This project contains 2 repos: one to do a static build of opus-tools and flac and another to do a static build of mozjpeg. Each repo also contains compiled binaries. You can navigate to each repo and then go to release notes to download them.
This is simply a script to do a static build of opus-tools (and flac) on Linux. Run it inside a musl-based Linux distribution like Void or Alpine. It grabs the latest releases of libogg, libflac, libopus, and libopusfile and grabs the git masters of opus-tools and libopusenc. There is also a Dockerfile based on the script that you can run if you aren't on a musl-based Linux distribution.
The Docker workflow is
docker build docker cp <name>:/usr/local/bin/ <output_dir>
This is simply a script to do a static build of the latest git master of mozjpeg on Linux. It is somewhat nontrivial for anyone not used to CMake, so I decided to share this. You have to run it inside a musl-based Linux distribution because glibc isn't great for static linking. There is also a Dockerfile based on the script that you can run if you aren't on a musl-based Linux distribution.
The Docker workflow is
docker build docker cp <name>:/home/builder/mozjpeg/build/ <output_dir>
You can verify the integrity of the attached files with minisign or signify. First, download my public key file from one of the many places I have uploaded it: GitHub, sr.ht, mastodon, or my website. Next, compare the public keys from at least 2 different places and make sure they are identical. If they aren't, that could mean one of my accounts has been hacked. Finally, run
signify -C -p <pubkey> -x [possible prefix]SHA256SUMS.sig
<pubkey> is the public key file you downloaded and cross-checked earlier. If
you downloaded all the attached executables, you should get
Signature Verified <filename>: OK
<filename> is the name of the file(s) you are trying to verify.
If you didn't download all the attached executables, signify will complain with the word
"FAIL" after the filename, but it will still try to verify the ones that exist. If you see
"FAIL" after the name of a file that does exist, or if you see "signify: signature
verification failed", that is bad and you should delete the files you downloaded
Additionally, the binaries were built on builds.sr.ht. Read the release notes to find out where to inspect the log of the build. The script prints out the checksums for the binaries at the end so you can check them that way too.