├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── issue-running-docker-osx.md │ └── open-an-issue.md └── workflows │ └── docker-build.yml ├── .gitmodules ├── CHANGELOG.md ├── CREDITS.md ├── Dockerfile ├── Dockerfile.auto ├── Dockerfile.naked ├── Dockerfile.naked-auto ├── FAQ.md ├── LICENSE ├── README.md ├── Youtube-Screenshot-Docker-OSX-Setup.png ├── Youtube-USBFLUXD-Screenshot-Docker-OSX.png ├── custom ├── README.md ├── config-custom.plist ├── config-legacy.plist ├── config-nopicker-custom.plist ├── config-nopicker-legacy.plist ├── generate-specific-bootdisk.sh ├── generate-unique-machine-values.sh └── opencore-image-ng.sh ├── discord-logo.svg ├── docker-compose.yml ├── fetch-macOS.py ├── glibc-linux4-2.33-4-x86_64.pkg.tar.zst ├── helm ├── Chart.yaml ├── Dockerfile ├── INSTALL-QEMU-AND-GPU-IOMMU.md ├── README.md ├── artifacthub-repo.yml ├── docker-osx-0.2.0.tgz ├── helm-chart-generate.sh ├── index.yaml ├── templates │ ├── _helpers.tpl │ ├── configmap.yaml │ ├── data-pvc.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ └── service.yaml └── values.yaml ├── rankmirrors ├── running-mac-inside-docker-qemu.png ├── tests ├── big-sur_master.png ├── boot-images.sh ├── catalina_master.png ├── high-sierra_master.png ├── mojave_master.png ├── monterey_master.png ├── sonoma_master.png ├── test.sh └── ventura_master.png └── vnc-version ├── Dockerfile └── Dockerfile.nakedvnc /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: sickcodes 4 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/issue-running-docker-osx.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Issue Running Docker-OSX 3 | about: OS related issued, please help us identify the issue by posting the output 4 | of this 5 | title: '' 6 | labels: '' 7 | assignees: '' 8 | 9 | --- 10 | 11 | # OS related issued, please help us identify the issue by posting the output of this 12 | uname -a \ 13 | ; echo "${DISPLAY}" \ 14 | ; echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs \ 15 | ; grep NAME /etc/os-release \ 16 | ; df -h . \ 17 | ; qemu-system-x86_64 --version \ 18 | ; libvirtd --version \ 19 | ; free -mh \ 20 | ; nproc \ 21 | ; egrep -c '(svm|vmx)' /proc/cpuinfo \ 22 | ; ls -lha /dev/kvm \ 23 | ; ls -lha /tmp/.X11-unix/ \ 24 | ; ps aux | grep dockerd \ 25 | ; docker ps | grep osx \ 26 | ; grep "docker\|kvm\|virt" /etc/group 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/open-an-issue.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Open an Issue 3 | about: About anything! 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | 11 | -------------------------------------------------------------------------------- /.github/workflows/docker-build.yml: -------------------------------------------------------------------------------- 1 | name: Push Docker Image to Docker Hub 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | push_to_docker_hub: 10 | name: Push Docker Image to Docker Hub 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout code 14 | id: checkout_code 15 | uses: actions/checkout@v3 16 | 17 | - name: Login to Docker Hub 18 | id: login_docker_hub 19 | uses: docker/login-action@v3 20 | with: 21 | username: ${{ secrets.DOCKER_HUB_USER_NAME }} 22 | password: ${{ secrets.DOCKER_HUB_PASSWORD }} 23 | 24 | - name: Echo Docker Hub Username 25 | run: echo ${{ secrets.DOCKER_HUB_USER_NAME }} 26 | 27 | - name: Echo GitHub SHA 28 | run: echo $GITHUB_SHA 29 | 30 | - name: Build Docker image 31 | id: build_image 32 | run: | 33 | docker build "$GITHUB_WORKSPACE" -t sickcodes/docker-osx:master --label dockerfile-path="Dockerfile" 34 | 35 | - name: Label Master Docker Image as Latest 36 | id: label_image 37 | run: | 38 | docker tag sickcodes/docker-osx:master sickcodes/docker-osx:latest 39 | 40 | - name: Push Docker image master 41 | id: push_master 42 | run: docker push sickcodes/docker-osx:master 43 | 44 | - name: Push Docker image latest 45 | id: push_latest 46 | run: docker push sickcodes/docker-osx:latest 47 | 48 | - name: Logout from Docker Hub 49 | run: docker logout 50 | 51 | - name: End 52 | run: echo "Docker image pushed to Docker Hub successfully" -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "osx-serial-generator"] 2 | path = osx-serial-generator 3 | url = https://github.com/sickcodes/osx-serial-generator.git 4 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | |Version|Date|Notes| 2 | |---|---|---| 3 | | |2021-09-09|Add Monterey| 4 | | |2021-08-27|Add iPhone passthrough OTA!| 5 | |6.0|2021-08-25|Added naked-auto. Keep kernel at 5.13, even tho it's just for supermin.| 6 | |5.0|2021-07-25|Retire glibc patch. Retire file command patch. Add bootmenu=on.| 7 | | |2021-07-08|Add CPUID_FLAGS to edit the CPUID flags on the fly.| 8 | |4.4|2021-05-06|Prepare nakedvnc for hub.docker.com. Add `ENV BOOT_ARGS=` to supply additon boot arguments, for example, `vmx,rdtscp`. Add `ENV CPU=Penryn` to allow changes to the CPU emulation, for example, `Skylake-Client`, or see [more examples here](https://manpages.ubuntu.com/manpages/disco/man7/qemu-cpu-models.7.html).| 9 | | |2021-05-04|Disable arbitrary chown warning| 10 | | |2021-04-27|Fixed missing sudo| 11 | | |2021-04-18|Add LIBGUESTFS debug & trace commands, exit on fail when creating bootdisks. Silence touch errors.| 12 | |4.3|2021-03-24|Enable interactive QEMU again. Remove envsubst since we are already using bash... Add set -x flag| 13 | |4.2|2021-03-24|Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add `IMAGE_FORMAT=qcow2` to allow `IMAGE_FORMAT=raw` too.| 14 | | |2021-03-19|Use RAM=3 as the default RAM allocation. Add instructions to clear buff/cache.| 15 | | |2021-03-17|Add RAM=max and RAM=half to dynamically select ram at runtime (DEFAULT).| 16 | | |2021-03-06|Change envs to require --envs. Automatically enable --envs if --output-env is used. Same for plists, bootdisks. Fix help ugliness and sanity of generate serial scripts. Fix bootdisk not getting written to persistent file when using NOPICKER=true. NOPICKER=true is overridden by a custom plist now anyway. Remove useless case statements. Allow -e HEADLESS=true as human readable alternative to -e DISPLAY=:99.| 17 | |4.1|2021-03-04|Add `-e MASTER_PLIST_URL` to all images to allow using your own remote plist.| 18 | | |2021-03-03|Add `WIDTH` and `HEIGHT` to set the x and y resolutions, use in conjuction with serial numbers.| 19 | | |2021-03-02|Add ADDITIONAL_PORTS, for example `-e ADDITIONAL_PORTS='hostfwd=tcp::23-:23,'`| 20 | |4.0|2021-02-27|Add big-sur support. Use `sickcodes/docker-osx:big-sur` or build using `--build-arg VERSION=11`| 21 | | |2021-02-26|Change `-e NOPICKER=true` to simply do `sed -i '/^.*InstallMedia.*/d' Launch.sh` and `export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2`.| 22 | |3.2|2021-02-25|Add a script to generate unique machine serial numbers. Add a script to generate a bootdisk from given serial numbers. Add Linux for libguestfs which allows the docker container to make QEMU bootdisks with specific serial numbers.| 23 | | |2021-02-21|Add NOPICKER environment variable to ALL images.| 24 | |3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.| 25 | | |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.| 26 | | |2021-02-07|Add MAC_ADDRESS environment variable.| 27 | | |2021-02-03|Employ wget --no-verbose to avoid buffer overload in hub.docker.com.| 28 | | |2021-02-03|Reduce build size.| 29 | | |2021-01-27|Add OSX_COMMANDS to allow runtime commands on :auto image.| 30 | | |2021-01-26|Removed most pointless VOLUME build commands.| 31 | |3.0|2021-01-23|Add fast mode boot straight to shell. And -v $PWD/disk.img:/image for all Dockerfiles| 32 | | |2021-01-22|Add additional helm chart instructions and files.| 33 | | |2021-01-15|Fix helm initial disk creation process and add installation instructions.| 34 | | |2021-01-14|Add Helm Chart for Kubernetes support.| 35 | | |2021-01-08|Use IMAGE_PATH as a variable during envsubst for the full path of mac_hdd_ng.img. In preparation for full auto.| 36 | | |2021-01-07|Fix sounds errors and sshd missing on latest build.| 37 | |2.7|2021-01-05|Add rankmirrors. Remove gibMacOS. Replace iptables with iptables-nft. Remove libguestfs.| 38 | | |2020-12-17|Remove unnecessary WORKDIR commands.| 39 | | |2020-12-16|Reduce image size by cloning OSX-KVM to only 1 depth level. Simplify mkdir && chown to mkdir -m| 40 | | |2020-10-06|Add the ability to skip the boot screen with ./Launch-nopicker.sh| 41 | | |2020-10-05|Add vim/vi and nano to the container.| 42 | |2.6|2020-09-26|Increase version.| 43 | | |2020-09-25|Add some WORKDIR fixes.| 44 | | |2020-09-24|Clear pacman cache after use to reduce disk size significantly. Add various shell expansions to inline variables. Add set -eu to Launch.sh. Add a shebang to Launch.sh. Add tcg acceleration as a fallback to kvm. Remove need for display **(This change is reverted later)**. Chown /dev/kvm and /dev/snd. Remove --privileged by specifying required passthroughs. Add audio driver arguments to satisfy QEMU **(USB SoundCard recommended)**. Tidy Launch.sh to reduce image by 2.5GB (from 6GB). | 45 | |2.5|2020-09-20|Critical changes to TigerVNC due to upstream overhaul in TigerVNC.| 46 | | |2020-09-20|Replace ebtables with iptables-nft.| 47 | | |2020-08-29|Increase default OSX to 10.15.6 and add SCREEN_SHARE_PORT=5900 ENV variable.| 48 | | |2020-08-23|Add OSX Screen Sharing port forwarding.| 49 | | |2020-08-23|Clear /tmp/.X99-lock before starting the VNC version.| 50 | | |2020-07-02|Refresh the docker-compose file.| 51 | | |2020-06-22|Add some mirrors to the container.| 52 | | |2020-06-22|Add more force updates to pacman.| 53 | | |2020-06-18|Significantly reduce image layer count by concatenating groups of commands.| 54 | | |2020-06-18|Use the mainline image as the base image for the VNC version.| 55 | |2.0|2020-06-15|Change default OSX version from 10.14.6 to 10.15.5. Add SSH port forwarding inside the container thru to the guest. Increase default arbitrary disk size to 200G. Force update pacman to prevent old mirror links. Add custom Launch.sh script. Add customizable RAM, SMP, CORES, EXTRA and INTERNAL_SSH_PORT| 56 | | |2020-06-14|Remove yay| 57 | | |2020-06-10|Add an OR for attemping to kill non-existent VNC lock files.| 58 | | |2020-06-09|Instruct gibMacOS to download recovery disk only.| 59 | | |2020-06-09|Remove VNC lockfile from killed containers preventing a restart.| 60 | | |2020-06-08|Add docker-compose.yml| 61 | | |2020-06-07|Add VNC version inside the vnc folder.| 62 | | |2020-06-05|Remove systemctl enable libvirtd.service/virtlogd.service since Docker doesn't have systemd| 63 | | |2020-06-04|Removed svm\|vmx via /proc/cpuinfo check which fails on hub.docker.com| 64 | |1.0|2020-06-04|Initial Release| 65 | 66 | -------------------------------------------------------------------------------- /CREDITS.md: -------------------------------------------------------------------------------- 1 | # Credits 2 | 3 | The most important part of the project. You. 4 | 5 | ## Upstream Acknowledgements: 6 | 7 | This project uses OSX-KVM from https://github.com/kholia/OSX-KVM and fully appreciates the work done by [@Kholia](https://github.com/Kholia) and all the contributors who are listed: [https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md](https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md) 8 | 9 | This project also uses KVM-OpenCore from https://github.com/Leoyzen/KVM-Opencore and fully appreciates the work done by [@Leoyzen](https://github.com/Leoyzen). 10 | 11 | We use a special fork by [Nicholas Sherlock](https://www.nicksherlock.com/) of KVM-Opencore https://github.com/thenickdude/KVM-Opencore and thank Nick for his awesome upstream work! 12 | 13 | This project now uses the fantastic OpenCore bootloader from the community OpenCore project: https://github.com/acidanthera/OpenCorePkg. You can join their [Subreddit here](https://www.reddit.com/r/hackintosh/)! 14 | 15 | ## These credits refer to the legendary contributors to this repository: 16 | 17 | [@GreeFine](https://github.com/GreeFine) - Readme Typo #9 18 | 19 | [@parasquid](https://github.com/parasquid) - Docker compose file 20 | 21 | [@matusnovak](https://github.com/matusnovak) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31 22 | 23 | [@m1k1o](https://github.com/m1k1o) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31 24 | 25 | [@qcasey](https://github.com/qcasey) - Removed unnecessary yay in Remove yay dependancy #40 26 | 27 | [@tlierdotfr](https://github.com/tlierdotfr) - Reduce number of layers in Dockerfile 28 | 29 | [@Julioevm](https://github.com/Julioevm) - Update docker-compose.yml #57 30 | 31 | [@jviotti](https://github.com/jviotti) - Auto-boot thru ShowPicker 32 | 33 | [@IAmBenMitchell]([https://github.com/MrBenFTW](https://github.com/iambenmitchell)) - Updated macOS version 10.15.5 -> 10.15.6, Enabled screen sharing port forwarding, Removed the need to remove 1gb from the partition. 34 | 35 | [@hoantp](https://github.com/hoantp) - Initialized TigerVNC 1.11.0 fix 36 | 37 | [@jimdigriz](https://github.com/jimdigriz) - Epic fixes: image size, shellisms, fallback2kvm, unprivileged mode https://github.com/sickcodes/Docker-OSX/pull/82 38 | 39 | [@NickZhouNan](https://github.com/NickZhouNan) - Bug fix with changed WORKDIR 40 | 41 | [@MrBenFTW](https://github.com/MrBenFTW) - Added IP forwarding hot tips, useful for boosting bridged networking in remote environments. 42 | 43 | [@mikob](https://github.com/mikob) - Added important warning for Xcode users to reserve 60GB++ - Made instructions more clear for those needing Xcode #94 44 | 45 | [@AdamMomen](https://github.com/AdamMomen) - Fixed automatic boot vnc-version container instructions for better usablility 46 | 47 | [@PeterDaveHello](https://github.com/PeterDaveHello) - Simplify .ssh directory setup process in Dockerfile #111 48 | 49 | [@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce image size by setting git clone depth #110 50 | 51 | [@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce Dockerfile instructions and Docker image layers #112 52 | 53 | [@weskerfoot](https://github.com/weskerfoot) Docs updates: usb passthrough, headless mode, disk space reduction guide #113 54 | 55 | [@PeterDaveHello](https://github.com/PeterDaveHello) - Improve Dockerfile #121 56 | 57 | [@cephasara](https://github.com/cephasara) - Add helm chart #124 58 | 59 | [@cephasara](https://github.com/cephasara) - Fix helm initial disk creation process and add installation instructions #125 60 | 61 | [@cephasara](https://github.com/cephasara) - Add gpu passthrough support as well as dynamic OpenCore chainloader regeneration #132 62 | 63 | [@cephasara](https://github.com/cephasara) - Fix helm installation failure and cleanup values organization #134 64 | 65 | [@prometheas](https://github.com/prometheas) - docs: fix broken multi-line docker command #140 66 | 67 | [@MrBenFTW](https://github.com/MrBenFTW) - Tempfix for arch #150 68 | 69 | [@edsonboldrini](https://github.com/edsonboldrini) - Update README.md #161 70 | 71 | [@TheHackerCoding](https://github.com/TheHackerCoding) - Typo in README.md #194 72 | 73 | [@panos](https://github.com/panos) - Improved README #212 74 | 75 | [@ggjulio](https://github.com/ggjulio) - Restarting an "auto" container #216 76 | 77 | [@panos](https://github.com/panos) - Improved README #212 78 | 79 | [@panos](https://github.com/panos) - Made further improvements to the README #219 80 | 81 | [@kaoudis](https://github.com/kaoudis) README / troubleshooting docs improvements #235 82 | 83 | [@a10kiloham](https://github.com/a10kiloham) - Dockerfile for :naked image with VNC support #245 84 | 85 | [@a10kiloham](https://github.com/a10kiloham) - Adding Bluebubbles as an example use case #250 86 | 87 | [@aronzvi](https://github.com/aronzvi) - Fixed Failed to boot OSX with GENERATE_UNIQUE #244 88 | 89 | [@tinjaw](https://github.com/tinjaw) - Fixed Type #258 90 | 91 | [@m-zheng](https://github.com/m-zheng) - Update README.md #260 92 | 93 | [@johnjhacking](https://github.com/johnjhacking) - Change call function to Popen #288 94 | 95 | [@allansrc](https://github.com/allansrc) - Update Doc detail for run on WLS #318 96 | 97 | [@mcandre](https://github.com/mcandre) - fix typo #334 98 | 99 | [@cybik](https://github.com/cybik) Spice fix #337 100 | 101 | [@Silfalion](https://github.com/Silfalion) - [https://github.com/Silfalion/Iphone_docker_osx_passthrough](https://github.com/Silfalion/Iphone_docker_osx_passthrough) 102 | 103 | [@chirag350](https://github.com/chirag350) use LABEL instead of MAINTAINER since MAINTAINER is deprecated #352 104 | 105 | [@Buthrakaur](https://github.com/Buthrakaur) readme - improve instructions for running on windows #361 106 | 107 | [@TheHackerCoding](https://github.com/TheHackerCoding) Typo in README #367 108 | 109 | [@cameronsteele](https://github.com/cameronsteele) fix Big Sur build example #378 110 | 111 | [@eggplants](https://github.com/eggplants) Fix command to launch sickcodes/docker-osx:auto #366 112 | 113 | [@martinmullins](https://github.com/martinmullins) Notes for mounting an NFS folder from a linux host #392 114 | 115 | [@kimjammer](https://github.com/kimjammer) Readme - Added instructions for using WSLg's built in X11 server #395 116 | 117 | [@jk2K](https://github.com/jk2K) fix: support dynamic change of Base image #408 118 | 119 | [@MikeCoder96](https://github.com/MikeCoder96) Update README.md with WSL how to #412 120 | 121 | [@aslafy-z](https://github.com/aslafy-z) chore(docs): update helm requirements list style #420 122 | 123 | [@kimjammer](https://github.com/kimjammer) Update Windows Installation section #422 124 | 125 | [@Mhartig](https://github.com/Mhartig) - Worked out issue `Enter a number (default=1): error: invalid number: y` 126 | 127 | [@felipestt](https://github.com/felipestt) Use more CPU Cores/SMP' broken #440 128 | 129 | [@routmoute](https://github.com/routmoute) README: add PulseAudio with WSLg #442 130 | [@dulatello08](https://github.com/dulatello08) Update README.md #452 131 | 132 | [@Anthropohedron](https://github.com/Anthropohedron) Added FAQ.md 133 | 134 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/docker 2 | # ____ __ ____ ______ __ 3 | # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / 4 | # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / 5 | # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | 6 | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| 7 | # 8 | # Title: Docker-OSX (Mac on Docker) 9 | # Author: Sick.Codes https://twitter.com/sickcodes 10 | # Version: 6.0 11 | # License: GPLv3+ 12 | # Repository: https://github.com/sickcodes/Docker-OSX 13 | # Website: https://sick.codes 14 | # 15 | # All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm 16 | # OpenCore support go to https://github.com/Leoyzen/KVM-Opencore 17 | # and https://github.com/thenickdude/KVM-Opencore/ 18 | # 19 | # This Dockerfile automates the installation of Docker-OSX 20 | # It will build a 200GB container. You can change the size using build arguments. 