It would probably be the best to obfuscate each jar separately and get the profile thingy working.
But: We have a lot of internal APIs between core and a handful of other jars that we also want to be obfuscated. This is possible by pouring them all into proguard at the same time and specifying an outputfolder for proguard. This is the setup I would like to have working with webstart. So, anyone have a hint to how I can get the webstart plugin to sign/pack200 jars that I have preprocessed? They do get included in the jnlp-file and in the zip-artefact, but they are not considered for signing/pack200 due to a timestamp analysis. I guess this timestamp analysis is made to ensure that signing/pack200 does not happen on already sigend/pack200 processed files., but it has the effect that jars I preprocess (with proguard) are not considered as well. I am thinking about dropping the pack200 step for now and signing the obfuscated jars before webstart is triggered, but I am unsure how to do this. The jar:sign expects a jar pom. So, do I have to do this with an antrun plugin? Or is there something I am overlooking? /Henrik From: Kevin Stembridge [mailto:[EMAIL PROTECTED] Sent: 22. oktober 2007 13:26 I'm not sure what you mean by 'freshly obfuscated jars'. Are you still obfuscating the jars in their own modules and installing them in a repository, then using the webstart plugin to retrieve them? I think this would be the best way to do it rather than retrieving the unobfuscated jars into a staging location and obfuscating them there. Just to summarize how I would do it: * Each module producing a jar that must be obfuscated is configured with the proguard plugin in a separate profile that is only activated for non-dev builds. * A maven 'war' project is configured with the JnlpDownloadServletMojo in two separate profiles, e.g. dev and prod. Both of these profiles are not active by default and one of them must be explicitly activated for each build. The webstart plugin in the dev build is configured to retrieve the non-obfuscated jars and the prod profile uses the obfuscated ones. * Your client module should reference your core module as a provided dependency and the webstart plugin would explicitly include the core module.
