如何签署我的 ProGuard ed Scala 独立 JAR?
我已经在 Scala 中构建了一个(命令行)应用程序,我想将其作为独立的 JAR 进行分发。我正在使用 sbt 构建它:
import sbt._
class Project(info: ProjectInfo) extends DefaultProject(info) with ProguardProject {
override def parallelExecution = true
override def mainClass: Option[String] = // whatever
override def libraryDependencies = Set(
// whatever
) ++ super.libraryDependencies
override def proguardOptions = List(
"-keepclasseswithmembers public class * { public static void main(java.lang.String[]); }",
"-dontoptimize",
"-dontobfuscate",
proguardKeepLimitedSerializability,
proguardKeepAllScala,
"-keep interface scala.ScalaObject"
)
}
我可以使用 sbt run 运行我的代码,并且我可以将其打包并在其上运行 ProGuard(我对混淆不感兴趣 - 该项目将是无论如何都是开源的),我只是用它来生成一个独立的 JAR)。所以,我最终得到了一个内置于 target/scala_2.8.0/ 的 .min.jar 文件,
这就是事情变得复杂的地方。如果我运行这个 JAR,我会得到:
线程“main”中出现异常 java.lang.SecurityException:Manifest 主要属性的签名文件摘要无效
好吧,我还没有签名。
因此,我自己生成一个签名密钥,如下所示:
keytool -keystore ~/.keystore -genkey -alias tom
然后,按照 Java 文档,我尝试对 JAR 进行签名:
jarsigner -signedjar [whatever].jar -keystore ~/.keystore target/scala_2.8.0/[whatever]-1.0.min.jar tom
它提示我:
Enter Passphrase for keystore:
Warning:
The signer certificate will expire within six months.
好的,没问题。现在,它肯定会运行!
$ java -jar [whatever].jar
Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
我不知道从哪里开始。我对 Java 平台还比较陌生。
I've built a (command-line) application in Scala that I want to distribute as a standalone JAR. I'm building it with sbt:
import sbt._
class Project(info: ProjectInfo) extends DefaultProject(info) with ProguardProject {
override def parallelExecution = true
override def mainClass: Option[String] = // whatever
override def libraryDependencies = Set(
// whatever
) ++ super.libraryDependencies
override def proguardOptions = List(
"-keepclasseswithmembers public class * { public static void main(java.lang.String[]); }",
"-dontoptimize",
"-dontobfuscate",
proguardKeepLimitedSerializability,
proguardKeepAllScala,
"-keep interface scala.ScalaObject"
)
}
I can run my code with sbt run fine, and I can package it and run ProGuard over it (I'm not interested in obfuscating - the project is going to be open source anyway), I'm just using it to produce a standalone JAR). So, I eventually get a .min.jar file built in target/scala_2.8.0/
This is where it gets complicated. If I run this JAR, I get:
Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
Okay, I haven't signed it.
So, I generate myself a signing key as follows:
keytool -keystore ~/.keystore -genkey -alias tom
And then, following the Java documentation, I try to sign the JAR:
jarsigner -signedjar [whatever].jar -keystore ~/.keystore target/scala_2.8.0/[whatever]-1.0.min.jar tom
It prompts me:
Enter Passphrase for keystore:
Warning:
The signer certificate will expire within six months.
Okay, that's fine. Now, surely, it'll run!
$ java -jar [whatever].jar
Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
I have no idea where to begin. I'm relatively new to the Java platform.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为您不需要 ProGuard 和签名来生成独立的 jar。您只需将所需的所有类和 META-INF 目录以及正确的类路径和主类集打包在 zip 文件中,将其重命名为 jar 即可运行。请参阅本教程。
抱歉,我没有回答你的问题,我只是不明白你为什么要在你的罐子上签名。
I don't think you need ProGuard and signing to produce a standalone jar. You can just pack all the classes you need and a META-INF directory with proper classpath and main class set in a zip file, rename it to jar and it should run. See this tutorial.
Sorry, I didn't answer your question, I just don't understand why you want to sign your jar.
我遇到了同样的问题,问题似乎是 sun 的 jar 签名是由 proguard 添加到 META-INF 目录中的。我刚刚将它们添加到过滤后的文件中:
现在它工作正常。
I ran into the same problem and it appears the problem was that sun's jar signatures were added by proguard in the META-INF directory. I just added them to the filtered files:
and it works perfectly now.