21 | # This Dockerfile builds on top of the work done by Dhiru Kholia, and many others. 22 | # 23 | # Build: 24 | # 25 | # docker build -t docker-osx . 26 | # docker build -t docker-osx --build-arg VERSION=10.15.5 --build-arg SIZE=200G . 27 | # docker build -t docker-osx-sonoma --build-arg BRANCH=sonoma --build-arg SHORTNAME=sonoma . 28 | # 29 | # Basic Run: 30 | # 31 | # docker run --device /dev/kvm --device /dev/snd -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest 32 | # 33 | # Run with SSH: 34 | # 35 | # docker run --device /dev/kvm --device /dev/snd -e RAM=6 -p 50922:10022 -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest 36 | # # ssh fullname@localhost -p 50922 37 | # 38 | # Optargs: 39 | # 40 | # -v $PWD/disk.img:/image 41 | # -e SIZE=200G 42 | # -e VERSION=10.15.6 43 | # -e RAM=5 44 | # -e SMP=4 45 | # -e CORES=4 46 | # -e EXTRA= 47 | # -e INTERNAL_SSH_PORT=10022 48 | # -e MAC_ADDRESS= 49 | # 50 | # Extra QEMU args: 51 | # 52 | # docker run ... -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8" ... 53 | # # you will also need to pass the device to the container 54 | 55 | FROM archlinux:base-devel 56 | LABEL maintainer='https://twitter.com/sickcodes ' 57 | 58 | SHELL ["/bin/bash", "-c"] 59 | 60 | # change disk size here or add during build, e.g. --build-arg VERSION=10.14.5 --build-arg SIZE=50G 61 | ARG SIZE=200G 62 | ARG PARALLEL_DOWNLOADS=30 63 | 64 | # OPTIONAL: Arch Linux server mirrors for super fast builds 65 | # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true 66 | RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ ${PARALLEL_DOWNLOADS:=30}/g /etc/pacman.conf 67 | 68 | ARG RANKMIRRORS 69 | ARG MIRROR_COUNTRY=US 70 | ARG MIRROR_COUNT=10 71 | 72 | RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ 73 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 74 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' 75 | 76 | # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys 77 | RUN pacman -Sy archlinux-keyring --noconfirm \ 78 | && rm -rf /etc/pacman.d/gnupg \ 79 | && pacman-key --init \ 80 | && pacman-key --populate archlinux 81 | 82 | RUN if [[ "${RANKMIRRORS}" ]]; then \ 83 | { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ 84 | ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ 85 | ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ 86 | | sed -e 's/^#Server/Server/' -e '/^#/d' \ 87 | | head -n "$((${MIRROR_COUNT:-10}+1))" \ 88 | | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ 89 | && cat /etc/pacman.d/mirrorlist \ 90 | ; fi 91 | 92 | RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ 93 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ 94 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ 95 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ 96 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' 97 | 98 | # This fails on hub.docker.com, useful for debugging in cloud 99 | # RUN [[ $(egrep -c '(svm|vmx)' /proc/cpuinfo) -gt 0 ]] || { echo KVM not possible on this host && exit 1; } 100 | 101 | # RUN tee -a /etc/pacman.conf <<< '[community-testing]' \ 102 | # && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist' 103 | 104 | RUN pacman -Syu git zip vim nano alsa-utils openssh --noconfirm \ 105 | && ln -s /bin/vim /bin/vi \ 106 | && useradd arch -p arch \ 107 | && tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \ 108 | && mkdir -p /home/arch \ 109 | && chown arch:arch /home/arch 110 | 111 | # allow ssh to container 112 | RUN mkdir -p -m 700 /root/.ssh 113 | 114 | WORKDIR /root/.ssh 115 | RUN touch authorized_keys \ 116 | && chmod 644 authorized_keys 117 | 118 | WORKDIR /etc/ssh 119 | RUN tee -a sshd_config <<< 'AllowTcpForwarding yes' \ 120 | && tee -a sshd_config <<< 'PermitTunnel yes' \ 121 | && tee -a sshd_config <<< 'X11Forwarding yes' \ 122 | && tee -a sshd_config <<< 'PasswordAuthentication yes' \ 123 | && tee -a sshd_config <<< 'PermitRootLogin yes' \ 124 | && tee -a sshd_config <<< 'PubkeyAuthentication yes' \ 125 | && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_rsa_key' \ 126 | && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ecdsa_key' \ 127 | && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ed25519_key' 128 | 129 | USER arch 130 | 131 | # download OSX-KVM for the submodules 132 | RUN git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git /home/arch/OSX-KVM 133 | 134 | # enable ssh 135 | # docker exec .... ./enable-ssh.sh 136 | USER arch 137 | 138 | WORKDIR /home/arch/OSX-KVM 139 | 140 | RUN touch enable-ssh.sh \ 141 | && chmod +x ./enable-ssh.sh \ 142 | && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_rsa_key ]] || \' \ 143 | && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \ 144 | && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \ 145 | && tee -a enable-ssh.sh <<< 'sudo /usr/bin/ssh-keygen -A' \ 146 | && tee -a enable-ssh.sh <<< 'nohup sudo /usr/bin/sshd -D &' 147 | 148 | # QEMU CONFIGURATOR 149 | # set optional ram at runtime -e RAM=16 150 | # set optional cores at runtime -e SMP=4 -e CORES=2 151 | # add any additional commands in QEMU cli format -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8" 152 | 153 | # default env vars, RUNTIME ONLY, not for editing in build time. 154 | 155 | # RUN yes | sudo pacman -Syu qemu libvirt dnsmasq virt-manager bridge-utils edk2-ovmf netctl libvirt-dbus --overwrite --noconfirm 156 | 157 | RUN yes | sudo pacman -Syu bc qemu-desktop libvirt dnsmasq virt-manager bridge-utils openresolv jack2 ebtables edk2-ovmf netctl libvirt-dbus wget scrot --overwrite --noconfirm \ 158 | && yes | sudo pacman -Scc 159 | 160 | WORKDIR /home/arch/OSX-KVM 161 | 162 | # fix invalid signature on old libguestfs 163 | ARG SIGLEVEL=Never 164 | 165 | RUN sudo tee -a /etc/pacman.conf <<< "SigLevel = ${SIGLEVEL}" \ 166 | && sudo tee -a /etc/pacman.conf <<< 'RemoteFileSigLevel = Optional' \ 167 | && sudo sed -i -e 's/^\#RemoteFileSigLevel/RemoteFileSigLevel/g' /etc/pacman.conf 168 | 169 | ARG LINUX=true 170 | 171 | # required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly 172 | # reminder this is what makes :naked image larger than expected 173 | RUN if [[ "${LINUX}" == true ]]; then \ 174 | sudo pacman -Syu linux linux-headers archlinux-keyring guestfs-tools mkinitcpio pcre pcre2 --noconfirm \ 175 | && libguestfs-test-tool \ 176 | && rm -rf /var/tmp/.guestfs-* \ 177 | && yes | sudo pacman -Scc \ 178 | ; fi 179 | 180 | # optional --build-arg to change branches for testing 181 | ARG BRANCH=master 182 | ARG REPO='https://github.com/sickcodes/Docker-OSX.git' 183 | RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH:=master}" "${REPO:=https://github.com/sickcodes/Docker-OSX.git}" 184 | 185 | RUN touch Launch.sh \ 186 | && chmod +x ./Launch.sh \ 187 | && tee -a Launch.sh <<< '#!/bin/bash' \ 188 | && tee -a Launch.sh <<< 'set -eux' \ 189 | && tee -a Launch.sh <<< 'sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true' \ 190 | && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ 191 | && tee -a Launch.sh <<< '[[ "${RAM}" = max ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 1000000"))"' \ 192 | && tee -a Launch.sh <<< '[[ "${RAM}" = half ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 2000000"))"' \ 193 | && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ 194 | && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-4}000 \' \ 195 | && tee -a Launch.sh <<< '-cpu ${CPU:-Penryn},${CPUID_FLAGS:-vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,}${BOOT_ARGS} \' \ 196 | && tee -a Launch.sh <<< '-machine q35,${KVM-"accel=kvm:tcg"} \' \ 197 | && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \ 198 | && tee -a Launch.sh <<< '-device qemu-xhci,id=xhci \' \ 199 | && tee -a Launch.sh <<< '-device usb-kbd,bus=xhci.0 -device usb-tablet,bus=xhci.0 \' \ 200 | && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \ 201 | && tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \ 202 | && tee -a Launch.sh <<< '-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \' \ 203 | && tee -a Launch.sh <<< '-smbios type=2 \' \ 204 | && tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \ 205 | && tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \ 206 | && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2} \' \ 207 | && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \ 208 | && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \ 209 | && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=${BASESYSTEM_FORMAT:-qcow2} \' \ 210 | && tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \ 211 | && tee -a Launch.sh <<< '-device ide-hd,bus=sata.4,drive=MacHDD \' \ 212 | && tee -a Launch.sh <<< '-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \' \ 213 | && tee -a Launch.sh <<< '-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \' \ 214 | && tee -a Launch.sh <<< '-monitor stdio \' \ 215 | && tee -a Launch.sh <<< '-boot menu=on \' \ 216 | && tee -a Launch.sh <<< '-vga vmware \' \ 217 | && tee -a Launch.sh <<< '${EXTRA:-}' 218 | 219 | # docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh 220 | # This is now a legacy command. 221 | # You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk 222 | 223 | ### LEGACY CODE 224 | RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \ 225 | && chmod +x ./Launch-nopicker.sh \ 226 | && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh 227 | ### 228 | 229 | USER arch 230 | 231 | ENV USER=arch 232 | 233 | # These are hardcoded serials for non-iMessage related research 234 | # Overwritten by using GENERATE_UNIQUE=true 235 | # Upstream removed nopicker, so we are adding it back in, at build time 236 | # Once again, this is just for the Docker build so there is a default nopicker image there 237 | 238 | # libguestfs verbose 239 | ENV LIBGUESTFS_DEBUG=1 240 | ENV LIBGUESTFS_TRACE=1 241 | 242 | ARG STOCK_DEVICE_MODEL=iMacPro1,1 243 | ARG STOCK_SERIAL=C02TM2ZBHX87 244 | ARG STOCK_BOARD_SERIAL=C02717306J9JG361M 245 | ARG STOCK_UUID=007076A6-F2A2-4461-BBE5-BAD019F8025A 246 | ARG STOCK_MAC_ADDRESS=00:0A:27:00:00:00 247 | ARG STOCK_WIDTH=1920 248 | ARG STOCK_HEIGHT=1080 249 | ARG STOCK_MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist 250 | ARG STOCK_MASTER_PLIST_URL_NOPICKER=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist 251 | ARG STOCK_BOOTDISK=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 252 | ARG STOCK_BOOTDISK_NOPICKER=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2 253 | 254 | RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ 255 | --master-plist-url="${STOCK_MASTER_PLIST_URL}" \ 256 | --model "${STOCK_DEVICE_MODEL}" \ 257 | --serial "${STOCK_SERIAL}" \ 258 | --board-serial "${STOCK_BOARD_SERIAL}" \ 259 | --uuid "${STOCK_UUID}" \ 260 | --mac-address "${STOCK_MAC_ADDRESS}" \ 261 | --width "${STOCK_WIDTH}" \ 262 | --height "${STOCK_HEIGHT}" \ 263 | --output-bootdisk "${STOCK_BOOTDISK}" || exit 1 \ 264 | ; rm -rf /var/tmp/.guestfs-* 265 | 266 | RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ 267 | --master-plist-url="${STOCK_MASTER_PLIST_URL_NOPICKER}" \ 268 | --model "${STOCK_DEVICE_MODEL}" \ 269 | --serial "${STOCK_SERIAL}" \ 270 | --board-serial "${STOCK_BOARD_SERIAL}" \ 271 | --uuid "${STOCK_UUID}" \ 272 | --mac-address "${STOCK_MAC_ADDRESS}" \ 273 | --width "${STOCK_WIDTH}" \ 274 | --height "${STOCK_HEIGHT}" \ 275 | --output-bootdisk "${STOCK_BOOTDISK_NOPICKER}" || exit 1 \ 276 | ; rm -rf /var/tmp/.guestfs-* 277 | 278 | ### symlink the old directory as upstream has renamed a directory. Symlinking purely for backwards compatability! 279 | RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true 280 | #### 281 | 282 | #### SPECIAL RUNTIME ARGUMENTS BELOW 283 | # env -e ADDITIONAL_PORTS with a comma 284 | # for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23, 285 | ENV ADDITIONAL_PORTS= 286 | 287 | # since the Makefile uses raw, and raw uses the full disk amount 288 | # we want to use a compressed qcow2 289 | # ENV BASESYSTEM_FORMAT=raw 290 | ENV BASESYSTEM_FORMAT=qcow2 291 | 292 | # add additional QEMU boot arguments 293 | ENV BOOT_ARGS= 294 | 295 | ENV BOOTDISK= 296 | 297 | # edit the CPU that is being emulated 298 | ENV CPU=Penryn 299 | ENV CPUID_FLAGS='vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,' 300 | 301 | ENV DISPLAY=:0.0 302 | 303 | # Deprecated 304 | ENV ENV=/env 305 | 306 | # Boolean for generating a bootdisk with new random serials. 307 | ENV GENERATE_UNIQUE=false 308 | 309 | # Boolean for generating a bootdisk with specific serials. 310 | ENV GENERATE_SPECIFIC=false 311 | 312 | ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img 313 | ENV IMAGE_FORMAT=qcow2 314 | 315 | ENV KVM='accel=kvm:tcg' 316 | 317 | ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" 318 | 319 | # ENV NETWORKING=e1000-82545em 320 | ENV NETWORKING=vmxnet3 321 | 322 | # boolean for skipping the disk selection menu at in the boot process 323 | ENV NOPICKER=false 324 | 325 | # dynamic RAM options for runtime 326 | ENV RAM=4 327 | # ENV RAM=max 328 | # ENV RAM=half 329 | 330 | # The x and y coordinates for resolution. 331 | # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. 332 | ENV WIDTH=1920 333 | ENV HEIGHT=1080 334 | 335 | VOLUME ["/tmp/.X11-unix"] 336 | 337 | # check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image 338 | # NOPICKER is used to skip the disk selection screen 339 | # GENERATE_UNIQUE is used to generate serial numbers on boot. 340 | # /env is a file that you can generate and save using -v source.sh:/env 341 | # the env file is a file that you can carry to the next container which will supply the serials numbers. 342 | # GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using: 343 | # -e DEVICE_MODEL="iMacPro1,1" \ 344 | # -e SERIAL="C02TW0WAHX87" \ 345 | # -e BOARD_SERIAL="C027251024NJG36UE" \ 346 | # -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ 347 | # -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ 348 | 349 | # the output will be /bootdisk. 350 | # /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk. 351 | 352 | # if you don't set any of the above: 353 | # the default serial numbers are already contained in ./OpenCore/OpenCore.qcow2 354 | # And the default serial numbers 355 | 356 | # DMCA compliant download process 357 | # If BaseSystem.img does not exist, download ${SHORTNAME} 358 | 359 | # shortname default is below 360 | ENV SHORTNAME=sequoia 361 | 362 | ENV BASESYSTEM_IMAGE=BaseSystem.img 363 | 364 | CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ 365 | && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ 366 | && make \ 367 | && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ 368 | && rm ./BaseSystem.dmg \ 369 | ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 370 | ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 371 | ; [[ "${NOPICKER}" == true ]] && { \ 372 | sed -i '/^.*InstallMedia.