, !com.yyyy.*{**}

Thanks

answered Oct 17 '18 at 14:02

Eingel

141
13

Mixing maven Shade with Proguard

1 Answers1