Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / 9667b18f2300e4bf0f33d3aef51d2f48bcb6778b^! / . / tools / releasetools / common.py
commit9667b18f2300e4bf0f33d3aef51d2f48bcb6778b[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Thu Dec 10 13:38:50 2015 -0800
committerAlex Klyubin <klyubin@google.com>Fri Dec 11 08:36:42 2015 -0800
tree1185d7c7ac51f2c557a4e7c0d990abbc4bc9f42e
parent6950168f1d4bd6ddfd64755c26d7de6ef3709f00 [diff] [blame]
Make signapk use Conscrypt.

This makes the signapk tool use Conscrypt (where possible) instead of
the platform-default JCA providers and the Bouncy Castle JCA provider.
This speeds up (by 10-30%) APK and OTA update signing because
Conscrypt's crypto primitives are backed by BoringSSL.

Previously, the signapk tool consisted only of the signapk.jar.
Because Conscrypt is backed by native code, signapk now consists of
signapk.jar and crypto_openjdk_jni shared library. This requires that
users of the tool be updated to provide a suitable -Djava.library.path
argument to the Java runtime. This change updates all known users of
the tool inside the Android source tree to do so.

Bug: 26097626
Change-Id: I8411b37d7f771ed99269751a3007dff103083552

diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 3b2ce72..ee0cdf9 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py

@@ -44,6 +44,7 @@
 
     self.search_path = platform_search_path.get(sys.platform, None)
     self.signapk_path = "framework/signapk.jar"  # Relative to search_path
+    self.signapk_shared_library_path = "lib64"   # Relative to search_path
     self.extra_signapk_args = []
     self.java_path = "java"  # Use the one on the path by default.
     self.java_args = "-Xmx2048m" # JVM Args
@@ -598,7 +599,12 @@
   zip file.
   """
 
-  cmd = [OPTIONS.java_path, OPTIONS.java_args, "-jar",
+  java_library_path = os.path.join(
+      OPTIONS.search_path, OPTIONS.signapk_shared_library_path)
+
+  cmd = [OPTIONS.java_path, OPTIONS.java_args,
+         "-Djava.library.path=" + java_library_path,
+         "-jar",
          os.path.join(OPTIONS.search_path, OPTIONS.signapk_path)]
   cmd.extend(OPTIONS.extra_signapk_args)
   if whole_file:
@@ -718,7 +724,8 @@
   try:
     opts, args = getopt.getopt(
         argv, "hvp:s:x:" + extra_opts,
-        ["help", "verbose", "path=", "signapk_path=", "extra_signapk_args=",
+        ["help", "verbose", "path=", "signapk_path=",
+         "signapk_shared_library_path=", "extra_signapk_args=",
          "java_path=", "java_args=", "public_key_suffix=",
          "private_key_suffix=", "boot_signer_path=", "boot_signer_args=",
          "verity_signer_path=", "verity_signer_args=", "device_specific=",
@@ -739,6 +746,8 @@
       OPTIONS.search_path = a
     elif o in ("--signapk_path",):
       OPTIONS.signapk_path = a
+    elif o in ("--signapk_shared_library_path",):
+      OPTIONS.signapk_shared_library_path = a
     elif o in ("--extra_signapk_args",):
       OPTIONS.extra_signapk_args = shlex.split(a)
     elif o in ("--java_path",):