*/d' Launch.sh \ 373 | && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ 374 | ; } \ 375 | || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 376 | ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ 377 | ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ 378 | --master-plist-url="${MASTER_PLIST_URL}" \ 379 | --count 1 \ 380 | --tsv ./serial.tsv \ 381 | --bootdisks \ 382 | --width "${WIDTH:-1920}" \ 383 | --height "${HEIGHT:-1080}" \ 384 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 385 | --output-env "${ENV:=/env}" \ 386 | || exit 1 ; } \ 387 | ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ 388 | source "${ENV:=/env}" 2>/dev/null \ 389 | ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ 390 | --master-plist-url="${MASTER_PLIST_URL}" \ 391 | --model "${DEVICE_MODEL}" \ 392 | --serial "${SERIAL}" \ 393 | --board-serial "${BOARD_SERIAL}" \ 394 | --uuid "${UUID}" \ 395 | --mac-address "${MAC_ADDRESS}" \ 396 | --width "${WIDTH:-1920}" \ 397 | --height "${HEIGHT:-1080}" \ 398 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 399 | || exit 1 ; } \ 400 | ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh 401 | 402 | # virt-manager mode: eta son 403 | # CMD virsh define <(envsubst < Docker-OSX.xml) && virt-manager || virt-manager 404 | # CMD virsh define <(envsubst < macOS-libvirt-Catalina.xml) && virt-manager || virt-manager 405 | -------------------------------------------------------------------------------- /Dockerfile.auto: -------------------------------------------------------------------------------- 1 | #!/usr/bin/docker 2 | # ____ __ ____ ______ __ 3 | # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / 4 | # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / 5 | # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | 6 | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :AUTO 7 | # 8 | # Title: Docker-OSX (Mac on Docker) 9 | # Author: Sick.Codes https://twitter.com/sickcodes 10 | # Version: 6.0 11 | # License: GPLv3+ 12 | # Repository: https://github.com/sickcodes/Docker-OSX 13 | # Website: https://sick.codes 14 | # 15 | # This Dockerfile is a pre-installed naked installation of Docker-OSX! 16 | # 17 | # Default username: user 18 | # Default password: alpine 19 | # 20 | # Take screenshots in the Arch container and display in terminal: scrotcat 21 | # readme: 22 | # timezone: UTC/GMT 23 | # 24 | # Future versions will navigate the installation process, inside the Dockerfile. 25 | # 26 | # 27 | # Build: 28 | # 29 | # docker build -t docker-osx:auto -f Dockerfile.auto . 30 | # 31 | # Run: 32 | # 33 | # docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng_auto.img:/image docker-osx-auto:latest 34 | # 35 | # SSH: 36 | # From inside the container: 37 | # ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022 38 | # 39 | # From outside the container: 40 | # ssh localhost user@127.0.0.1 -p 50922 41 | # docker exec -it containerid ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022 42 | 43 | FROM sickcodes/docker-osx:latest 44 | 45 | LABEL maintainer='https://twitter.com/sickcodes ' 46 | 47 | USER root 48 | 49 | WORKDIR /root 50 | 51 | # For taking screenshots of the Xfvb screen, useful during development. 52 | ARG SCROT 53 | 54 | # OPTIONAL: Arch Linux server mirrors for super fast builds 55 | # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true 56 | RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf 57 | ARG RANKMIRRORS 58 | ARG MIRROR_COUNTRY=US 59 | ARG MIRROR_COUNT=10 60 | 61 | RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ 62 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 63 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' 64 | 65 | # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys 66 | RUN pacman -Sy archlinux-keyring --noconfirm \ 67 | && rm -rf /etc/pacman.d/gnupg \ 68 | && pacman-key --init \ 69 | && pacman-key --populate archlinux 70 | 71 | RUN if [[ "${RANKMIRRORS}" ]]; then \ 72 | { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ 73 | ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ 74 | ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ 75 | | sed -e 's/^#Server/Server/' -e '/^#/d' \ 76 | | head -n "$((${MIRROR_COUNT:-10}+1))" \ 77 | | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ 78 | 79 | 80 | 81 | && cat /etc/pacman.d/mirrorlist \ 82 | ; fi 83 | 84 | RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ 85 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ 86 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ 87 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ 88 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' 89 | 90 | RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \ 91 | && if [[ "${SCROT}" ]]; then \ 92 | pacman -Syu scrot base-devel --noconfirm \ 93 | && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ 94 | && cd imcat \ 95 | && make \ 96 | && sudo cp imcat /usr/bin/imcat \ 97 | && touch /usr/bin/scrotcat \ 98 | && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ 99 | && chmod +x /usr/bin/scrotcat \ 100 | ; else \ 101 | touch /usr/bin/scrotcat \ 102 | && echo echo >> /usr/bin/scrotcat \ 103 | && chmod +x /usr/bin/scrotcat \ 104 | ; fi \ 105 | ; yes | pacman -Scc 106 | 107 | RUN pacman -S sshpass --noconfirm \ 108 | && yes | pacman -Scc 109 | 110 | USER arch 111 | 112 | ENV USER arch 113 | 114 | WORKDIR /home/arch/OSX-KVM 115 | 116 | RUN mkdir -p ~/.ssh \ 117 | && touch ~/.ssh/authorized_keys \ 118 | && touch ~/.ssh/config \ 119 | && chmod 700 ~/.ssh \ 120 | && chmod 600 ~/.ssh/config \ 121 | && chmod 600 ~/.ssh/authorized_keys \ 122 | && tee -a ~/.ssh/config <<< 'Host *' \ 123 | && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ 124 | && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' 125 | 126 | ARG COMPLETE=true 127 | 128 | # use the COMPLETE arg, for a complete image, ready to boot. 129 | # otherwise use your own image: -v "$PWD/disk.img":/image 130 | ARG WGET_OPTIONS= 131 | # ARG WGET_OPTIONS='--no-verbose' 132 | 133 | # Feel free to take a copy of this image and then host it internally 134 | ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto.img' 135 | # ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' 136 | 137 | RUN if [[ "${COMPLETE}" ]]; then \ 138 | echo "Downloading 20GB image... This step might take a while... Press Ctrl+C if you want to abort." \ 139 | ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ 140 | && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ 141 | ; fi 142 | 143 | 144 | #### 145 | 146 | # symlink the old directory, for redundancy 147 | RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true 148 | 149 | #### 150 | 151 | #### SPECIAL RUNTIME ARGUMENTS BELOW 152 | 153 | ENV ADDITIONAL_PORTS= 154 | 155 | # add additional QEMU boot arguments 156 | ENV BOOT_ARGS= 157 | 158 | ENV BOOTDISK= 159 | 160 | # edit the CPU that is beign emulated 161 | ENV CPU=Penryn 162 | 163 | ENV DISPLAY=:99 164 | 165 | ENV HEADLESS=false 166 | 167 | ENV ENV=/env 168 | 169 | # Boolean for generating a bootdisk with new random serials. 170 | ENV GENERATE_UNIQUE=false 171 | 172 | # Boolean for generating a bootdisk with specific serials. 173 | ENV GENERATE_SPECIFIC=false 174 | 175 | ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img 176 | ENV IMAGE_FORMAT=qcow2 177 | 178 | ENV KVM='accel=kvm:tcg' 179 | 180 | # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" 181 | 182 | # ENV NETWORKING=e1000-82545em 183 | ENV NETWORKING=vmxnet3 184 | 185 | ENV NOPICKER=true 186 | 187 | # set the username and password for automatically logging in 188 | ENV USERNAME=user 189 | ENV PASSWORD=alpine 190 | 191 | # dynamic RAM options for runtime 192 | ENV RAM=3 193 | # ENV RAM=max 194 | # ENV RAM=half 195 | 196 | # The x and y coordinates for resolution. 197 | # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. 198 | ENV WIDTH=1920 199 | ENV HEIGHT=1080 200 | 201 | # libguestfs verbose 202 | ENV LIBGUESTFS_DEBUG=1 203 | ENV LIBGUESTFS_TRACE=1 204 | 205 | ENV TERMS_OF_USE=i_agree 206 | 207 | ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" 208 | 209 | # DMCA compliant download process 210 | # If BaseSystem.img does not exist, download ${SHORTNAME} 211 | 212 | # shortname default is catalina, which means :latest is catalina 213 | ENV SHORTNAME=sonoma 214 | 215 | ENV BASESYSTEM_IMAGE=BaseSystem.img 216 | 217 | CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ 218 | && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ 219 | && make \ 220 | && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ 221 | && rm ./BaseSystem.dmg \ 222 | ; echo "${BOILERPLATE}" \ 223 | ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ 224 | ; echo "Disk is being copied between layers... Please wait a minute..." \ 225 | ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 226 | ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 227 | ; [[ "${NOPICKER}" == true ]] && { \ 228 | sed -i '/^.*InstallMedia.*/d' Launch.sh \ 229 | && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ 230 | ; } \ 231 | || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 232 | ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ 233 | ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ 234 | --master-plist-url="${MASTER_PLIST_URL}" \ 235 | --count 1 \ 236 | --tsv ./serial.tsv \ 237 | --bootdisks \ 238 | --width "${WIDTH:-1920}" \ 239 | --height "${HEIGHT:-1080}" \ 240 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 241 | --output-env "${ENV:=/env}" \ 242 | || exit 1 ; } \ 243 | ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ 244 | source "${ENV:=/env}" 2>/dev/null \ 245 | ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ 246 | --master-plist-url="${MASTER_PLIST_URL}" \ 247 | --model "${DEVICE_MODEL}" \ 248 | --serial "${SERIAL}" \ 249 | --board-serial "${BOARD_SERIAL}" \ 250 | --uuid "${UUID}" \ 251 | --mac-address "${MAC_ADDRESS}" \ 252 | --width "${WIDTH:-1920}" \ 253 | --height "${HEIGHT:-1080}" \ 254 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 255 | || exit 1 ; } \ 256 | ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ 257 | nohup Xvfb :99 -screen 0 1920x1080x16 \ 258 | & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ 259 | ; } \ 260 | ; stat "${IMAGE_PATH}" \ 261 | ; echo "Large image is being copied between layers, please wait a minute..." \ 262 | ; ./enable-ssh.sh \ 263 | ; [[ -e ~/.ssh/id_docker_osx ]] || { \ 264 | /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \ 265 | && chmod 600 ~/.ssh/id_docker_osx \ 266 | ; } \ 267 | ; /bin/bash -c ./Launch.sh \ 268 | & echo "Booting Docker-OSX in the background. Please wait..." \ 269 | ; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \ 270 | echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \ 271 | ; sleep 1 \ 272 | ; done \ 273 | ; grep id_docker_osx ~/.ssh/config || { \ 274 | tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \ 275 | ; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \ 276 | ; tee -a ~/.ssh/config <<< ' Port 10022' \ 277 | ; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \ 278 | ; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ 279 | ; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \ 280 | ; } \ 281 | && echo 'Default username: user' \ 282 | && echo 'Default password: alpine' \ 283 | && echo 'Change it immediately using the command: passwd' \ 284 | && ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}" 285 | 286 | # username: user 287 | # password: alpine 288 | # screenshot: docker exec -it containerid scrotcat 289 | # readme: https://github.com/sickcodes/Docker-OSX 290 | # timezone: UTC/GMT 291 | 292 | # Future case option when supplying IMAGE_PATH: 293 | # Zstandard*) zstd -d /image && export IMAGE_PATH=/image;; \ 294 | -------------------------------------------------------------------------------- /Dockerfile.naked: -------------------------------------------------------------------------------- 1 | #!/usr/bin/docker 2 | # ____ __ ____ ______ __ 3 | # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / 4 | # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / 5 | # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | 6 | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED 7 | # 8 | # Title: Docker-OSX (Mac on Docker) 9 | # Author: Sick.Codes https://twitter.com/sickcodes 10 | # Version: 6.0 11 | # License: GPLv3+ 12 | # Repository: https://github.com/sickcodes/Docker-OSX 13 | # Website: https://sick.codes 14 | # 15 | # This image won't run unless you supply a disk image using: 16 | # -v ${PWD}/mac_hdd_ng.img:/image 17 | # 18 | # Take screenshots in the Arch container and display in terminal: scrotcat 19 | # 20 | # Build: 21 | # 22 | # docker build -t docker-osx:naked -f Dockerfile.naked . 23 | # 24 | # Run headless: 25 | # 26 | # docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image docker-osx:naked 27 | # 28 | # Run with display: 29 | # 30 | # docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image -e "DISPLAY=${DISPLAY:-:0.0}" -v /tmp/.X11-unix:/tmp/.X11-unix docker-osx:naked 31 | # 32 | 33 | FROM sickcodes/docker-osx:latest 34 | 35 | LABEL maintainer='https://twitter.com/sickcodes ' 36 | 37 | USER root 38 | 39 | WORKDIR /root 40 | 41 | RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img 42 | 43 | # OPTIONAL: Arch Linux server mirrors for super fast builds 44 | # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true 45 | RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf 46 | ARG RANKMIRRORS 47 | ARG MIRROR_COUNTRY=US 48 | ARG MIRROR_COUNT=10 49 | 50 | RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ 51 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 52 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' 53 | 54 | # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys 55 | RUN pacman -Sy archlinux-keyring --noconfirm \ 56 | && rm -rf /etc/pacman.d/gnupg \ 57 | && pacman-key --init \ 58 | && pacman-key --populate archlinux 59 | 60 | RUN if [[ "${RANKMIRRORS}" ]]; then \ 61 | { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ 62 | ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ 63 | ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ 64 | | sed -e 's/^#Server/Server/' -e '/^#/d' \ 65 | | head -n "$((${MIRROR_COUNT:-10}+1))" \ 66 | | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ 67 | && cat /etc/pacman.d/mirrorlist \ 68 | ; fi 69 | 70 | RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ 71 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ 72 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ 73 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ 74 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' 75 | 76 | # For taking screenshots of the Xfvb screen, useful during development. 77 | ARG SCROT 78 | 79 | RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \ 80 | && if [[ "${SCROT}" ]]; then \ 81 | pacman -Syu scrot base-devel --noconfirm \ 82 | && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ 83 | && cd imcat \ 84 | && make \ 85 | && sudo cp imcat /usr/bin/imcat \ 86 | && touch /usr/bin/scrotcat \ 87 | && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ 88 | && chmod +x /usr/bin/scrotcat \ 89 | ; else \ 90 | touch /usr/bin/scrotcat \ 91 | && echo echo >> /usr/bin/scrotcat \ 92 | && chmod +x /usr/bin/scrotcat \ 93 | ; fi \ 94 | ; yes | pacman -Scc 95 | 96 | USER arch 97 | 98 | ENV USER arch 99 | 100 | WORKDIR /home/arch/OSX-KVM 101 | 102 | RUN mkdir -p ~/.ssh \ 103 | && touch ~/.ssh/authorized_keys \ 104 | && touch ~/.ssh/config \ 105 | && chmod 700 ~/.ssh \ 106 | && chmod 600 ~/.ssh/config \ 107 | && chmod 600 ~/.ssh/authorized_keys \ 108 | && tee -a ~/.ssh/config <<< 'Host *' \ 109 | && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ 110 | && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' 111 | 112 | #### 113 | 114 | # symlink the old directory, for redundancy 115 | RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true 116 | 117 | #### 118 | 119 | #### SPECIAL RUNTIME ARGUMENTS BELOW 120 | 121 | ENV ADDITIONAL_PORTS= 122 | 123 | # add additional QEMU boot arguments 124 | ENV BOOT_ARGS= 125 | 126 | ENV BOOTDISK= 127 | 128 | # edit the CPU that is beign emulated 129 | ENV CPU=Penryn 130 | 131 | ENV DISPLAY=:99 132 | 133 | ENV HEADLESS=false 134 | 135 | ENV ENV=/env 136 | 137 | # Boolean for generating a bootdisk with new random serials. 138 | ENV GENERATE_UNIQUE=false 139 | 140 | # Boolean for generating a bootdisk with specific serials. 141 | ENV GENERATE_SPECIFIC=false 142 | 143 | ENV IMAGE_PATH=/image 144 | ENV IMAGE_FORMAT=qcow2 145 | 146 | ENV KVM='accel=kvm:tcg' 147 | 148 | # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" 149 | 150 | # ENV NETWORKING=e1000-82545em 151 | ENV NETWORKING=vmxnet3 152 | 153 | ENV NOPICKER=true 154 | 155 | # dynamic RAM options for runtime 156 | ENV RAM=3 157 | # ENV RAM=max 158 | # ENV RAM=half 159 | 160 | # The x and y coordinates for resolution. 161 | # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. 