On Jul 14, 2009, at 5:58 PM, Scott Selvia wrote:
I'm trying to find information regarding obfuscation and osgi
bundles. From what I have read it seems that:
1. Obfuscation breaks an osgi bundle since the packages are renamed
and the manifest entries don't match.
Obfuscation breaks *any* java system - it's not just an OSGi problem.
If you change the member package/class name/method name/variable name
through obfuscation (i.e. that's how it works). If you do this via
byte code transformations, then yes, you'll have to update the package
names that are imported in the OSGi bundles.
Any kind of naming change will affect these issues.
2. Then another option is to not rename the package names
Of course. But the issue here is that there is metadata - perhaps in
a Spring XML configuration, for example, not just in OSGi metadata -
that needs to be updated to reflect the renaming that is done via
obfuscation
3. Finally, create a library jar that is obfuscated and then create
an osgi bundle that uses the obfuscated jar.
Again, it's simply a renaming issue. Any code which refers to a
renamed member needs to be updated.
The first item I can understand, the second item I've read works but
kind of defeats the purpose of obfuscation.
Not really. It's not as if someone can't use javap and discover this
information for themselves. It's exactly the same issue.
The third item I did not think would work, since the library jar
would not have the osgi bundle entries in the manifest and then
could not be loaded via the osgi framework. The library could be
part of the classpath used when starting the framework but then that
takes the flexibility out of the picture.
So is there an option to obfuscate an osgi bundle? Any white
papers, how-to's, etc... would be appreciated
My advice is to simply not obfuscate. I was doing this back in the ST
days and it never stopped any of the people decompiling our code.
Didn't even create a speedbump in their way.
Remember, locks only keep honest people honest - e.g. see "lock
bumping": http://is.gd/1z9Xf_______________________________________________
OSGi Developer Mail List
[email protected]
https://mail.osgi.org/mailman/listinfo/osgi-dev
