~aman/static-tools

Static builds of useful tools

305a006 Update README.

2 days ago

7541ad8 Update README.

2 days ago

#Build various encoding tools statically

This project contains 2 repos: one to do a static build of opus-tools and flac and another to do a static build of mozjpeg. Each repo also contains compiled binaries. You can navigate to each repo and then go to release notes to download them.

#Instructions

#Build opus-tools and flac statically

This is simply a script to do a static build of opus-tools (and flac) on Linux. Run it inside a musl-based Linux distribution like Void or Alpine. It grabs the latest releases of libogg, libflac, libopus, and libopusfile and grabs the git masters of opus-tools and libopusenc. There is also a Dockerfile based on the script that you can run if you aren't on a musl-based Linux distribution.

The Docker workflow is

docker build
docker cp <name>:/usr/local/bin/ <output_dir>

#Build mozjpeg statically

This is simply a script to do a static build of the latest git master of mozjpeg on Linux. It is somewhat nontrivial for anyone not used to CMake, so I decided to share this. You have to run it inside a musl-based Linux distribution because glibc isn't great for static linking. There is also a Dockerfile based on the script that you can run if you aren't on a musl-based Linux distribution.

The Docker workflow is

docker build
docker cp <name>:/home/builder/mozjpeg/build/ <output_dir>

#How to verify the binaries attached in the releases

You can verify the integrity of the attached files with minisign or signify. First, download my public key file from one of the many places I have uploaded it: GitHub, sr.ht, mastodon, or my website. Next, compare the public keys from at least 2 different places and make sure they are identical. If they aren't, that could mean one of my accounts has been hacked. Finally, run

signify -C -p <pubkey> -x [possible prefix]SHA256SUMS.sig

where <pubkey> is the public key file you downloaded and cross-checked earlier. If you downloaded all the attached executables, you should get

Signature Verified
<filename>: OK

where <filename> is the name of the file(s) you are trying to verify. If you didn't download all the attached executables, signify will complain with the word "FAIL" after the filename, but it will still try to verify the ones that exist. If you see "FAIL" after the name of a file that does exist, or if you see "signify: signature verification failed", that is bad and you should delete the files you downloaded immediately.

Additionally, the binaries were built on builds.sr.ht. Read the release notes to find out where to inspect the log of the build. The script prints out the checksums for the binaries at the end so you can check them that way too.

#Todo

MozJPEG:

  • Add a Dockerfile for the latest release when they cut a new one.

opus-tools:

  • Experiment with LTO (-flto in CFLAGS and LDFLAGS).
  • Try compiling with Clang and LLD.