162 | ENV WIDTH=1920 163 | ENV HEIGHT=1080 164 | 165 | # libguestfs verbose 166 | ENV LIBGUESTFS_DEBUG=1 167 | ENV LIBGUESTFS_TRACE=1 168 | 169 | # DMCA compliant download process 170 | # If BaseSystem.img does not exist, download ${SHORTNAME} 171 | 172 | # shortname default is catalina, which means :latest is catalina 173 | ENV SHORTNAME=sonoma 174 | 175 | ENV BASESYSTEM_IMAGE=BaseSystem.img 176 | 177 | CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ 178 | && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ 179 | && make \ 180 | && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ 181 | && rm ./BaseSystem.dmg \ 182 | ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 183 | ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 184 | ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ 185 | nohup Xvfb :99 -screen 0 1920x1080x16 \ 186 | & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ 187 | ; } \ 188 | ; [[ "${NOPICKER}" == true ]] && { \ 189 | sed -i '/^.*InstallMedia.*/d' Launch.sh \ 190 | && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ 191 | ; } \ 192 | || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 193 | ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ 194 | ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ 195 | --master-plist-url="${MASTER_PLIST_URL}" \ 196 | --count 1 \ 197 | --tsv ./serial.tsv \ 198 | --bootdisks \ 199 | --width "${WIDTH:-1920}" \ 200 | --height "${HEIGHT:-1080}" \ 201 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 202 | --output-env "${ENV:=/env}" \ 203 | || exit 1 ; } \ 204 | ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ 205 | source "${ENV:=/env}" 2>/dev/null \ 206 | ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ 207 | --master-plist-url="${MASTER_PLIST_URL}" \ 208 | --model "${DEVICE_MODEL}" \ 209 | --serial "${SERIAL}" \ 210 | --board-serial "${BOARD_SERIAL}" \ 211 | --uuid "${UUID}" \ 212 | --mac-address "${MAC_ADDRESS}" \ 213 | --width "${WIDTH:-1920}" \ 214 | --height "${HEIGHT:-1080}" \ 215 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 216 | || exit 1 ; } \ 217 | ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh 218 | -------------------------------------------------------------------------------- /Dockerfile.naked-auto: -------------------------------------------------------------------------------- 1 | #!/usr/bin/docker 2 | # ____ __ ____ ______ __ 3 | # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / 4 | # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / 5 | # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | 6 | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED-AUTO 7 | # 8 | # Title: Docker-OSX (Mac on Docker) 9 | # Author: Sick.Codes https://twitter.com/sickcodes 10 | # Version: 6.0 11 | # License: GPLv3+ 12 | # Repository: https://github.com/sickcodes/Docker-OSX 13 | # Website: https://sick.codes 14 | # 15 | # This Dockerfile needs you to supply a pre-installed installation of Docker-OSX! 16 | # 17 | # Visit https://github.com/sickcodes/Docker-OSX for info 18 | 19 | FROM sickcodes/docker-osx:latest 20 | 21 | LABEL maintainer='https://twitter.com/sickcodes ' 22 | 23 | USER root 24 | 25 | WORKDIR /root 26 | 27 | RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img 28 | 29 | # For taking screenshots of the Xfvb screen, useful during development. 30 | ARG SCROT 31 | 32 | # OPTIONAL: Arch Linux server mirrors for super fast builds 33 | # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true 34 | RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf 35 | ARG RANKMIRRORS 36 | ARG MIRROR_COUNTRY=US 37 | ARG MIRROR_COUNT=10 38 | 39 | RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ 40 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 41 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' 42 | 43 | # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys 44 | RUN pacman -Sy archlinux-keyring --noconfirm \ 45 | && rm -rf /etc/pacman.d/gnupg \ 46 | && pacman-key --init \ 47 | && pacman-key --populate archlinux 48 | 49 | RUN if [[ "${RANKMIRRORS}" ]]; then \ 50 | { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ 51 | ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ 52 | ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ 53 | | sed -e 's/^#Server/Server/' -e '/^#/d' \ 54 | | head -n "$((${MIRROR_COUNT:-10}+1))" \ 55 | | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ 56 | && cat /etc/pacman.d/mirrorlist \ 57 | ; fi 58 | 59 | RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ 60 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ 61 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ 62 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ 63 | && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' 64 | 65 | # For taking screenshots of the Xfvb screen, useful during development. 66 | ARG SCROT 67 | 68 | RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \ 69 | && if [[ "${SCROT}" ]]; then \ 70 | pacman -Syu scrot base-devel --noconfirm \ 71 | && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ 72 | && cd imcat \ 73 | && make \ 74 | && sudo cp imcat /usr/bin/imcat \ 75 | && touch /usr/bin/scrotcat \ 76 | && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ 77 | && chmod +x /usr/bin/scrotcat \ 78 | ; else \ 79 | touch /usr/bin/scrotcat \ 80 | && echo echo >> /usr/bin/scrotcat \ 81 | && chmod +x /usr/bin/scrotcat \ 82 | ; fi \ 83 | ; yes | pacman -Scc 84 | 85 | RUN pacman -S sshpass --noconfirm \ 86 | && yes | pacman -Scc 87 | 88 | USER arch 89 | 90 | ENV USER arch 91 | 92 | WORKDIR /home/arch/OSX-KVM 93 | 94 | RUN mkdir -p ~/.ssh \ 95 | && touch ~/.ssh/authorized_keys \ 96 | && touch ~/.ssh/config \ 97 | && chmod 700 ~/.ssh \ 98 | && chmod 600 ~/.ssh/config \ 99 | && chmod 600 ~/.ssh/authorized_keys \ 100 | && tee -a ~/.ssh/config <<< 'Host *' \ 101 | && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ 102 | && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' 103 | 104 | ARG COMPLETE= 105 | 106 | # use the COMPLETE arg, for a complete image, ready to boot. 107 | # otherwise use your own image: -v "$PWD/disk.img":/image 108 | ARG WGET_OPTIONS= 109 | # ARG WGET_OPTIONS='--no-verbose' 110 | 111 | # Feel free to take a copy of this image and then host it internally 112 | ARG IMAGE_URL= 113 | # ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' 114 | 115 | RUN if [[ "${COMPLETE}" ]]; then \ 116 | echo "Downloading your image... This step might take a while... Press Ctrl+C if you want to abort." \ 117 | ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ 118 | && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ 119 | ; fi 120 | 121 | #### 122 | 123 | # symlink the old directory, for redundancy 124 | RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true 125 | 126 | #### 127 | 128 | #### SPECIAL RUNTIME ARGUMENTS BELOW 129 | 130 | ENV ADDITIONAL_PORTS= 131 | 132 | # add additional QEMU boot arguments 133 | ENV BOOT_ARGS= 134 | 135 | ENV BOOTDISK= 136 | 137 | # edit the CPU that is beign emulated 138 | ENV CPU=Penryn 139 | 140 | ENV DISPLAY=:99 141 | 142 | ENV HEADLESS=false 143 | 144 | ENV ENV=/env 145 | 146 | # Boolean for generating a bootdisk with new random serials. 147 | ENV GENERATE_UNIQUE=false 148 | 149 | # Boolean for generating a bootdisk with specific serials. 150 | ENV GENERATE_SPECIFIC=false 151 | 152 | ENV IMAGE_PATH=/image 153 | ENV IMAGE_FORMAT=qcow2 154 | 155 | ENV KVM='accel=kvm:tcg' 156 | 157 | # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" 158 | 159 | # ENV NETWORKING=e1000-82545em 160 | ENV NETWORKING=vmxnet3 161 | 162 | ENV NOPICKER=true 163 | 164 | # set the username and password for automatically logging in 165 | ENV USERNAME=user 166 | ENV PASSWORD=alpine 167 | 168 | # dynamic RAM options for runtime 169 | ENV RAM=3 170 | # ENV RAM=max 171 | # ENV RAM=half 172 | 173 | # The x and y coordinates for resolution. 174 | # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. 175 | ENV WIDTH=1920 176 | ENV HEIGHT=1080 177 | 178 | # libguestfs verbose 179 | ENV LIBGUESTFS_DEBUG=1 180 | ENV LIBGUESTFS_TRACE=1 181 | 182 | ENV TERMS_OF_USE=i_agree 183 | 184 | ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" 185 | 186 | # DMCA compliant download process 187 | # If BaseSystem.img does not exist, download ${SHORTNAME} 188 | 189 | # shortname default is catalina, which means :latest is catalina 190 | ENV SHORTNAME=sonoma 191 | 192 | ENV BASESYSTEM_IMAGE=BaseSystem.img 193 | 194 | CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ 195 | && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ 196 | && make \ 197 | && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ 198 | && rm ./BaseSystem.dmg \ 199 | ; echo "${BOILERPLATE}" \ 200 | ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ 201 | ; echo "Disk is being copied between layers... Please wait a minute..." \ 202 | ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 203 | ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 204 | ; [[ "${NOPICKER}" == true ]] && { \ 205 | sed -i '/^.*InstallMedia.*/d' Launch.sh \ 206 | && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ 207 | ; } \ 208 | || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 209 | ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ 210 | ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ 211 | --master-plist-url="${MASTER_PLIST_URL}" \ 212 | --count 1 \ 213 | --tsv ./serial.tsv \ 214 | --bootdisks \ 215 | --width "${WIDTH:-1920}" \ 216 | --height "${HEIGHT:-1080}" \ 217 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 218 | --output-env "${ENV:=/env}" \ 219 | || exit 1 ; } \ 220 | ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ 221 | source "${ENV:=/env}" 2>/dev/null \ 222 | ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ 223 | --master-plist-url="${MASTER_PLIST_URL}" \ 224 | --model "${DEVICE_MODEL}" \ 225 | --serial "${SERIAL}" \ 226 | --board-serial "${BOARD_SERIAL}" \ 227 | --uuid "${UUID}" \ 228 | --mac-address "${MAC_ADDRESS}" \ 229 | --width "${WIDTH:-1920}" \ 230 | --height "${HEIGHT:-1080}" \ 231 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ 232 | || exit 1 ; } \ 233 | ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ 234 | nohup Xvfb :99 -screen 0 1920x1080x16 \ 235 | & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ 236 | ; } \ 237 | ; stat "${IMAGE_PATH}" \ 238 | ; echo "Large image is being copied between layers, please wait a minute..." \ 239 | ; ./enable-ssh.sh \ 240 | ; [[ -e ~/.ssh/id_docker_osx ]] || { \ 241 | /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \ 242 | && chmod 600 ~/.ssh/id_docker_osx \ 243 | ; } \ 244 | ; /bin/bash -c ./Launch.sh \ 245 | & echo "Booting Docker-OSX in the background. Please wait..." \ 246 | ; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \ 247 | echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \ 248 | ; sleep 1 \ 249 | ; done \ 250 | ; grep id_docker_osx ~/.ssh/config || { \ 251 | tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \ 252 | ; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \ 253 | ; tee -a ~/.ssh/config <<< ' Port 10022' \ 254 | ; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \ 255 | ; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ 256 | ; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \ 257 | ; } \ 258 | && ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}" 259 | -------------------------------------------------------------------------------- /FAQ.md: -------------------------------------------------------------------------------- 1 | # Frequently Asked Questions 2 | 3 | These questions come up regularly, so here are the answers. 4 | 5 | ## Basics 6 | 7 | ### Is this legal? 8 | 9 | The [macOS software license](https://www.apple.com/legal/sla/) allows running (some versions of) macOS in a virtual machine only on Apple hardware. The [Apple Security Bounty terms and conditions](https://security.apple.com/terms-and-conditions/) make an exception to that (and essentially anything in the macOS software license) under some specific circumstances. 10 | 11 | Therefore, yes, there is a legal use for Docker-OSX. If your use doesn't fall under the license or the security bounty terms, then you are/will be violating the macOS software license. **Note that this is not provided as legal advice, and you should consult with your own counsel for legal guidance.** 12 | 13 | You may also be interested in this [deeper dive into the subject](https://sick.codes/is-hackintosh-osx-kvm-or-docker-osx-legal/). 14 | 15 | ### What does Docker-OSX do? 16 | 17 | Docker-OSX is an approach to setting up and launching a macOS virtual machine (VM) under [docker](https://en.wikipedia.org/wiki/Docker_(software)). The [Dockerfile](Dockerfile) is essentially a docker image building script that: 18 | 1. validates a few things about the environment 19 | 2. installs VM software (qemu) and creates a virtual disk within the docker container 20 | 3. generates a serial number and firmware to make the VM look (enough) like Mac hardware 21 | 4. downloads a macOS installer disk image 22 | 5. generates a shell script to start the VM 23 | 24 | The default configuration is intended to create an ephemeral but repeatably bootable macOS that can be probed for security research. 25 | 26 | ### Why docker? 27 | 28 | Docker provides a straightforward way to package a flexible turnkey solution to setting up a macOS VM. It is not the only way to do so, nor is it necessarily the best approach to setting up a long-lived, persistent macOS VM. You may prefer to study the [Dockerfile](Dockerfile) and/or [OSX-KVM](https://github.com/kholia/OSX-KVM) to prepare a VM to run under [proxmox](https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment) or [libvirt](https://en.wikipedia.org/wiki/Libvirt). 29 | 30 | ## Can I... 31 | 32 | ### ...run BlueBubbles/AirMessage/Beeper on it? 33 | 34 | Yes. Make sure you [make serial numbers persist across reboots](README.md#making-serial-numbers-persist-across-reboots) after generating a unique serial number for yourself; don't use the default serial number. There is, of course, no guarantee that Apple won't block/disable your account, or inflict other consequences. See also the [legal considerations](#is-this-legal). 35 | 36 | ### ...develop iPhone apps on it? 37 | 38 | Yes. You will probably find Xcode's UI frustratingly slow, but yes. Compiling apps (e.g. React Native) from the command line is likely to be less frustrating. There is, of course, no guarantee that Apple won't block/disable your account, remove you from the Apple Developer program, or inflict other consequences. See also the [legal considerations](#is-this-legal). 39 | 40 | ### ...connect my iPhone or other USB device to it? 41 | 42 | Yes, at least if your host OS is Linux. See [instructions](README.md#vfio-iphone-usb-passthrough-vfio). It may or may not be possible if your host OS is Windows. 43 | 44 | ### ...run CI/CD processes with it? 45 | 46 | Maybe, but there are several reasons not to: 47 | 1. There are [legal considerations](#is-this-legal). 48 | 2. Nested virtualization is generally unavailable on cloud-hosted CI/CD and therefore Docker-OSX doesn't run. 49 | 3. You are almost always better off using your own macOS runners (on virtual or actual Mac hardware) rather than trying to make the square peg of Docker-OSX fit the round hole of macOS-specific CI/CD. 50 | 51 | You absolutely can install runners on the macOS VM itself (which does not get around the legal considerations mentioned above), but [Docker-OSX may not be the best approach](#why-docker). 52 | 53 | ### ...run on Linux but with Wayland? 54 | 55 | Yes, but your Wayland server must support X11 connections (or you can [use VNC instead](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only)). 56 | 57 | ### ...run on Windows? 58 | 59 | Yes, as long as you have a new enough version of Windows 11 and have WSL2 set up. See [this section of the README](README.md#id-like-to-run-docker-osx-on-windows) for details. No, it will not work under Windows 10. Not even if you have WSL2 set up. 60 | 61 | ### ...run on macOS? 62 | 63 | If you have a Mac with Apple Silicon you are better served by [UTM](https://apps.apple.com/us/app/utm-virtual-machines/id1538878817?mt=12). 64 | 65 | If you have an Intel Mac you can install and run docker (either [Docker Desktop](https://www.docker.com/products/docker-desktop/) or [colima](https://github.com/abiosoft/colima)). In either case, docker will be running under a Linux VM, which complicates things. You are likely to encounter one or more of the [common errors](#common-errors) below. Consider using qemu directly with HVF acceleration (e.g. with [libvirt](https://libvirt.org/macos.html)) instead. 66 | 67 | ### ...run on cloud services? 