Civilize MacOS with Free/Open-Source Software

Revision 12
© 2018-2019 by Zack Smith. All rights reserved.


With MacOS, as with Windows, a great many useful free/libre open-source programs and libraries are not included with the operating system. They are missing by default, so you have to go through some effort to add them. For some people, these are essential tools and to go without them is a hardship, like going without paved roads or clean drinking water. Sure, you can probably find a paid equivalent in the App Store, but this is like arguing you can always take a toll road or buy bottled water. If installation a free program is not a large inconvenience, or a security risk, might as well.

Installation strategy

The number of missing free/libre programs and libraries is huge and many dependencies exist. It's an ecosystem, after all.

On Windows people usually rely on Cygwin for this, which lets you select and download a huge number of precompiled binaries and takes care of dependencies quite nicely.

On the Mac people often go with Homebrew but this is owned by Github i.e. Microsoft. Not the most trustworthy source. Or there is MacPorts.

But let's question an assumption. Are binaries a good thing to download? The problem with downloading binaries is that, whether they are executables and libraries, there is always the risk that they can contain malware, such as spyware or worse. Few people take the effort to verify who it is that provided these binaries. The exact responsible person is often completely concealed. Fewer people are in a position to say whether the server hosting them was hacked and the binaries replaced with malware-infected files. But there are many bad players out there, so you should beware. They don't want you to think critically, to be skeptical, to question at all.

Just one example: The CIA once bragged that they have a presence on many iOS developers' Macs. So you have to wonder. If that is true, how did they achieve it? Which developer computers were compromised?

Some clues:

I assert that the wise choice of action is to never download binaries and always build from source code. Always download source code yourself from the official site, as the Gentoo Linux project does. Herein I shall describe how this can be done.

Basic scenarios

There are four situations you will encounter when building from source code:

  1. The software builds easily, typically with a provided configure script.
  2. The software builds but this requires light-to-moderate effort because it calls for a special procedure.
  3. The software was made for whatever reason nearly impossible to build, and no one except a paid specialist would endure the horrible experience of doing a build, because it is basically a software enema. These packages are onerous to build. (Example: TOR Browser)
  4. The software is incompatible with MacOS e.g. it is Linux-only, or is abandonware, or relies on incompatible libraries. (Examples: links, gnupg)

1a. Easy (using configure)

Most software falls into the first category. Software in this category sometimes requires using an older version, because newer MacOSes break some things. The following seem build just fine using my installer usual.sh:

 function failed {
  say The following failed to build: $1
 if [[ "$1" == "" ]]; then
  echo Missing parameter.
 if [[ "$1" == *.tar.* ]]; then
  say Please exclude the dot tar suffix.
  sudo rm -rf "$1"
  if tar xfv "$1.tar".* ; then
   if pushd "$1" ; then
    if ./configure ; then
     sudo make clean
     if sudo nice -20 make install ; then
      echo ==================================
      failed $1
     failed $1
    sudo rm -rf $1
  sleep 1

  • nasm-2.12.02
  • yasm-1.3.0
  • pth-2.0.7
  • npth-1.3
  • ncurses-6.1
  • libevent-2.1.8-stable
  • lame-3.99.5
  • libpng-1.6.34
  • libtool-2.4.6
  • libiconv-1.15
  • gettext-0.19.8
  • libxml2-2.9.8
  • autoconf-2.69
  • automake-1.15.1
  • coreutils-8.30
  • lzip-1.20
  • cmake-3.9.0-rc6
  • sox-14.4.2
  • libsndfile-1.0.28
  • libogg-1.3.3
  • libvorbis-1.3.6 # requires ogg
  • libtheora-1.1.1
  • libvpx-1.7.0
  • ffmpeg-3.3.4
  • jansson-2.10
  • xz-5.2.3
  • libffi-3.2.1
  • libjpeg-turbo-1.5.3
  • openjpeg-2.3.0
  • font-util-1.3.1
  • fontconfig-2.8.0 # later versions do not build.
  • xtrans-1.3.5
  • SDL2-2.0.9
  • gnuplot-5.2.4
  • libgpg-error-1.29
  • libgcrypt-1.8.2
  • libassuan-2.5.1
  • libksba-1.3.5
  • libsodium-1.0.16
  • gmp-6.1.2
  • mpfr-4.0.1
  • mpc-1.1.0
  • glib-2.22.0
  • libIDL-0.8.14
  • opus-1.2.1
  • tor-
  • lynx2.8.9rel.1
  • openfst-1.6.9
  • nettle-3.4
  • libtasn1-4.13
  • libunistring-0.9.10
  • pinentry-1.1.0
  • gnupg-2.2.10
  • gpgme-1.12.0
  • freetype-2.9
  • libdvdnav-6.0.0
  • libdvdread-6.0.0
  • fftw-3.3.8
  • yaml-0.2.1
  • libedit-20181209-3.1
  • re2c-1.1.1
  • icu (requires renaming)
  • ptlib-2.10.11
  • gawk-4.2.1

Note that the above order is not strict. Certain packages rely on other packages so in some cases the above ordering reflects these dependencies but for the most part it doesn't.

