Civilize MacOS with Free/Open-Source Software

Revision 4
© 2018 by Zack Smith. All rights reserved.

With MacOS, as with Windows, a great many useful free/libre open-source programs and libraries are not included with the operating system. They are missing by default, so you have to go through some effort to add them. Whereas on Windows people usually rely on Cygwin for this purpose, which lets you select and download a huge number of precompiled binaries, on the Mac people often go with Github's Homebrew or MacPorts.

The problem with downloading binaries is that, whether they are executables and libraries, there is always the risk that they can contain malware, such as spyware or worse. Few people take care to verify who it is that provided these binaries. The exact responsible person is often completely concealed. But there are many bad players out there, so you should beware. They don't want you to think critically, to be skeptical, to question at all.

Just one example: When the CIA brags that they have a presence on many developers' MacOS computers, you have to wonder. If true, how did they achieve that? Even with the wealth of information about their hacks, could there be more?

I assert that the wise choice of action is to never download binaries. Always build from source code yourself, as the Gentoo Linux project does. Herein I shall describe how this can be done.

Basic scenarios

There are four situations you will encounter when building from source code:

  1. The software builds easily, typically with a provided configure script.
  2. The software builds but this requires light-to-moderate effort because it calls for a special procedure.
  3. The software was made for whatever reason nearly impossible to build, and no one except a paid specialist would endure the horrible experience of doing a build, because it is basically a software enema. These packages are onerous to build. (Example: TOR Browser)
  4. The software is incompatible with MacOS e.g. it is Linux-only, or is abandonware, or relies on incompatible libraries. (Examples: links, gnupg)

1. Easy

Most software falls into the first category. Software in this category sometimes requires going back to an older version, because newer MacOSes break some things. The following are known to build just fine:

  • nasm-2.12.02
  • yasm-1.3.0
  • pth-2.0.7
  • npth-1.3
  • libevent-2.1.8-stable
  • lame-3.99.5
  • libpng-1.6.34
  • libtool-2.4.6
  • libiconv-1.15
  • gettext-0.19.8
  • autoconf-2.69
  • automake-1.15.1
  • coreutils-8.30
  • lzip-1.20
  • cmake-3.9.0-rc6
  • ffmpeg-3.3.4
  • jansson-2.10
  • xz-5.2.3
  • libffi-3.2.1
  • libjpeg-turbo-1.5.3
  • openjpeg-2.3.0
  • font-util-1.3.1
  • xtrans-1.3.5
  • gnuplot-5.2.4
  • libgpg-error-1.29
  • libgcrypt-1.8.2
  • libassuan-2.5.1
  • libksba-1.3.5
  • gmp-6.1.2
  • mpfr-4.0.1
  • mpc-1.1.0
  • glib-2.22.0
  • libIDL-0.8.14
  • opus-1.2.1
  • tor-
  • lynx2.8.9rel.1
  • sox
  • openfst-1.6.9
  • nettle-3.4
  • libtasn1-4.13
  • libunistring-0.9.10
  • pinentry-1.1.0
  • gnupg-2.2.10
  • gpgme-1.12.0
  • freetype-2.9
  • libdvdnav-6.0.0
  • libdvdread-6.0.0

Note that the above order is not strict. Certain packages rely on other packages so in some cases the above ordering reflects these dependencies but for the most part it doesn't.

Regarding GPG

The order of compilation is:

 usual.sh libgpg-error-1.29
 usual.sh libgcrypt-1.8.2
 usual.sh libksba-1.3.5
 usual.sh libassuan-2.5.1
 usual.sh ntbtls-0.1.2
 usual.sh npth-1.6
 usual.sh gnupg-2.2.10
 usual.sh gpgme-1.12.0

2. Moderate

Several applications require special procedures.

  • pkg-config-0.28
  • pixman-0.28.0
  • openssl
  • gnutls (requires ./configure --with-included-unistring --without-p11-kit)
  • wget-1.11.4
  • jpegsrc.v6b
  • ninja
  • wine
  • qemu-2.12.0
  • qemu-3.0.0
  • glfw-3.2.1
  • lzip-1.20
  • glib-2.58.1
  • MPlayer-1.3.0 -- requires an older ffmpeg e.g. 3.0, the latest code doesn't work.
  • WebKit -- note, this is 19 GB when built.

In addition, in order to build wine the following two must be specially built as 32-bit libraries. However this ability may have been removed in MacOS 10.14 Mojave.

  • libpng-1.6.34
  • freetype-2.9

Regarding GLIB

The latest glib is required for qemu 3.0.0. The script to build it is in the Scripts section below.

Regarding GNUTLS

This is needed for wget. It requires libunistring but after that's installed, the gnutls configure script ignores it. It requires p11-kit but this does not build on MacOS. During the final stage of gnutls installation, it fails because MacOS's sed is incompatible with GNU sed.

Regarding OpenSSL

This is needed for wget. It builds fine however wget's configure script ignores it and ignores MacOS's built-in OpenSSL.

3. Onerous

  • TOR Browser
  • Firefox
  • Xorg
  • Boost

4. Impossible

  • db-4.4.20 -- C++ headers are the problem.
  • bitcoin-0.16.2 -- relies on db.
  • links-1.03
  • FLTK
  • Dillo (relies on FLTK)
  • fam-2.7.0


The easy packages can be installed with this script:


 function failed {
  say The following failed to build: $1
 if [[ "$1" != "" ]]; then
  sudo rm -rf "$1"
  if tar xfv "$1.tar".* ; then
   if [ -d "$1" ]; then
    pushd $1
    if ./configure ; then
     sudo make clean
     if sudo nice -20 make install ; then
      echo ==================================
      failed $1
     failed $1
    sudo rm -rf $1
  sleep 1


 tar xfv glib-2.58.1.tar*
 cd glib-2.58.1
 ./configure --with-pcre
 sudo make clean
 sudo make install
 cd ..
 rm -rf glib-2.58.1


 if git clone git://git.openssl.org/openssl.git; then
  cd openssl
  ./configure darwin64-x86_64-cc
  sudo make clean
  sudo nice -20 make install
  sudo make clean
  cd ..
  rm -rf openssl


Compile the AVR toolchain on MacOS