68 | 69 | Cloud providers typically run their various services within virtual machines running on top of their actual hardware. These VMs typically are not set up to provide nested virtualization, which means KVM is unavailable so Docker-OSX will not work. This is _especially and specifically_ the case on CI/CD runners such as GitHub Actions, Azure DevOps Pipelines, CircleCI, GitLab CI/CD, etc. (however, see [running CI/CD](#run-cicd-processes-with-it)). Some cloud providers offer services that do allow virtualization, such as [Amazon's EC2 Bare Metal Instances](https://aws.amazon.com/about-aws/whats-new/2018/05/announcing-general-availability-of-amazon-ec2-bare-metal-instances/), but often at a significant premium. 70 | 71 | In short, probably not. 72 | 73 | ## Common Errors 74 | 75 | ### Docker Errors 76 | 77 | If you get an error like `docker: command not found` then you don't have docker installed and none of this works. Try [Docker Desktop](https://www.docker.com/products/docker-desktop/) on Windows or your distribution's normal package manager on Linux. 78 | 79 | If you get an error like `docker: Got permission denied while trying to connect to the Docker daemon` or `docker: unknown server OS: .` the mostly likely explanation is that your user isn't in the `docker` Unix group. You'll need to add yourself to the `docker` group, log out, and log back in. 80 | 81 | If you get an error like `Cannot connect to the Docker daemon at unix://var/run/docker.sock. Is the docker daemon running?` then `dockerd` isn't running. On most Linux distributions you should be able to start it with `sudo systemctl enable docker --now`. 82 | 83 | ### GTK Initialization Failed 84 | 85 | This is an X11 error and means that the arguments to qemu are telling it to connect to an X11 display that it either can't connect to at all or doesn't have permission to connect to. In the latter case, this can usually be fixed by running `xhost +` on the host running the X11 server. 86 | 87 | In many cases, however, it is preferable to tell qemu to listen for a VNC connection instead of trying to connect to X11; see [this section of the README](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only) for instructions. 88 | 89 | ### KVM Error 90 | 91 | If you get an error like `error gathering device information while adding custom device "/dev/kvm": no such file or directory` that means KVM is not available/working on the Linux kernel on which you are running docker. This could be because you are attempting to run somewhere that doesn't support nested virtualization (see [above](#can-i-run-this-on)), or because your BIOS does not have virtualization extensions turned on, or because your CPU is too old to support virtualization extensions, or your Linux kernel does not have KVM support loaded/enabled. Fixing KVM issues is well beyond the scope of this document, but you can [start here](https://www.linux-kvm.org/page/FAQ). 92 | 93 | ### ALSA Error 94 | 95 | You might get an error like this: 96 | ``` 97 | (qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0' 98 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory 99 | ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings 100 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory 101 | ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name 102 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory 103 | ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory 104 | ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default 105 | alsa: Could not initialize DAC 106 | alsa: Failed to open `default': 107 | alsa: Reason: No such file or directory 108 | ALSA lib confmisc.c:767:(parse_card) cannot find card '0' 109 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory 110 | ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings 111 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory 112 | ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name 113 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory 114 | ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory 115 | ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default 116 | alsa: Could not initialize DAC 117 | alsa: Failed to open `default': 118 | alsa: Reason: No such file or directory 119 | audio: Failed to create voice `dac' 120 | ALSA lib confmisc.c:767:(parse_card) cannot find card '0' 121 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory 122 | ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings 123 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory 124 | ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name 125 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory 126 | ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory 127 | ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default 128 | alsa: Could not initialize ADC 129 | alsa: Failed to open `default': 130 | alsa: Reason: No such file or directory 131 | ALSA lib confmisc.c:767:(parse_card) cannot find card '0' 132 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory 133 | ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings 134 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory 135 | ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name 136 | ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory 137 | ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory 138 | ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default 139 | alsa: Could not initialize ADC 140 | alsa: Failed to open `default': 141 | alsa: Reason: No such file or directory 142 | audio: Failed to create voice `adc' 143 | ``` 144 | 145 | Docker-OSX defaults to telling qemu to use ALSA for audio output. Your host system may be using PulseAudio instead (see [PulseAudio](README.md#pulseaudio)), but you may not need audio output at all. You can pass `-e AUDIO_DRIVER="id=none,driver=none"` to disable audio output. 146 | 147 | ### No Disk to Install On 148 | 149 | If you have launched the installer but don't see a disk to install macOS on, it probably means you skipped the step where you run Disk Utility to format the virtual disk. See the [README](README.md#additional-boot-instructions-for-when-you-are-creating-your-container). 150 | 151 | ### Slow Installation 152 | 153 | This is not unique to virtual hardware. The macOS installation process gives apparently random and dependably incorrect time estimates, and can often appear to have completely frozen. Just be patient. It could take hours, maybe even more than a day. 154 | 155 | ### Installer After Completing Install 156 | 157 | If you wind up in the installer again after you've installed macOS it means you booted from the installer disk instead of the disk you installed macOS on. Reboot and make sure you choose the correct disk to boot. 158 | 159 | ## Next Steps 160 | 161 | Congratulations, you got a macOS VM up and running! Now what? 162 | 163 | ### Slow UI 164 | 165 | The macOS UI expects and relies on GPU acceleration, and there is (currently) no way to provide GPU acceleration in the virtual hardware. See [osx-optimizer](https://github.com/sickcodes/osx-optimizer) for macOS configuration to speed things up. 166 | 167 | ### Extract the Virtual Disk 168 | 169 | With the container stopped, `sudo find /var/lib/docker -size +10G -name mac_hdd_ng.img` to find the disk image then copy it where you want it. 170 | 171 | ### Disk Space 172 | 173 | Is your host machine's disk, specifically `/var` (because of `/var/lib/docker`), getting full? [Fix it](README.md#increase-disk-space-by-moving-varlibdocker-to-external-drive-block-storage-nfs-or-any-other-location-conceivable). 174 | 175 | ### Increase RAM or CPUs/cores 176 | 177 | The `RAM`, `SMP`, and `CORES` options are all docker environment variables, which means it uses whatever you provide any time you start a container. 178 | 179 | -------------------------------------------------------------------------------- /Youtube-Screenshot-Docker-OSX-Setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/Youtube-Screenshot-Docker-OSX-Setup.png -------------------------------------------------------------------------------- /Youtube-USBFLUXD-Screenshot-Docker-OSX.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/Youtube-USBFLUXD-Screenshot-Docker-OSX.png -------------------------------------------------------------------------------- /custom/README.md: -------------------------------------------------------------------------------- 1 | # OSX Serial Generator 2 | 3 | This folder has been moved to its own repository :) 4 | 5 | This is a temporary copy for hardlinks. 6 | 7 | See [https://github.com/sickcodes/osx-serial-generator](https://github.com/sickcodes/osx-serial-generator) -------------------------------------------------------------------------------- /custom/generate-specific-bootdisk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ___ _____ __ ___ _ _ ___ _ 3 | # / _ \/ __\ \/ / / __| ___ _ _(_)__ _| | / __|___ _ _ ___ _ _ __ _| |_ ___ _ _ 4 | # | (_) \__ \> < \__ \/ -_) '_| / _` | | | (_ / -_) ' \/ -_) '_/ _` | _/ _ \ '_| 5 | # \___/|___/_/\_\ |___/\___|_| |_\__,_|_| \___\___|_||_\___|_| \__,_|\__\___/_| 6 | # 7 | # Repo: https://github.com/sickcodes/osx-serial-generator/ 8 | # Title: OSX Serial Generator 9 | # Author: Sick.Codes https://sick.codes/ 10 | # Version: 3.1 11 | # License: GPLv3+ 12 | 13 | set -e 14 | 15 | help_text="Usage: ./generate-specific-bootdisk.sh 16 | 17 | Required options: 18 | --model Device model, e.g. 'iMacPro1,1' 19 | --serial Device Serial number 20 | --board-serial Main Logic Board Serial number (MLB) 21 | --uuid SMBIOS UUID (SmUUID) 22 | --mac-address Used for both the MAC address and to set ROM 23 | ROM is lowercased sans any colons 24 | Optional options: 25 | --width Resolution x axis length in px, default 1920 26 | --height Resolution y axis length in px, default 1080 27 | --kernel-args Additional boot-args 28 | --input-plist-url Specify an alternative master plist, via URL 29 | --master-plist-url Same as above. 30 | --custom-plist Optionally change the input plist. 31 | --master-plist Same as above. 32 | --output-bootdisk Optionally change the bootdisk filename 33 | --output-plist Optionally change the output plist filename 34 | --help, -h, help Display this help and exit 35 | 36 | Placeholders: {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, {{UUID}}, 37 | {{ROM}}, {{WIDTH}}, {{HEIGHT}} 38 | 39 | Example: 40 | ./generate-specific-bootdisk.sh \\ 41 | --model iMacPro1,1 \\ 42 | --serial C02TW0WAHX87 \\ 43 | --board-serial C027251024NJG36UE \\ 44 | --uuid 5CCB366D-9118-4C61-A00A-E5BAF3BED451 \\ 45 | --mac-address A8:5C:2C:9A:46:2F \\ 46 | --output-bootdisk ./OpenCore-nopicker.qcow2 \\ 47 | --width 1920 \\ 48 | --height 1080 49 | 50 | Author: Sick.Codes https://sick.codes/ 51 | Project: https://github.com/sickcodes/osx-serial-generator/ 52 | License: GPLv3+ 53 | " 54 | 55 | OPENCORE_IMAGE_MAKER_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/opencore-image-ng.sh' 56 | MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' 57 | 58 | # gather arguments 59 | while (( "$#" )); do 60 | case "${1}" in 61 | 62 | --help | -h | h | help ) 63 | echo "${help_text}" && exit 0 64 | ;; 65 | 66 | --model=* | -m=* ) 67 | export DEVICE_MODEL="${1#*=}" 68 | shift 69 | ;; 70 | 71 | --model* | -m* ) 72 | export DEVICE_MODEL="${2}" 73 | shift 74 | shift 75 | ;; 76 | 77 | --serial=* ) 78 | export SERIAL="${1#*=}" 79 | shift 80 | ;; 81 | 82 | --serial* ) 83 | export SERIAL="${2}" 84 | shift 85 | shift 86 | ;; 87 | 88 | --board-serial=* ) 89 | export BOARD_SERIAL="${1#*=}" 90 | shift 91 | ;; 92 | 93 | --board-serial* ) 94 | export BOARD_SERIAL="${2}" 95 | shift 96 | shift 97 | ;; 98 | 99 | --uuid=* ) 100 | export UUID="${1#*=}" 101 | shift 102 | ;; 103 | 104 | --uuid* ) 105 | export UUID="${2}" 106 | shift 107 | shift 108 | ;; 109 | 110 | --mac-address=* ) 111 | export MAC_ADDRESS="${1#*=}" 112 | shift 113 | ;; 114 | 115 | --mac-address* ) 116 | export MAC_ADDRESS="${2}" 117 | shift 118 | shift 119 | ;; 120 | 121 | --width=* ) 122 | export WIDTH="${1#*=}" 123 | shift 124 | ;; 125 | 126 | --width* ) 127 | export WIDTH="${2}" 128 | shift 129 | shift 130 | ;; 131 | 132 | --height=* ) 133 | export HEIGHT="${1#*=}" 134 | shift 135 | ;; 136 | 137 | --height* ) 138 | export HEIGHT="${2}" 139 | shift 140 | shift 141 | ;; 142 | 143 | --output-bootdisk=* ) 144 | export OUTPUT_QCOW="${1#*=}" 145 | shift 146 | ;; 147 | 148 | --output-bootdisk* ) 149 | export OUTPUT_QCOW="${2}" 150 | shift 151 | shift 152 | ;; 153 | 154 | --output-plist=* ) 155 | export OUTPUT_PLIST="${1#*=}" 156 | shift 157 | ;; 158 | 159 | --output-plist* ) 160 | export OUTPUT_PLIST="${2}" 161 | shift 162 | shift 163 | ;; 164 | 165 | --master-plist-url=* | --input-plist-url=* | --custom-plist-url=* ) 166 | export MASTER_PLIST_URL="${1#*=}" 167 | shift 168 | ;; 169 | 170 | --master-plist-url* | --input-plist-url* | --custom-plist-url* ) 171 | export MASTER_PLIST_URL="${2}" 172 | shift 173 | shift 174 | ;; 175 | 176 | --master-plist=* | --input-plist=* | --custom-plist=* ) 177 | export MASTER_PLIST="${1#*=}" 178 | shift 179 | ;; 180 | 181 | --master-plist* | --input-plist* | --custom-plist* ) 182 | export MASTER_PLIST="${2}" 183 | shift 184 | shift 185 | ;; 186 | 187 | *) 188 | echo "Invalid option ${1}. Running with default values..." 189 | shift 190 | ;; 191 | esac 192 | done 193 | 194 | 195 | download_qcow_efi_folder () { 196 | 197 | export EFI_FOLDER=./OpenCore/EFI 198 | export RESOURCES_FOLDER=./resources/OcBinaryData/Resources 199 | 200 | # check if we are inside OSX-KVM already 201 | # if not, download OSX-KVM locally 202 | [ -d ./OpenCore/EFI/ ] || { 203 | [ -d ./OSX-KVM/ ] || git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git 204 | export EFI_FOLDER="./OSX-KVM/${EFI_FOLDER}" 205 | } 206 | 207 | [ -d ./resources/OcBinaryData/Resources/ ] || { 208 | export RESOURCES_FOLDER="./OSX-KVM/${RESOURCES_FOLDER}" 209 | } 210 | 211 | # EFI Shell commands 212 | touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh 213 | 214 | cp -a "${EFI_FOLDER}" . 215 | 216 | mkdir -p ./EFI/OC/Resources 217 | 218 | # copy Apple drivers into EFI/OC/Resources 219 | cp -a "${RESOURCES_FOLDER}"/* ./EFI/OC/Resources 220 | } 221 | 222 | generate_bootdisk () { 223 | 224 | # need a config.plist 225 | if [ "${MASTER_PLIST}" ]; then 226 | [ -e "${MASTER_PLIST}" ] || echo "Could not find: ${MASTER_PLIST}" 227 | elif [ "${MASTER_PLIST}" ] && [ "${MASTER_PLIST_URL}" ]; then 228 | echo 'You specified both a custom plist FILE & custom plist URL.' 229 | echo 'Use only one of those options.' 230 | elif [ "${MASTER_PLIST_URL}" ]; then 231 | wget -O "${MASTER_PLIST:=./config-custom.plist}" "${MASTER_PLIST_URL}" 232 | else 233 | # default is config-nopicker-custom.plist from OSX-KVM with placeholders used in Docker-OSX 234 | wget -O "${MASTER_PLIST:=./config-nopicker-custom.plist}" "${MASTER_PLIST_URL}" 235 | fi 236 | 237 | [ -e ./opencore-image-ng.sh ] \ 238 | || { wget "${OPENCORE_IMAGE_MAKER_URL}" \ 239 | && chmod +x opencore-image-ng.sh ; } 240 | 241 | # plist required for bootdisks, so create anyway. 242 | if [ "${DEVICE_MODEL}" ] \ 243 | && [ "${SERIAL}" ] \ 244 | && [ "${BOARD_SERIAL}" ] \ 245 | && [ "${UUID}" ] \ 246 | && [ "${MAC_ADDRESS}" ]; then 247 | ROM="${MAC_ADDRESS//\:/}" 248 | ROM="${ROM,,}" 249 | sed -e s/\{\{DEVICE_MODEL\}\}/"${DEVICE_MODEL}"/g \ 250 | -e s/\{\{SERIAL\}\}/"${SERIAL}"/g \ 251 | -e s/\{\{BOARD_SERIAL\}\}/"${BOARD_SERIAL}"/g \ 252 | -e s/\{\{UUID\}\}/"${UUID}"/g \ 253 | -e s/\{\{ROM\}\}/"${ROM}"/g \ 254 | -e s/\{\{WIDTH\}\}/"${WIDTH:-1920}"/g \ 255 | -e s/\{\{HEIGHT\}\}/"${HEIGHT:-1080}"/g \ 256 | -e s/\{\{KERNEL_ARGS\}\}/"${KERNEL_ARGS:-}"/g \ 257 | "${MASTER_PLIST}" > ./tmp.config.plist || exit 1 258 | else 259 | cat < < \__ \/ -_) '_| / _` | | | (_ / -_) ' \/ -_) '_/ _` | _/ _ \ '_| 5 | # \___/|___/_/\_\ |___/\___|_| |_\__,_|_| \___\___|_||_\___|_| \__,_|\__\___/_| 6 | # 7 | # Repo: https://github.com/sickcodes/osx-serial-generator/ 8 | # Title: OSX Serial Generator 9 | # Author: Sick.Codes https://sick.codes/ 10 | # Version: 3.1 11 | # License: GPLv3+ 12 | 13 | set -e 14 | 15 | help_text="Usage: ./generate-unique-machine-values.sh 16 | 17 | General options: 18 | --count, -n, -c Number of serials to generate 19 | --model, -m Device model, e.g. 'iMacPro1,1' 20 | --csv Optionally change the CSV output filename 21 | --tsv Optionally change the TSV output filename 22 | --output-dir Optionally change the script output location 23 | --width Resolution x axis length in px, default 1920 24 | --height Resolution y axis length in px, default 1080 25 | --kernel-args Additional boot-args 26 | --input-plist-url Specify an alternative master plist, via URL 27 | --master-plist-url Same as above. 28 | --custom-plist Optionally change the input plist. 29 | --master-plist Same as above. 