-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbuild_audio.sh
More file actions
executable file
·139 lines (127 loc) · 4.58 KB
/
build_audio.sh
File metadata and controls
executable file
·139 lines (127 loc) · 4.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash
set -e
# Audio Library Hardening Build Script
# This script builds hardened versions of common audio libraries:
# - libmpg123 (MP3 decoding)
# - libopus (Opus codec)
# - libvorbis (Vorbis codec)
# - libflac (FLAC codec)
# - libsndfile (General audio I/O)
# Toolchain: clang for CET/CFI hardening
sudo apt-get update && sudo apt-get install -y build-essential clang cmake nasm \
autoconf automake libtool git pkg-config libseccomp-dev libogg-dev yasm
# =============================================================================
# METEOR TRUE FLAG PROFILE (OPTIMAL + SECURITY for defensive workloads)
# Combines OPTIMAL flags (preserves numerical precision) with SECURITY flags
# (stack protection, CFI, hardening) for defensive media processing workloads.
# =============================================================================
load_meteor_flags() {
local flags_file="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../../METEOR_TRUE_FLAGS.sh"
if [ -f "${flags_file}" ]; then
# shellcheck disable=SC1090
source "${flags_file}"
export CFLAGS="${CFLAGS_OPTIMAL} ${CFLAGS_SECURITY}"
export CXXFLAGS="${CXXFLAGS_OPTIMAL} ${CFLAGS_SECURITY}"
export LDFLAGS="${LDFLAGS_OPTIMAL} ${LDFLAGS_SECURITY}"
echo "[FLAGS] Applied METEOR TRUE OPTIMAL + SECURITY flags (defensive workload: preserves precision + hardening)"
else
# Fallback to default hardening flags
export CFLAGS="-O2 -pipe -fstack-protector-strong -D_FORTIFY_SOURCE=3 \
-fstack-clash-protection -fno-strict-overflow -fno-delete-null-pointer-checks \
-fPIE -fcf-protection=full"
export CXXFLAGS="$CFLAGS"
export LDFLAGS="-Wl,-z,relro,-z,now,-z,noexecstack,-z,separate-code -pie"
echo "[FLAGS] Using default hardening flags (METEOR_TRUE_FLAGS.sh not found)"
fi
}
load_meteor_flags
# Initialize submodules
git submodule update --init --recursive
echo "=========================================="
echo "Building hardened audio libraries..."
echo "=========================================="
# 1) libmpg123 (MP3 decoding - CRITICAL for malware prevention)
echo "[1/5] Building libmpg123 (hardened MP3 decoder)..."
if [ ! -d "mpg123" ]; then
echo "mpg123 directory not found. Attempting to install from package manager..."
sudo apt-get install -y mpg123 libmpg123-dev
echo "Note: Using system mpg123. For full hardening, manually clone:"
echo " git clone https://sourceforge.net/p/mpg123/code.git mpg123"
else
cd mpg123
make distclean || true
autoreconf -ivf
./configure CC=clang CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" \
--disable-shared --enable-static \
--prefix=/usr/local \
--disable-modules \
--disable-network \
--with-audio=dummy \
--with-default-audio=dummy
make -j"$(nproc)" && sudo make install
cd ..
fi
# 2) libogg (dependency for vorbis)
echo "[2/5] Building libogg..."
cd ogg
make distclean || true
./autogen.sh
./configure CC=clang CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" \
--disable-shared --enable-static \
--prefix=/usr/local
make -j"$(nproc)" && sudo make install
cd ..
# 3) libvorbis (Ogg Vorbis codec)
echo "[3/5] Building libvorbis (hardened Vorbis decoder)..."
cd vorbis
make distclean || true
./autogen.sh
./configure CC=clang CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" \
--disable-shared --enable-static \
--prefix=/usr/local \
--with-ogg=/usr/local
make -j"$(nproc)" && sudo make install
cd ..
# 4) libopus (Opus codec)
echo "[4/5] Building libopus (hardened Opus codec)..."
cd opus
make distclean || true
./autogen.sh
./configure CC=clang CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" \
--disable-shared --enable-static \
--prefix=/usr/local \
--disable-doc \
--disable-extra-programs
make -j"$(nproc)" && sudo make install
cd ..
# 5) libFLAC (FLAC codec)
echo "[5/5] Building libFLAC (hardened FLAC decoder)..."
cd flac
make distclean || true
./autogen.sh
./configure CC=clang CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" \
--disable-shared --enable-static \
--prefix=/usr/local \
--disable-programs \
--disable-examples \
--disable-xmms-plugin \
--disable-doxygen-docs \
--disable-ogg
make -j"$(nproc)" && sudo make install
cd ..
echo "=========================================="
echo "Audio libraries successfully built!"
echo "=========================================="
echo ""
echo "Installed hardened libraries:"
echo " - libmpg123 (MP3)"
echo " - libvorbis (Ogg Vorbis)"
echo " - libopus (Opus)"
echo " - libFLAC (FLAC)"
echo ""
echo "All libraries built with:"
echo " - Stack protector (strong)"
echo " - FORTIFY_SOURCE=3"
echo " - PIE/RELRO/NX"
echo " - Control-Flow Enforcement (CET)"
echo " - Static linking only"