About ICU

The International Components for Unicode package has to be renamed to from icu*tgz to icu.tar.gz for the above script to accept it.

1b. Easy (using cmake)

Lots of programs don't have a configure script but rather use cmake. For this purpose, a revised installer is needed, which I call usualc.sh:

 function failed {
  say The following failed to build: $1
 if [[ "$1" == "" ]]; then
  echo Missing parameter.
 if [[ "$1" == *.tar.* ]]; then
  say Please exclude the dot tar suffix.
 sudo rm -rf "$1"
 if tar xfv "$1.tar".* ; then
  if pushd "$1" ; then
   echo ================================== \[OK\]
   cmake .
   make clean
   sudo make install
   sudo rm -rf "$1"
 sleep 1

This script works for these:

  • usualc.sh libzip-1.5.1
  • usualc.sh glfw-3.2.1
  • usualc.sh openjpeg-2.3.0

Regarding GPG

This is easy but it's sensitive to the order of compilation, which is:

 usual.sh libgpg-error-1.29
 usual.sh libgcrypt-1.8.2
 usual.sh libksba-1.3.5
 usual.sh libassuan-2.5.1
 usual.sh ntbtls-0.1.2
 usual.sh npth-1.6
 usual.sh gnupg-2.2.10
 usual.sh gpgme-1.12.0

2. Moderate

Several applications require special procedures.

  • z3-4.8.4
    • Requires: ./configure; cd build; sudo make install
  • pkg-config-0.28
    • Requires ./configure --with-internal-glib
  • pixman-0.28.0
    • Requires ./configure --disable-mmx
  • wget-1.11.4
    • Requires ./configure --without-ssl
  • gnutls
    • Requires ./configure --with-included-unistring --without-p11-kit)
  • qemu-3.0.0
    • Requires ./configure --enable-cocoa --target-list=i386-softmmu,x86_64-softmmu --audio-drv-list=coreaudio
  • openssl
  • jpegsrc.v6b
  • ninja
  • glfw-3.2.1
  • glib-2.58.1 (see script below)
  • htop (see script below)
  • MPlayer-1.3.0 -- requires an older ffmpeg e.g. 3.0, the latest code doesn't work.
  • WebKit -- note, this is 19 GB when built.

Regarding GoogleTest

To build 1.8.1:

 tar xfv googletest-release-1.8.1.tar.gz
 cd googletest-release-1.8.1
 libtoolize --force
 automake --force-missing --add-missing
 cmake .
 make clean
 sudo make install
 cd ..
 rm -rf googletest-release-1.8.1

Regarding GLIB

The latest glib is required for qemu 3.0.0. The script to build it is in the Scripts section below.

Regarding GNUTLS

This is needed for wget. It requires libunistring but after that's installed, the gnutls configure script ignores it. It requires p11-kit but this does not build on MacOS. During the final stage of gnutls installation, it fails because MacOS's sed is incompatible with GNU sed.

Regarding OpenSSL

This is needed for wget. It builds fine however wget's configure script ignores it and ignores MacOS's built-in OpenSSL.

3. Onerous

  • GTK
  • TOR Browser
  • Firefox
  • Xorg
  • Boost
  • rawtherapee (depends on GTK)

4. Impossible

  • db-4.4.20 -- C++ headers are the problem.
  • bitcoin-0.16.2 -- relies on db.
  • links-1.03
  • FLTK
  • Dillo (relies on FLTK)
  • fam-2.7.0
  • wine -- requires 32-bit executables, which as of MacOS Mojave maybe aren't allowed.



 tar xfv $HT*.gz
 cd $HT
 sudo make clean
 sudo make install
 cd ..
 rm -rf $HT


 tar xfv glib-2.58.1.tar*
 cd glib-2.58.1
 ./configure --with-pcre
 sudo make clean
 sudo make install
 cd ..
 rm -rf glib-2.58.1


 if git clone git://git.openssl.org/openssl.git; then
  cd openssl
  ./configure darwin64-x86_64-cc
  sudo make clean
  sudo nice -20 make install
  sudo make clean
  cd ..
  rm -rf openssl


Compile the AVR toolchain on MacOS