30 | --output-bootdisk Optionally change the bootdisk filename 31 | --create-envs, --envs Create all corresponding sourcable envs 32 | --create-plists, --plists Create all corresponding config.plists 33 | --create-bootdisks, --bootdisks Create all corresponding bootdisks [SLOW] 34 | --help, -h, help Display this help and exit 35 | 36 | Additional options only if you are creating ONE serial set: 37 | --output-bootdisk Optionally change the bootdisk filename 38 | --output-env Optionally change the serials env filename 39 | 40 | Custom plist placeholders: 41 | {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, 42 | {{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}}, {{KERNEL_ARGS}} 43 | 44 | Example: 45 | ./generate-unique-machine-values.sh --count 1 --plists --bootdisks --envs 46 | 47 | Defaults: 48 | - One serial, for 'iMacPro1,1', in the current working directory 49 | - CSV and TSV output 50 | - plists in ./plists/ & bootdisks in ./bootdisks/ & envs in ./envs 51 | - if you set --bootdisk name, --bootdisks is assumed 52 | - if you set --custom-plist, --plists is assumed 53 | - if you set --output-env, --envs is assumed 54 | 55 | Author: Sick.Codes https://sick.codes/ 56 | Project: https://github.com/sickcodes/osx-serial-generator/ 57 | License: GPLv3+ 58 | " 59 | 60 | OPENCORE_IMAGE_MAKER_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/opencore-image-ng.sh' 61 | MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' 62 | 63 | # gather arguments 64 | while (( "$#" )); do 65 | case "${1}" in 66 | 67 | --help | -h | h | help ) 68 | echo "${help_text}" && exit 0 69 | ;; 70 | 71 | --count=* | -c=* | -n=* ) 72 | export SERIAL_SET_COUNT="${1#*=}" 73 | shift 74 | ;; 75 | 76 | --count* | -c* | -n* ) 77 | export SERIAL_SET_COUNT="${2}" 78 | shift 79 | shift 80 | ;; 81 | 82 | --csv=* ) 83 | export CSV_OUTPUT_FILENAME="${1#*=}" 84 | shift 85 | ;; 86 | 87 | --csv* ) 88 | export CSV_OUTPUT_FILENAME="${2}" 89 | shift 90 | shift 91 | ;; 92 | 93 | --tsv=* ) 94 | export TSV_OUTPUT_FILENAME="${1#*=}" 95 | shift 96 | ;; 97 | 98 | --tsv* ) 99 | export TSV_OUTPUT_FILENAME="${2}" 100 | shift 101 | shift 102 | ;; 103 | 104 | --output-dir=* ) 105 | export OUTPUT_DIRECTORY="${1#*=}" 106 | shift 107 | ;; 108 | 109 | --output-dir* ) 110 | export OUTPUT_DIRECTORY="${2}" 111 | shift 112 | shift 113 | ;; 114 | 115 | --output-bootdisk=* ) 116 | export OUTPUT_BOOTDISK="${1#*=}" 117 | shift 118 | ;; 119 | 120 | --output-bootdisk* ) 121 | export OUTPUT_BOOTDISK="${2}" 122 | shift 123 | shift 124 | ;; 125 | 126 | --output-env=* ) 127 | export OUTPUT_ENV="${1#*=}" 128 | shift 129 | ;; 130 | 131 | --output-env* ) 132 | export OUTPUT_ENV="${2}" 133 | shift 134 | shift 135 | ;; 136 | 137 | --model=* | -m=* ) 138 | export DEVICE_MODEL="${1#*=}" 139 | shift 140 | ;; 141 | 142 | --model* | -m* ) 143 | export DEVICE_MODEL="${2}" 144 | shift 145 | shift 146 | ;; 147 | 148 | --width=* ) 149 | export WIDTH="${1#*=}" 150 | shift 151 | ;; 152 | 153 | --width* ) 154 | export WIDTH="${2}" 155 | shift 156 | shift 157 | ;; 158 | 159 | --height=* ) 160 | export HEIGHT="${1#*=}" 161 | shift 162 | ;; 163 | 164 | --height* ) 165 | export HEIGHT="${2}" 166 | shift 167 | shift 168 | ;; 169 | 170 | --master-plist-url=* | --input-plist-url=* | --custom-plist-url=* ) 171 | export MASTER_PLIST_URL="${1#*=}" 172 | shift 173 | ;; 174 | 175 | --master-plist-url* | --input-plist-url* | --custom-plist-url* ) 176 | export MASTER_PLIST_URL="${2}" 177 | shift 178 | shift 179 | ;; 180 | 181 | --master-plist=* | --input-plist=* | --custom-plist=* ) 182 | export MASTER_PLIST="${1#*=}" 183 | shift 184 | ;; 185 | 186 | --master-plist* | --input-plist* | --custom-plist* ) 187 | export MASTER_PLIST="${2}" 188 | shift 189 | shift 190 | ;; 191 | 192 | --create-plists | --plists ) 193 | export CREATE_PLISTS=1 194 | shift 195 | ;; 196 | 197 | --create-bootdisks | --bootdisks ) 198 | export CREATE_BOOTDISKS=1 199 | shift 200 | ;; 201 | 202 | --create-envs | --envs ) 203 | export CREATE_ENVS=1 204 | shift 205 | ;; 206 | 207 | *) 208 | echo "Invalid option. Running with default values..." 209 | shift 210 | ;; 211 | esac 212 | done 213 | 214 | 215 | build_mac_serial () { 216 | [ -d ./OpenCorePkg ] || git clone --depth 1 https://github.com/acidanthera/OpenCorePkg.git 217 | make -C ./OpenCorePkg/Utilities/macserial/ 218 | mv ./OpenCorePkg/Utilities/macserial/macserial . 219 | chmod +x ./macserial 220 | stat ./macserial 221 | } 222 | 223 | download_vendor_mac_addresses () { 224 | # download the MAC Address vendor list 225 | [ -e "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" ] || wget -O "${MAC_ADDRESSES_FILE}" https://gitlab.com/wireshark/wireshark/-/raw/master/manuf 226 | } 227 | 228 | download_qcow_efi_folder () { 229 | 230 | export EFI_FOLDER=./OpenCore/EFI 231 | export RESOURCES_FOLDER=./resources/OcBinaryData/Resources 232 | 233 | # check if we are inside OSX-KVM already 234 | # if not, download OSX-KVM locally 235 | [ -d ./OpenCore/EFI/ ] || { 236 | [ -d ./OSX-KVM/ ] || git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git 237 | export EFI_FOLDER="./OSX-KVM/${EFI_FOLDER}" 238 | } 239 | 240 | [ -d ./resources/OcBinaryData/Resources/ ] || { 241 | export RESOURCES_FOLDER="./OSX-KVM/${RESOURCES_FOLDER}" 242 | } 243 | 244 | # EFI Shell commands 245 | touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh 246 | 247 | cp -a "${EFI_FOLDER}" . 248 | 249 | mkdir -p ./EFI/OC/Resources 250 | 251 | # copy Apple drivers into EFI/OC/Resources 252 | cp -a "${RESOURCES_FOLDER}"/* ./EFI/OC/Resources 253 | } 254 | 255 | 256 | generate_serial_sets () { 257 | 258 | 259 | 260 | if [ "${CSV_OUTPUT_FILENAME}" ]; then 261 | [ "${CSV_OUTPUT_FILENAME}" ] && export CSV_SERIAL_SETS_FILE="${CSV_OUTPUT_FILENAME}" 262 | else 263 | export CSV_SERIAL_SETS_FILE="${OUTPUT_DIRECTORY}/serial_sets-${DATE_NOW}.csv" 264 | fi 265 | 266 | if [ "${TSV_OUTPUT_FILENAME}" ]; then 267 | [ "${TSV_OUTPUT_FILENAME}" ] && export TSV_SERIAL_SETS_FILE="${TSV_OUTPUT_FILENAME}" 268 | else 269 | export TSV_SERIAL_SETS_FILE="${OUTPUT_DIRECTORY}/serial_sets-${DATE_NOW}.tsv" 270 | fi 271 | 272 | 273 | ./macserial \ 274 | --num "${SERIAL_SET_COUNT}" \ 275 | --model "${DEVICE_MODEL}" \ 276 | | while IFS='\ \|\ ' read -r SERIAL BOARD_SERIAL; do 277 | # make a uuid... 278 | UUID="$(uuidgen)" 279 | # bash 3-5 compatible 280 | # UUID="${UUID^^}" 281 | UUID="$(tr '[:lower:]' '[:upper:]' <<< "${UUID}")" 282 | 283 | # get a random vendor specific MAC address. 284 | RANDOM_MAC_PREFIX="$(grep -e "${VENDOR_REGEX}" < "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" | sort --random-sort | head -n1)" 285 | RANDOM_MAC_PREFIX="$(cut -d$'\t' -f1 <<< "${RANDOM_MAC_PREFIX}")" 286 | MAC_ADDRESS="$(printf "${RANDOM_MAC_PREFIX}:%02X:%02X:%02X" "$((RANDOM%256))" "$((RANDOM%256))" "$((RANDOM%256))")" 287 | 288 | [ -z "${WIDTH}" ] && WIDTH=1920 289 | [ -z "${HEIGHT}" ] && HEIGHT=1080 290 | 291 | # append to csv file 292 | tee -a "${CSV_SERIAL_SETS_FILE}" < "${OUTPUT_ENV_FILE}" 310 | export DEVICE_MODEL="${DEVICE_MODEL}" 311 | export SERIAL="${SERIAL}" 312 | export BOARD_SERIAL="${BOARD_SERIAL}" 313 | export UUID="${UUID}" 314 | export MAC_ADDRESS="${MAC_ADDRESS}" 315 | export WIDTH="${WIDTH}" 316 | export HEIGHT="${HEIGHT}" 317 | EOF 318 | 319 | fi 320 | 321 | # plist required for bootdisks, so create anyway. 322 | if [ "${CREATE_PLISTS}" ] || [ "${CREATE_BOOTDISKS}" ]; then 323 | 324 | # need a config.plist 325 | if [ "${MASTER_PLIST}" ]; then 326 | [ -e "${MASTER_PLIST}" ] || echo "Could not find: ${MASTER_PLIST}" 327 | elif [ "${MASTER_PLIST}" ] && [ "${MASTER_PLIST_URL}" ]; then 328 | echo 'You specified both a custom plist FILE & custom plist URL.' 329 | echo 'Use only one of those options.' 330 | elif [ "${MASTER_PLIST_URL}" ]; then 331 | wget -O "${MASTER_PLIST:=./config-custom.plist}" "${MASTER_PLIST_URL}" 332 | else 333 | # default is config-nopicker-custom.plist from OSX-KVM with placeholders used in Docker-OSX 334 | wget -O "${MASTER_PLIST:=./config-nopicker-custom.plist}" "${MASTER_PLIST_URL}" 335 | fi 336 | 337 | mkdir -p "${OUTPUT_DIRECTORY}/plists" 338 | source "${OUTPUT_ENV_FILE}" 339 | ROM="${MAC_ADDRESS//\:/}" 340 | ROM="${ROM,,}" 341 | sed -e s/\{\{DEVICE_MODEL\}\}/"${DEVICE_MODEL}"/g \ 342 | -e s/\{\{SERIAL\}\}/"${SERIAL}"/g \ 343 | -e s/\{\{BOARD_SERIAL\}\}/"${BOARD_SERIAL}"/g \ 344 | -e s/\{\{UUID\}\}/"${UUID}"/g \ 345 | -e s/\{\{ROM\}\}/"${ROM}"/g \ 346 | -e s/\{\{WIDTH\}\}/"${WIDTH}"/g \ 347 | -e s/\{\{HEIGHT\}\}/"${HEIGHT}"/g \ 348 | -e s/\{\{KERNEL_ARGS\}\}/"${KERNEL_ARGS:-}"/g \ 349 | "${MASTER_PLIST}" > "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" || exit 1 350 | fi 351 | 352 | # make bootdisk qcow2 format if --bootdisks, but also if you set the bootdisk filename 353 | if [ "${CREATE_BOOTDISKS}" ] || [ "${OUTPUT_BOOTDISK}" ]; then 354 | [ -e ./opencore-image-ng.sh ] \ 355 | || { wget "${OPENCORE_IMAGE_MAKER_URL}" \ 356 | && chmod +x opencore-image-ng.sh ; } 357 | mkdir -p "${OUTPUT_DIRECTORY}/bootdisks" 358 | ./opencore-image-ng.sh \ 359 | --cfg "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" \ 360 | --img "${OUTPUT_BOOTDISK:-${OUTPUT_DIRECTORY}/bootdisks/${SERIAL}.OpenCore-nopicker.qcow2}" || exit 1 361 | fi 362 | 363 | done 364 | 365 | [ -e "${CSV_SERIAL_SETS_FILE}" ] && \ 366 | cat <(echo "DEVICE_MODEL,SERIAL,BOARD_SERIAL,UUID,MAC_ADDRESS,WIDTH,HEIGHT,KERNEL_ARGS") "${CSV_SERIAL_SETS_FILE}" 367 | 368 | 369 | [ -e "${TSV_SERIAL_SETS_FILE}" ] && \ 370 | cat <(printf "DEVICE_MODEL\tSERIAL\tBOARD_SERIAL\tUUID\tMAC_ADDRESS\tWIDTH\tHEIGHT\tKERNEL_ARGS\n") "${TSV_SERIAL_SETS_FILE}" 371 | 372 | } 373 | 374 | main () { 375 | # setting default variables if there are no options 376 | export DATE_NOW="$(date +%F-%T)" 377 | export DEVICE_MODEL="${DEVICE_MODEL:=iMacPro1,1}" 378 | export VENDOR_REGEX="${VENDOR_REGEX:=Apple, Inc.}" 379 | export SERIAL_SET_COUNT="${SERIAL_SET_COUNT:=1}" 380 | export OUTPUT_DIRECTORY="${OUTPUT_DIRECTORY:=.}" 381 | cat </dev/null 2>&1 || true 26 | fi 27 | sudo rm -rf "$WORK" 28 | } 29 | 30 | WORK="${TMPDIR-/var/tmp}/${0##*/}-$$" 31 | mkdir "$WORK" || exit 1 32 | trap 'do_cleanup' EXIT 33 | 34 | BASE="$(dirname $0)" 35 | 36 | ###################################################################### 37 | # parse args 38 | 39 | function print_help() { 40 | cat < 44 | --img 45 | --cfg 46 | EOF 47 | } 48 | 49 | while test "$1" != ""; do 50 | case "$1" in 51 | --iso) 52 | iso="$2" 53 | shift; shift 54 | ;; 55 | --img) 56 | img="$2" 57 | shift; shift 58 | ;; 59 | --cfg) 60 | cfg="$2" 61 | shift; shift 62 | ;; 63 | esac 64 | done 65 | 66 | ###################################################################### 67 | # guestfish script helpers 68 | 69 | function fish() { 70 | echo "#" "$@" 71 | guestfish --remote -- "$@" || exit 1 72 | } 73 | 74 | function fish_init() { 75 | local format 76 | 77 | case "$img" in 78 | *.raw) format="raw" ;; 79 | *) format="qcow2";; 80 | esac 81 | 82 | msg "creating and adding disk image" 83 | fish disk-create $img $format 384M 84 | fish add $img 85 | fish run 86 | } 87 | 88 | function fish_fini() { 89 | fish umount-all 90 | } 91 | 92 | # disabled by @sickcodes to allow unattended image overwrites 93 | ###################################################################### 94 | # sanity checks 95 | 96 | # if test ! -f "$cfg"; then 97 | # echo "ERROR: cfg not found: $cfg" 98 | # exit 1 99 | # fi 100 | # if test -f "$img"; then 101 | # if test "$allow_override" = "yes"; then 102 | # rm -f "$img" 103 | # else 104 | # echo "ERROR: image exists: $img" 105 | # exit 1 106 | # fi 107 | # fi 108 | 109 | ###################################################################### 110 | # go! 111 | 112 | msg "copy files from local folder" 113 | BASE="$(dirname $0)" 114 | cp -a $BASE/EFI $WORK 115 | find "$WORK" 116 | 117 | #msg "[debug] list drivers in EFI/OC" 118 | #(cd $WORK/EFI/OC; find driver* -print) 119 | 120 | export LIBGUESTFS_BACKEND=direct 121 | eval $(guestfish --listen) 122 | if test "$GUESTFISH_PID" = ""; then 123 | echo "ERROR: starting guestfish failed" 124 | exit 1 125 | fi 126 | 127 | fish_init 128 | 129 | msg "partition disk image" 130 | fish part-init /dev/sda gpt 131 | fish part-add /dev/sda p 2048 300000 132 | fish part-add /dev/sda p 302048 -2048 133 | fish part-set-gpt-type /dev/sda 1 C12A7328-F81F-11D2-BA4B-00A0C93EC93B 134 | fish part-set-bootable /dev/sda 1 true 135 | fish mkfs vfat /dev/sda1 label:EFI 136 | fish mkfs vfat /dev/sda2 label:OpenCore 137 | fish mount /dev/sda2 / 138 | fish mkdir /ESP 139 | fish mount /dev/sda1 /ESP 140 | 141 | msg "copy files to disk image" 142 | cp -v "$cfg" $WORK/config.plist 143 | fish mkdir /ESP/EFI 144 | fish mkdir /ESP/EFI/OC 145 | fish mkdir /ESP/EFI/OC/Kexts 146 | fish mkdir /ESP/EFI/OC/ACPI 147 | fish mkdir /ESP/EFI/OC/Resources 148 | fish mkdir /ESP/EFI/OC/Tools 149 | fish copy-in $WORK/EFI/BOOT /ESP/EFI 150 | fish copy-in $WORK/EFI/OC/OpenCore.efi /ESP/EFI/OC 151 | fish copy-in $WORK/EFI/OC/Drivers /ESP/EFI/OC/ 152 | fish copy-in $WORK/EFI/OC/Kexts /ESP/EFI/OC/ 153 | fish copy-in $WORK/EFI/OC/ACPI /ESP/EFI/OC/ 154 | fish copy-in $BASE/resources/OcBinaryData/Resources /ESP/EFI/OC/ 155 | fish copy-in $WORK/EFI/OC/Tools /ESP/EFI/OC/ 156 | 157 | # Note 158 | fish copy-in startup.nsh / 159 | 160 | BASE="$(dirname $0)" 161 | fish copy-in "$WORK/config.plist" /ESP/EFI/OC/ 162 | 163 | fish find /ESP/ 164 | fish_fini 165 | -------------------------------------------------------------------------------- /discord-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 13 | 14 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | 3 | services: 4 | osx: 5 | container_name: docker-osx 6 | build: 7 | context: . 8 | args: 9 | - SIZE=200G 10 | - VERSION=10.15.5 11 | image: sickcodes/docker-osx 12 | privileged: true 13 | environment: 14 | - DISPLAY=${DISPLAY:-:0.0} 15 | network_mode: "host" 16 | cap_add: 17 | - ALL 18 | volumes: 19 | - /tmp/.X11-unix:/tmp/.X11-unix 20 | - /dev:/dev 21 | - /lib/modules:/lib/modules 22 | - docker-osx_data:/home 23 | 24 | volumes: 25 | docker-osx_data: 26 | name: docker-osx_data 27 | -------------------------------------------------------------------------------- /fetch-macOS.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # encoding: utf-8 3 | # 4 | # https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py 5 | # 6 | # Copyright 2017 Greg Neagle. 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | # 20 | # Thanks to Tim Sutton for ideas, suggestions, and sample code. 21 | # 22 | # Updated in May of 2019 by Dhiru Kholia. 23 | 24 | '''installinstallmacos.py 25 | A tool to download the parts for an Install macOS app from Apple's 26 | softwareupdate servers and install a functioning Install macOS app onto an 27 | empty disk image''' 28 | 29 | # https://github.com/foxlet/macOS-Simple-KVM/blob/master/tools/FetchMacOS/fetch-macos.py 30 | # is pretty similar. 31 | 32 | 33 | # Bad hack 34 | import warnings 35 | 36 | warnings.filterwarnings("ignore", category=DeprecationWarning) 37 | 38 | import os 39 | import gzip 40 | import argparse 41 | import plistlib 42 | import subprocess 43 | 44 | from xml.dom import minidom 45 | from xml.parsers.expat import ExpatError 46 | 47 | 48 | import sys 49 | 50 | if sys.version_info[0] < 3: 51 | import urlparse as urlstuff 52 | else: 53 | import urllib.parse as urlstuff 54 | # Quick fix for python 3.9 and above 55 | if sys.version_info[0] == 3 and sys.version_info[1] >= 9: 56 | from types import MethodType 57 | 58 | def readPlist(self,filepath): 59 | with open(filepath, 'rb') as f: 60 | p = plistlib._PlistParser(dict) 61 | rootObject = p.parse(f) 62 | return rootObject 63 | # adding the method readPlist() to plistlib 64 | plistlib.readPlist = MethodType(readPlist, plistlib) 65 | 66 | # https://github.com/foxlet/macOS-Simple-KVM/blob/master/tools/FetchMacOS/fetch-macos.py (unused) 67 | # https://github.com/munki/macadmin-scripts 68 | catalogs = { 69 | "CustomerSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16customerseed-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", 70 | "DeveloperSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16seed-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", 71 | "PublicSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16beta-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", 72 | "PublicRelease": "https://swscan.apple.com/content/catalogs/others/index-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", 73 | "20": "https://swscan.apple.com/content/catalogs/others/index-11-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog" 74 | } 75 | 76 | 77 | def get_default_catalog(): 78 | '''Returns the default softwareupdate catalog for the current OS''' 79 | return catalogs["20"] 80 | # return catalogs["PublicRelease"] 81 | # return catalogs["DeveloperSeed"] 82 | 83 | 84 | class ReplicationError(Exception): 85 | '''A custom error when replication fails''' 86 | pass 87 | 88 | 89 | def cmd_exists(cmd): 90 | return subprocess.Popen("type " + cmd, shell=True, 91 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) 92 | 93 | 94 | def replicate_url(full_url, 95 | root_dir='/tmp', 96 | show_progress=False, 97 | ignore_cache=False, 98 | attempt_resume=False, installer=False, product_title=""): 99 | '''Downloads a URL and stores it in the same relative path on our 100 | filesystem. Returns a path to the replicated file.''' 101 | 102 | # hack 103 | print("[+] Fetching %s" % full_url) 104 | if installer and "BaseSystem.dmg" not in full_url and "Big Sur" not in product_title: 105 | return 106 | if "Big Sur" in product_title and "InstallAssistant.pkg" not in full_url: 107 | return 108 | attempt_resume = True 109 | # path = urllib.parse.urlsplit(full_url)[2] 110 | path = urlstuff.urlsplit(full_url)[2] 111 | relative_url = path.lstrip('/') 112 | relative_url = os.path.normpath(relative_url) 113 | # local_file_path = os.path.join(root_dir, relative_url) 114 | local_file_path = relative_url 115 | # print("Downloading %s..." % full_url) 116 | 117 | if cmd_exists('wget'): 118 | if not installer: 119 | download_cmd = ['wget', "-c", "--quiet", "-x", "-nH", full_url] 120 | # this doesn't work as there are multiple metadata files with the same name! 121 | # download_cmd = ['wget', "-c", "--quiet", full_url] 122 | else: 123 | download_cmd = ['wget', "-c", full_url] 124 | else: 125 | if not installer: 126 | download_cmd = ['curl', "--silent", "--show-error", "-o", local_file_path, "--create-dirs", full_url] 127 | else: 128 | local_file_path = os.path.basename(local_file_path) 129 | download_cmd = ['curl', "-o", local_file_path, full_url] 130 | 131 | try: 132 | subprocess.check_call(download_cmd) 133 | except subprocess.CalledProcessError as err: 134 | raise ReplicationError(err) 135 | return local_file_path 136 | 137 | 138 | def parse_server_metadata(filename): 139 | '''Parses a softwareupdate server metadata file, looking for information 140 | of interest. 