How to compile OSS binaries to replace the versions shipped with OS X?

I want to compile new versions of openssl, bash, and similar unix tools in the same way that Apple would. I want to link against the OS's built-in libraries where possible, and I want to copy the resulting binaries into /usr/bin, replacing what Apple ships with OS X.

I am aware that this is usually a terrible idea, for two reasons:

  1. An OS X update might reinstate Apple's binaries, undoing your work and leaving your system in an unknown state.
  2. Some software may depend on the specific behavior of Apple's binaries.

Instead, it is generally recommended that mac users install custom binaries alongside Apple's system binaries. Both homebrew and MacPorts operate under this principle.

However, I'm running Mavericks, which will never receive another software update from Apple. The Apple binaries on my system have known security vulnerabilities, which IMO outweighs theoretical compatibility concerns.

Is there a standard way to go about this, or would it be different for every program? Can I somehow leverage parts of e.g. the MacPorts project to make the process easier, or do I need to install all compilation dependencies from scratch?

If this just isn't realistically feasible, I'd like to know that too.


You will need to individually check and build every program, although the process for most programs is fairly similar.

You might be able to take some inspiration from MacPorts/Homebrew in their recipes, but I doubt that you can use them 1:1 as they typically feature versions that differ greatly from the Apple supplied utilities. For example by offering GNU versions of supplied BSD utilities, or by offering something that is a completely different major version.

As an example of this, I saw that you received a comment on your question recommending you to install "openssl" for example. This can be quite tricky, as if you install "openssl", you actually get something substantially different than what Apple actually supplies with macOS today. If you run the command "openssl" on a modern Mac, you'll actually be running something called LibreSSL. You'll have to make an individual choice for each and every software package such as this to determine if you want to go with Apple's choice (LibreSSL), or a new major version of OpenSSL.

I think the most feasible route is to go to Apple's open source web site:

https://opensource.apple.com

Here'll you find the source for the utilities that came with your 10.9 system. Using that list, I would go through the sources for 10.15 and find the same programs.

This will often give you security patched versions of the same major version or at least very similar programs to the ones that came with your 10.9 system. If you're lucky, they compile without problems. In some cases, you'll run into stuff that is only supported on newer operating systems, and then you'll have to work around it by modifying the program, or going back to an older version.

All in all, it is going to be a lot of work!