ilovelili / static-ffmpeg Goto Github PK

Image with ffmpeg and ffprobe binaries built as hardened static PIE binaries with no external dependencies. Can be used with any base image even scratch.

Built with openssl, iconv, libxml2, libmp3lame, libfdk-aac, libvorbis, libopus, libtheora, libvpx, libx264, libx265, libwebp, libwavpack, libspeex, libaom, libvidstab, libkvazaar, libfreetype, fontconfig, libfribidi, libass, libzimg, libsoxr, libopenjpeg, libdav1d and all default native ffmpeg codecs.

COPY --from=mwader/static-ffmpeg:4.2.2 /ffmpeg /ffprobe /usr/local/bin/

docker run --rm -u $UID:$GROUPS -v "$PWD:$PWD" -w "$PWD" mwader/static-ffmpeg:4.2.2 -i file.wav file.mp3

docker run --rm --entrypoint=/ffprobe -u $UID:$GROUPS -v "$PWD:$PWD" -w "$PWD" mwader/static-ffmpeg:4.2.2 -i file.wav

/ffmpeg ffmpeg binary
/ffprobe ffprobe binary
/doc Documentation
/versions.json JSON file with ffmpeg and library versions
/etc/ssl/cert.pem CA certs to make -tls_verify 1 -ca_file /etc/ssl/cert.pem work if running image directly

Binaries are built with various hardening features but it's probably still a good idea to run them as non-root even when used inside a container, especially so if running on input files that you don't control.

Binaries are built with TLS support but by default ffmpeg currently do not do certificate verifications. To enable verification you need to run ffmpeg with -tls_verify 1 and -ca_file /path/to/cert.pem. For alpine the ca file is included by default at /etc/ssl/cert.pem and for debian/ubuntu you have to install the ca-certificates package which will install the file at /etc/ssl/certs/ca-certificates.crt.

Feel free to create issues or PRs if you have any improvements or problems. Please also consider making a donation to the FFmpeg project or to other projects used by this image if you find it useful.