141 | Returns a dictionary containing title, version, and description.''' 142 | title = '' 143 | vers = '' 144 | try: 145 | md_plist = plistlib.readPlist(filename) 146 | except (OSError, IOError, ExpatError) as err: 147 | print('Error reading %s: %s' % (filename, err), file=sys.stderr) 148 | return {} 149 | vers = md_plist.get('CFBundleShortVersionString', '') 150 | localization = md_plist.get('localization', {}) 151 | preferred_localization = (localization.get('English') or 152 | localization.get('en')) 153 | if preferred_localization: 154 | title = preferred_localization.get('title', '') 155 | 156 | metadata = {} 157 | metadata['title'] = title 158 | metadata['version'] = vers 159 | 160 | """ 161 | {'title': 'macOS Mojave', 'version': '10.14.5'} 162 | {'title': 'macOS Mojave', 'version': '10.14.6'} 163 | """ 164 | return metadata 165 | 166 | 167 | def get_server_metadata(catalog, product_key, workdir, ignore_cache=False): 168 | '''Replicate ServerMetaData''' 169 | try: 170 | url = catalog['Products'][product_key]['ServerMetadataURL'] 171 | try: 172 | smd_path = replicate_url( 173 | url, root_dir=workdir, ignore_cache=ignore_cache) 174 | return smd_path 175 | except ReplicationError as err: 176 | print('Could not replicate %s: %s' % (url, err), file=sys.stderr) 177 | return None 178 | except KeyError: 179 | # print('Malformed catalog.', file=sys.stderr) 180 | return None 181 | 182 | 183 | def parse_dist(filename): 184 | '''Parses a softwareupdate dist file, returning a dict of info of 185 | interest''' 186 | dist_info = {} 187 | try: 188 | dom = minidom.parse(filename) 189 | except ExpatError: 190 | print('Invalid XML in %s' % filename, file=sys.stderr) 191 | return dist_info 192 | except IOError as err: 193 | print('Error reading %s: %s' % (filename, err), file=sys.stderr) 194 | return dist_info 195 | 196 | titles = dom.getElementsByTagName('title') 197 | if titles: 198 | dist_info['title_from_dist'] = titles[0].firstChild.wholeText 199 | 200 | auxinfos = dom.getElementsByTagName('auxinfo') 201 | if not auxinfos: 202 | return dist_info 203 | auxinfo = auxinfos[0] 204 | key = None 205 | value = None 206 | children = auxinfo.childNodes 207 | # handle the possibility that keys from auxinfo may be nested 208 | # within a 'dict' element 209 | dict_nodes = [n for n in auxinfo.childNodes 210 | if n.nodeType == n.ELEMENT_NODE and 211 | n.tagName == 'dict'] 212 | if dict_nodes: 213 | children = dict_nodes[0].childNodes 214 | for node in children: 215 | if node.nodeType == node.ELEMENT_NODE and node.tagName == 'key': 216 | key = node.firstChild.wholeText 217 | if node.nodeType == node.ELEMENT_NODE and node.tagName == 'string': 218 | value = node.firstChild.wholeText 219 | if key and value: 220 | dist_info[key] = value 221 | key = None 222 | value = None 223 | return dist_info 224 | 225 | 226 | def download_and_parse_sucatalog(sucatalog, workdir, ignore_cache=False): 227 | '''Downloads and returns a parsed softwareupdate catalog''' 228 | try: 229 | localcatalogpath = replicate_url( 230 | sucatalog, root_dir=workdir, ignore_cache=ignore_cache) 231 | except ReplicationError as err: 232 | print('Could not replicate %s: %s' % (sucatalog, err), file=sys.stderr) 233 | exit(-1) 234 | if os.path.splitext(localcatalogpath)[1] == '.gz': 235 | with gzip.open(localcatalogpath) as the_file: 236 | content = the_file.read() 237 | try: 238 | catalog = plistlib.readPlistFromString(content) 239 | return catalog 240 | except ExpatError as err: 241 | print('Error reading %s: %s' % (localcatalogpath, err), file=sys.stderr) 242 | exit(-1) 243 | else: 244 | try: 245 | catalog = plistlib.readPlist(localcatalogpath) 246 | return catalog 247 | except (OSError, IOError, ExpatError) as err: 248 | print('Error reading %s: %s' % (localcatalogpath, err), file=sys.stderr) 249 | exit(-1) 250 | 251 | 252 | def find_mac_os_installers(catalog): 253 | '''Return a list of product identifiers for what appear to be macOS 254 | installers''' 255 | mac_os_installer_products = [] 256 | if 'Products' in catalog: 257 | for product_key in catalog['Products'].keys(): 258 | product = catalog['Products'][product_key] 259 | try: 260 | if product['ExtendedMetaInfo'][ 261 | 'InstallAssistantPackageIdentifiers']: 262 | mac_os_installer_products.append(product_key) 263 | except KeyError: 264 | continue 265 | 266 | return mac_os_installer_products 267 | 268 | 269 | def os_installer_product_info(catalog, workdir, ignore_cache=False): 270 | '''Returns a dict of info about products that look like macOS installers''' 271 | product_info = {} 272 | installer_products = find_mac_os_installers(catalog) 273 | for product_key in installer_products: 274 | product_info[product_key] = {} 275 | filename = get_server_metadata(catalog, product_key, workdir) 276 | if filename: 277 | product_info[product_key] = parse_server_metadata(filename) 278 | else: 279 | # print('No server metadata for %s' % product_key) 280 | product_info[product_key]['title'] = None 281 | product_info[product_key]['version'] = None 282 | 283 | product = catalog['Products'][product_key] 284 | product_info[product_key]['PostDate'] = product['PostDate'] 285 | distributions = product['Distributions'] 286 | dist_url = distributions.get('English') or distributions.get('en') 287 | try: 288 | dist_path = replicate_url( 289 | dist_url, root_dir=workdir, ignore_cache=ignore_cache) 290 | except ReplicationError as err: 291 | print('Could not replicate %s: %s' % (dist_url, err), 292 | file=sys.stderr) 293 | else: 294 | dist_info = parse_dist(dist_path) 295 | product_info[product_key]['DistributionPath'] = dist_path 296 | product_info[product_key].update(dist_info) 297 | if not product_info[product_key]['title']: 298 | product_info[product_key]['title'] = dist_info.get('title_from_dist') 299 | if not product_info[product_key]['version']: 300 | product_info[product_key]['version'] = dist_info.get('VERSION') 301 | 302 | return product_info 303 | 304 | 305 | def replicate_product(catalog, product_id, workdir, ignore_cache=False, product_title=""): 306 | '''Downloads all the packages for a product''' 307 | product = catalog['Products'][product_id] 308 | for package in product.get('Packages', []): 309 | # TO-DO: Check 'Size' attribute and make sure 310 | # we have enough space on the target 311 | # filesystem before attempting to download 312 | if 'URL' in package: 313 | try: 314 | replicate_url( 315 | package['URL'], root_dir=workdir, 316 | show_progress=True, ignore_cache=ignore_cache, 317 | attempt_resume=(not ignore_cache), installer=True, product_title=product_title) 318 | except ReplicationError as err: 319 | print('Could not replicate %s: %s' % (package['URL'], err), file=sys.stderr) 320 | exit(-1) 321 | if 'MetadataURL' in package: 322 | try: 323 | replicate_url(package['MetadataURL'], root_dir=workdir, 324 | ignore_cache=ignore_cache, installer=True) 325 | except ReplicationError as err: 326 | print('Could not replicate %s: %s' % (package['MetadataURL'], err), file=sys.stderr) 327 | exit(-1) 328 | 329 | 330 | def find_installer_app(mountpoint): 331 | '''Returns the path to the Install macOS app on the mountpoint''' 332 | applications_dir = os.path.join(mountpoint, 'Applications') 333 | for item in os.listdir(applications_dir): 334 | if item.endswith('.app'): 335 | return os.path.join(applications_dir, item) 336 | return None 337 | 338 | 339 | def determine_version(version, product_info): 340 | if version: 341 | if version == 'latest': 342 | from distutils.version import StrictVersion 343 | latest_version = StrictVersion('0.0.0') 344 | for index, product_id in enumerate(product_info): 345 | d = product_info[product_id]['version'] 346 | if d > latest_version: 347 | latest_version = d 348 | 349 | if latest_version == StrictVersion("0.0.0"): 350 | print("Could not find latest version {}") 351 | exit(1) 352 | 353 | version = str(latest_version) 354 | 355 | for index, product_id in enumerate(product_info): 356 | v = product_info[product_id]['version'] 357 | if v == version: 358 | return product_id, product_info[product_id]['title'] 359 | 360 | print("Could not find version {}. Versions available are:".format(version)) 361 | for _, pid in enumerate(product_info): 362 | print("- {}".format(product_info[pid]['version'])) 363 | 364 | exit(1) 365 | 366 | # display a menu of choices (some seed catalogs have multiple installers) 367 | print('%2s %12s %10s %11s %s' % ('#', 'ProductID', 'Version', 368 | 'Post Date', 'Title')) 369 | for index, product_id in enumerate(product_info): 370 | print('%2s %12s %10s %11s %s' % ( 371 | index + 1, 372 | product_id, 373 | product_info[product_id]['version'], 374 | product_info[product_id]['PostDate'].strftime('%Y-%m-%d'), 375 | product_info[product_id]['title'] 376 | )) 377 | 378 | answer = input( 379 | '\nChoose a product to download (1-%s): ' % len(product_info)) 380 | try: 381 | index = int(answer) - 1 382 | if index < 0: 383 | raise ValueError 384 | product_id = list(product_info.keys())[index] 385 | return product_id, product_info[product_id]['title'] 386 | except (ValueError, IndexError): 387 | pass 388 | 389 | print('Invalid input provided.') 390 | exit(0) 391 | 392 | 393 | def main(): 394 | '''Do the main thing here''' 395 | """ 396 | if os.getuid() != 0: 397 | sys.exit('This command requires root (to install packages), so please ' 398 | 'run again with sudo or as root.') 399 | """ 400 | parser = argparse.ArgumentParser() 401 | parser.add_argument('--workdir', metavar='path_to_working_dir', 402 | default='.', 403 | help='Path to working directory on a volume with over ' 404 | '10G of available space. Defaults to current working ' 405 | 'directory.') 406 | parser.add_argument('--version', metavar='version', 407 | default=None, 408 | help='The version to download in the format of ' 409 | '"$major.$minor.$patch", e.g. "10.15.4". Can ' 410 | 'be "latest" to download the latest version.') 411 | parser.add_argument('--compress', action='store_true', 412 | help='Output a read-only compressed disk image with ' 413 | 'the Install macOS app at the root. This is now the ' 414 | 'default. Use --raw to get a read-write sparse image ' 415 | 'with the app in the Applications directory.') 416 | parser.add_argument('--raw', action='store_true', 417 | help='Output a read-write sparse image ' 418 | 'with the app in the Applications directory. Requires ' 419 | 'less available disk space and is faster.') 420 | parser.add_argument('--ignore-cache', action='store_true', 421 | help='Ignore any previously cached files.') 422 | args = parser.parse_args() 423 | 424 | su_catalog_url = get_default_catalog() 425 | if not su_catalog_url: 426 | print('Could not find a default catalog url for this OS version.', file=sys.stderr) 427 | exit(-1) 428 | 429 | # download sucatalog and look for products that are for macOS installers 430 | catalog = download_and_parse_sucatalog( 431 | su_catalog_url, args.workdir, ignore_cache=args.ignore_cache) 432 | product_info = os_installer_product_info( 433 | catalog, args.workdir, ignore_cache=args.ignore_cache) 434 | 435 | if not product_info: 436 | print('No macOS installer products found in the sucatalog.', file=sys.stderr) 437 | exit(-1) 438 | 439 | product_id, product_title = determine_version(args.version, product_info) 440 | print(product_id, product_title) 441 | 442 | # download all the packages for the selected product 443 | replicate_product(catalog, product_id, args.workdir, ignore_cache=args.ignore_cache, product_title=product_title) 444 | 445 | 446 | if __name__ == '__main__': 447 | main() 448 | -------------------------------------------------------------------------------- /glibc-linux4-2.33-4-x86_64.pkg.tar.zst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/glibc-linux4-2.33-4-x86_64.pkg.tar.zst -------------------------------------------------------------------------------- /helm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "0.0.1.0" 3 | description: "Containerized OSX! Run OSX in a pod, headlessly, or with Xvfb. Test your Apps and master CI/CD processes." 4 | name: docker-osx 5 | version: 0.2.0 6 | keywords: 7 | - docker-osx 8 | - mac 9 | - macos 10 | - qemu 11 | - cicd 12 | - ios 13 | - xnu 14 | - darwin 15 | - apple 16 | - osx -------------------------------------------------------------------------------- /helm/Dockerfile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/docker 2 | # 3 | # This Dockerfile is to be consumed with the docker_osx helm templates. It consumes the 4 | # Ubuntu image so that OpenCore.qcow2 can be re-generated (which happens in Kube itself), 5 | # not to mention that OSX-KVM was written for Ubuntu. This was not designed to be run in Docker 6 | # by itself.. very well anyway. 7 | # 8 | 9 | FROM ubuntu:21.04 10 | 11 | SHELL ["/bin/bash", "-c"] 12 | 13 | # this has to match .Values.image.userName in helm template 14 | ARG USER=ubuntu 15 | # this installs the kvm linux kernel in the docker container so that OpenCore.qcow2 boot images 16 | # can be built. 17 | ARG DOCKER_KERNEL_VERSION=linux-image-kvm 18 | 19 | ENV TZ=America/Los_Angeles 20 | ARG DEBIAN_FRONTEND=noninteractive 21 | 22 | RUN DEBCONF_FRONTEND=noninteractive apt update \ 23 | && apt install \ 24 | bridge-utils \ 25 | fish \ 26 | git wget \ 27 | libguestfs-tools \ 28 | libvirt-daemon-system \ 29 | $DOCKER_KERNEL_VERSION \ 30 | p7zip-full \ 31 | qemu \ 32 | sudo \ 33 | uml-utilities \ 34 | virt-manager \ 35 | -y 36 | 37 | # Configure SSH 38 | RUN apt install git vim nano alsa-utils openssh-server -y 39 | 40 | # Create user and grant sudo privledges 41 | RUN adduser --disabled-password \ 42 | --gecos '' $USER \ 43 | && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \ 44 | && chmod 0440 /etc/sudoers.d/$USER 45 | 46 | # Configure VNC for user 47 | RUN apt install \ 48 | dbus-x11 \ 49 | openbox \ 50 | tigervnc-common \ 51 | tigervnc-standalone-server \ 52 | xfce4 \ 53 | xfce4-goodies \ 54 | x11-xserver-utils \ 55 | xdotool \ 56 | xorg \ 57 | xterm \ 58 | ufw \ 59 | -y 60 | 61 | USER $USER 62 | 63 | # only create ~/.vnc as helm will build out ~/.vnc/config 64 | RUN mkdir -p ${HOME}/.vnc 65 | 66 | RUN git clone --depth 1 https://github.com/kholia/OSX-KVM.git /home/$USER/OSX-KVM 67 | 68 | VOLUME ["/tmp/.X11-unix"] 69 | 70 | WORKDIR /home/$USER/OSX-KVM 71 | # helm will build out ./Launch_custom.sh 72 | CMD envsubst < ./Launch_custom.sh | bash 73 | -------------------------------------------------------------------------------- /helm/INSTALL-QEMU-AND-GPU-IOMMU.md: -------------------------------------------------------------------------------- 1 | # Install macOS Docker Virtualization 2 | ## Setup 3 | This walks through setting up QEMU virtualization for running macOS in Docker & Kubernetes 4 | 5 | Please note, this guide assumes the host operation system is running Centos 7 (or ClearOS 7 more specifically). These commands can mostly be transferred to other distros, but there are a few areas that need commands (i.e. updating ) 6 | 7 | ### Host configuration 8 | 9 | ## Build QEMU and libvirt from source 10 | 11 | Since there is no official QEMU 5.X repo it appears, build from source. 12 | 13 | ### QEMU Requirements 14 | 15 | Python, glib2-devel, and pixman 16 | 17 | ``` 18 | sudo yum install python glib2-devel cairo-devel -y 19 | ``` 20 | 21 | Ninja 22 | 23 | ``` 24 | pip3 install ninja 25 | ``` 26 | 27 | ### Build QEMU from source steps 28 | 29 | Clone the offical QEMU repo and build from source: 30 | 31 | ``` 32 | git clone git://git.qemu-project.org/qemu.git 33 | cd qemu 34 | mkdir -p bin/debug/native 35 | cd bin/debug/native 36 | ../../../configure --enable-debug 37 | make -j24 38 | make install 39 | ``` 40 | 41 | _Note: adjust make to use the desired number of threads avaliable on your system_ 42 | 43 | ### libvirt Requirements 44 | 45 | Configure repo: 46 | 47 | ``` 48 | yum-config-manager --nogpgcheck --add-repo http://mirror.centos.org/centos/7/virt/x86_64/libvirt-latest/ 49 | ``` 50 | 51 | ### Install libvirt 52 | 53 | ``` 54 | yum install libvirt -y 55 | ``` 56 | 57 | ### Update permissions 58 | 59 | ``` 60 | chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm 61 | usermod -a -G kvm root 62 | ``` 63 | 64 | _Note: these may not be required_ 65 | 66 | ### Verification 67 | 68 | Ensure latest version installed 69 | 70 | ``` 71 | virsh -c qemu:///system version --daemon 72 | ``` 73 | 74 | * For example, should output something like: 75 | 76 | ``` 77 | [root@server repos]# virsh -c qemu:///system version --daemon 78 | Compiled against library: libvirt 5.0.0 79 | Using library: libvirt 5.0.0 80 | Using API: QEMU 5.0.0 81 | Running hypervisor: QEMU 5.2.50 82 | Running against daemon: 5.0.0 83 | ``` 84 | 85 | ## Install IMMO for GPU passthrough 86 | 87 | 1. Modify GRUB boot args: 88 | 89 | Add the following to `/etc/default/grub` to the end of the `GRUB_CMDLINE_LINUX` parameter: 90 | 91 | ``` 92 | GRUB_CMDLINE_LINUX="... iommu=pt intel_iommu=on" 93 | ``` 94 | 95 | 1. Update GRUB2: 96 | 97 | ``` 98 | grub2-mkconfig -o /boot/efi/EFI/clearos/grub.cfg 99 | ``` 100 | 101 | _Note: this command may vary based on location of the grub.cfg for the boot entry_ 102 | 103 | 1. Reboot system 104 | 105 | 1. Ensure that the kernel parameter changes worked: 106 | 107 | ``` 108 | cat /proc/cmdline 109 | ``` 110 | 111 | 1. Find GPU hardware ids with `lspci` 112 | 113 | Example: 114 | ``` 115 | lspci -nn | grep -i nvidia 116 | ``` 117 | 118 | 1. Add the hardware ids to `/etc/modprobe.d/vfio.conf` 119 | 120 | Example: 121 | ``` 122 | options vfio-pci ids=10de:1b81,10de:10f0 123 | ``` 124 | 125 | _Note: this is for the NVIDIA GTX 1070_ 126 | 127 | 1. Enable `vfio-pci` 128 | 129 | ``` 130 | echo 'vfio-pci' > /etc/modules-load.d/vfio-pci.conf 131 | ``` 132 | 133 | Make backup and rebuild `initramfs`: 134 | 135 | ``` 136 | cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak 137 | dracut -f 138 | ``` 139 | 140 | _Note: `dracut -f` may take awhile.._ 141 | 142 | 1. Increase ulimits 143 | 144 | _This is done to avoid memory issues like `VFIO_MAP_DMA: -12` and etc_ 145 | 146 | Append the following to `/etc/security/limits.conf`: 147 | 148 | ``` 149 | @kvm soft memlock unlimited 150 | @kvm hard memlock unlimited 151 | ``` 152 | 153 | Append the following to `/etc/docker/daemon.json`: 154 | 155 | ``` 156 | { 157 | "default-ulimits": { 158 | "nofile": { 159 | "name": "nofile", 160 | "hard": 65536, 161 | "soft": 1024 162 | }, 163 | "memlock": 164 | { 165 | "name": "memlock", 166 | "soft": -1, 167 | "hard": -1 168 | } 169 | } 170 | } 171 | ``` 172 | 173 | Add `LimitMEMLOCK` to `/etc/systemd/system/multi-user.target.wants/libvirtd.service` like: 174 | 175 | ``` 176 | [Unit] 177 | Description=Virtualization daemon 178 | ... 179 | 180 | [Service] 181 | ... 182 | LimitMEMLOCK=infinity 183 | ``` 184 | 185 | 1. Reload systemd after changing config 186 | 187 | ``` 188 | systemctl daemon-reload 189 | ``` 190 | 191 | 1. Reboot system 192 | 193 | 1. Ensure that `vfio` worked 194 | 195 | ``` 196 | dmesg | grep -i vfio 197 | ``` 198 | 199 | # Issues 200 | 201 | Many issues can rise up as a result of adding the complexity layers involved here. Some of the main areas are improperly loading the `vfio-pci` driver for the GPU and permission issues. 202 | 203 | ## Modules for vfio not loading 204 | 205 | When `vfio` does not load, errors such as the following can be seen: 206 | 207 | ``` 208 | error getting device from group *: No such device 209 | Verify all devices in group * are bound to vfio- or pci-stub and not already in use 210 | ``` 211 | 212 | This can show up when `vfio-pci` driver is not loaded for the peripheral. Ensure that `vfio-pci` is loaded. 213 | 214 | ``` 215 | dmesg | grep -i vfio 216 | ``` 217 | 218 | If so, explicitly tell `vfio` modules to start 219 | 220 | ``` 221 | echo 'vfio 222 | vfio_iommu_type1 223 | vfio_pci 224 | vfio_virqfd' > /etc/modules 225 | ``` 226 | 227 | Make backup and rebuild `initramfs`: 228 | 229 | ``` 230 | cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak 231 | dracut -f 232 | ``` 233 | 234 | _Note: `dracut -f` may take awhile.._ 235 | 236 | Do a system reboot 237 | 238 | After rebooting, check on the gpu with `lspci` utilizing your gpu hardware id: 239 | 240 | I.E. 241 | 242 | ``` 243 | [root@server docker-docker-osx]# lspci -vvv -s 09:00.0 244 | 09:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] (rev c7) (prog-if 00 [VGA controller]) 245 | Subsystem: Advanced Micro Devices, Inc. [AMD/ATI] Radeon RX 480 246 | Physical Slot: 5 247 | Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx- 248 | Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- `. If permission errors are seen, try the following commands: 260 | 261 | ``` 262 | chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm 263 | chmod 777 -R /dev/vfio && chown 1000:1000 -R /dev/vfio 264 | ``` 265 | 266 | # References 267 | 268 | https://gist.github.com/dghubble/c2dc319249b156db06aff1d49c15272e 269 | 270 | `Configure IOMMU and vfio` 271 | https://www.server-world.info/en/note?os=CentOS_7&p=kvm&f=10 272 | 273 | `Configuring GPU driver with vfio-pci binding` 274 | https://github.com/intel/nemu/wiki/Testing-VFIO-with-GPU 275 | 276 | `IOMMU Interrupt Mapping` 277 | https://pve.proxmox.com/wiki/Pci_passthrough#IOMMU_Interrupt_Remapping 278 | 279 | `Manual Graphics Driver Binding` 280 | https://lwn.net/Articles/143397/ 281 | 282 | `QEMU Stdio Example` 283 | https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04521.html -------------------------------------------------------------------------------- /helm/README.md: -------------------------------------------------------------------------------- 1 | # docker-osx 2 | 3 | Docker-OSX Helm Chart for Kubernetes. 4 | 5 | Project page: https://github.com/sickcodes/docker-osx 6 | 7 | Available now on Artifact HUB 8 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx) 9 | 10 | ## Information 11 | 12 | This installs `docker-osx` in Kubernetes. 13 | 14 | ## Features 15 | 16 | ### What works 17 | 1) Setting cpu/memory options 18 | 1) Setting VNC password 19 | 1) Persistance 20 | 1) Setting SMBIOS 21 | 1) QEMU/virtio cpu/software gpu changes 22 | 1) Toggling Audio 23 | 1) Additional port forwarding 24 | 1) Kubernetes resource requests/limits 25 | 1) Defining version of macOS to install 26 | 1) Defining install partition size 27 | 1) Defining a different version of macOS 28 | 1) Additional QEMU parameters 29 | 1) GPU support 30 | 31 | ### What doesn't 32 | 1) Simultaneous VNC + GPU IOMMU (this is a limitation of QEMU :( unfortunately) 33 | 34 | ## Requirements 35 | 36 | * Install [host machine requirements](#INSTALL-QEMU-AND-GPU-IOMMU.md) 37 | * Ensure you are running QEMU 5.X 38 | * Kubernetes 39 | * Helm v2 40 | * `sickcodes/docker-osx-vnc` Docker image 41 | 42 | ### Build `sickcodes/docker-osx-vnc` 43 | 44 | 1) Go back to the root directory 45 | 1) Build docker image 46 | 47 | ``` 48 | docker build \ 49 | -t sickcodes/docker-osx-vnc:latest \ 50 | -f helm/Dockerfile . 51 | ``` 52 | 53 | _Please ensure you are using the Dockerfile in the `helm` folder_ 54 | 55 | _Do not worry about passing `CPU`, `RAM`, etc as they are handled in `values.yaml` now._ 56 | 57 | ### Installation 58 | 59 | If planning on using a GPU with IOMMU passthrough it is recommended to configure it first and install macOS--otherwise installing may take a very long time depending on your hardware. Please see `qemu.systemInstaller.downloadDelay`, `qemu.systemInstaller.cache`, `qemu.systemDisk.downloadDelay`, and `qemu.systemDisk.cache` for possibly reducing installation time. It has taken me over three hours to install on some occasions with a NVMe secondary disk without GPU passthrough configured.. 60 | 61 | In `values.yaml`.. 62 | 63 | 1) Set a unique password for `vnc.password`. 64 | 1) Re-generate SMBIOS `configPlist.MLB`, `configPlist.SystemSerialNumber`, and `configPlist.SystemUUID` for iServices to work. 65 | 1) Update `serverName` to reflect the unique name (in the case more than one deployment is required). 66 | 1) Configure `qemu.systemInstaller.downloadDelay` (in a period of seconds) that reflects how long your internet connection will download 67 | around 500MB (BaseSystem.dmg) + uncompress the file (which took about the same time for me to download on a 1gig internet connection). 68 | 1) Set `service.ip` to reflect an IP address of your choice, or use ingress. 69 | 1) Update `extraVolumes.hostPath.path` to something useful for you. 70 | 71 | Optionally.. 72 | 1) Install kexts to `kexts.path` and enable. 73 | 1) Adjust `openCore.boot.timeout` if desire for macOS to load automatically. 74 | 1) Add usb devices with `qemu.usb` or `qemu.extraArgs` if desired. 75 | 1) Add more ports for portforwarding services if needed. 76 | 77 | Afterwards.. 78 | 79 | 1) Launch your VNC viewer of choice and connect to the IP/hostname you defined + the port `8888` with the password specified 80 | for `vnc.password`. 81 | 1) Install macOS like usual. 82 | 83 | _Please note, after you have installed macOS feel free to set `qemu.systemInstaller.downloadDelay` to nothing, as BaseSystem.dmg will be stored in the path defined for `extraVolumes.hostPath.path`_ 84 | 85 | #### Resources 86 | 87 | Please note, resource limits may vary based on hardware. The ones currently defined are ones that worked for me personally. 88 | -------------------------------------------------------------------------------- /helm/artifacthub-repo.yml: -------------------------------------------------------------------------------- 1 | # Artifact Hub repository metadata file 2 | repositoryID: 7b2e9eeb-620a-43e8-b2cc-24ca33125bfc 3 | owners: # (optional, used to claim repository ownership) 4 | - name: sickcodes 5 | email: info@sick.codes 6 | -------------------------------------------------------------------------------- /helm/docker-osx-0.2.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/helm/docker-osx-0.2.0.tgz -------------------------------------------------------------------------------- /helm/helm-chart-generate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Author: sick.codes 3 | # License: GPLv3+ 4 | # Repo: https://github.com/sickcodes/Docker-OSX/ 5 | # cd ../helm 6 | 7 | rm -f docker-osx-*.tgz 8 | helm package . 9 | helm repo index . --url https://sickcodes.github.io/Docker-OSX/helm/ 10 | -------------------------------------------------------------------------------- /helm/index.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | entries: 3 | docker-osx: 4 | - apiVersion: v1 5 | appVersion: 0.0.1.0 6 | created: "2021-02-27T04:15:48.784861502Z" 7 | description: Containerized OSX! Run OSX in a pod, headlessly, or with Xvfb. Test your Apps and master CI/CD processes. 8 | digest: 5a62a9291b1494b9cfaa0708ab7bab9d13cca30adbeaced3d29a5bb6935caac9 9 | keywords: 10 | - docker-osx 11 | - mac 12 | - macos 13 | - qemu 14 | - cicd 15 | - ios 16 | - xnu 17 | - darwin 18 | - apple 19 | - osx 20 | name: docker-osx 21 | urls: 22 | - https://sickcodes.github.io/Docker-OSX/helm/docker-osx-0.2.0.tgz 23 | version: 0.2.0 24 | generated: "2021-02-27T04:15:48.782073839Z" 25 | -------------------------------------------------------------------------------- /helm/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "docker-osx.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "docker-osx.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "docker-osx.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /helm/templates/data-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.data.enabled (not .Values.persistence.data.existingClaim) }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ template "docker-osx.fullname" . }}-config 6 | labels: 7 | app: {{ template "docker-osx.name" . }} 8 | chart: {{ template "docker-osx.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | {{- with .Values.persistence.annotations }} 12 | annotations: 13 | {{ toYaml . | indent 4 }} 14 | {{- end }} 15 | spec: 16 | accessModes: 17 | - {{ .Values.persistence.config.accessMode | quote }} 18 | resources: 19 | requests: 20 | storage: {{ .Values.persistence.config.size | quote }} 21 | {{- if .Values.persistence.config.storageClass }} 22 | {{- if (eq "-" .Values.persistence.config.storageClass) }} 23 | storageClassName: "" 24 | {{- else }} 25 | storageClassName: "{{ .Values.persistence.config.storageClass }}" 26 | {{- end }} 27 | {{- end }} 28 | {{- end -}} 29 | -------------------------------------------------------------------------------- /helm/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "docker-osx.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "docker-osx.name" . }} 7 | helm.sh/chart: {{ include "docker-osx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | replicas: {{ .Values.replicaCount }} 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: {{ include "docker-osx.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | template: 17 | metadata: 18 | labels: 19 | app.kubernetes.io/name: {{ include "docker-osx.name" . }} 20 | app.kubernetes.io/instance: {{ .Release.Name }} 21 | spec: 22 | containers: 23 | - name: {{ .Chart.Name }} 24 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 25 | imagePullPolicy: {{ .Values.image.pullPolicy }} 26 | securityContext: 27 | allowPrivilegeEscalation: true 28 | readOnlyRootFilesystem: false 29 | privileged: true 30 | capabilities: 31 | add: 32 | - net_raw 33 | - NET_ADMIN 34 | ports: 35 | - name: http 36 | containerPort: {{ .Values.service.port }} 37 | protocol: TCP 38 | livenessProbe: 39 | tcpSocket: 40 | port: http 41 | {{- if .Values.qemu.systemInstaller.downloadDelay }} 42 | initialDelaySeconds: {{ .Values.qemu.systemInstaller.downloadDelay }} 43 | {{- end }} 44 | readinessProbe: 45 | tcpSocket: 46 | port: http 47 | {{- if .Values.qemu.systemInstaller.downloadDelay }} 48 | initialDelaySeconds: {{ .Values.qemu.systemInstaller.downloadDelay }} 49 | {{- end }} 50 | env: 51 | - name: CORES 52 | value: "{{ .Values.resources.requests.cpu }}" 53 | - name: SMP 54 | value: "{{ .Values.resources.requests.cpu }}" 55 | - name: RAM 56 | value: "{{ .Values.resources.requests.memory | trimSuffix "Mi" }}" 57 | - name: TZ 58 | value: "{{ .Values.tz }}" 59 | - name: DISPLAY 60 | value: ':0.0' 61 | resources: 62 | {{ toYaml .Values.resources | indent 10 }} 63 | volumeMounts: 64 | - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/config.plist 65 | subPath: config.plist 66 | name: boot-components 67 | - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/Launch_custom.sh 68 | subPath: Launch_custom.sh 69 | name: boot-components 70 | - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/vncpasswd_file 71 | subPath: vncpasswd_file 72 | name: boot-components 73 | - mountPath: /dev/kvm 74 | name: kvm 75 | - mountPath: /dev/net/tun 76 | name: tun 77 | {{- if .Values.qemu.hardwareGpu.enabled }} 78 | - mountPath: /etc/security/limits.conf 79 | subPath: limits.conf 80 | name: boot-components 81 | - mountPath: /dev/vfio/vfio 82 | name: vfio 83 | - mountPath: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }} 84 | name: vfio-group 85 | - mountPath: /lib/modules 86 | name: lib-modules 87 | {{- end }} 88 | - mountPath: /dev/snd 89 | name: snd 90 | - mountPath: /tmp/.X11-unix 91 | name: x11 92 | {{- if .Values.persistence.data.enabled }} 93 | - name: data 94 | mountPath: /mnt/data 95 | {{- end }} 96 | {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }}{{ end }} 97 | # args: 98 | # - 99 | volumes: 100 | - name: boot-components 101 | configMap: 102 | name: {{ template "docker-osx.fullname" . }}-boot-components 103 | items: 104 | - key: config.plist 105 | path: config.plist 106 | - key: Launch_custom.sh 107 | path: Launch_custom.sh 108 | - key: vncpasswd_file 109 | path: vncpasswd_file 110 | {{- if .Values.qemu.hardwareGpu.enabled }} 111 | - key: limits.conf 112 | path: limits.conf 113 | {{- end }} 114 | - name: tun 115 | hostPath: 116 | path: /dev/net/tun 117 | - name: kvm 118 | hostPath: 119 | path: /dev/kvm 120 | {{- if .Values.qemu.hardwareGpu.enabled }} 121 | - name: vfio 122 | hostPath: 123 | path: /dev/vfio/vfio 124 | - name: vfio-group 125 | hostPath: 126 | path: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }} 127 | - name: lib-modules 128 | hostPath: 129 | path: /lib/modules 130 | {{- end }} 131 | - name: snd 132 | hostPath: 133 | path: /dev/snd 134 | - name: x11 135 | hostPath: 136 | path: /dev/ssd_data/default/{{ .Release.Name }}/.X11-unix 137 | {{- if .Values.persistence.data.enabled }} 138 | - name: data 139 | persistentVolumeClaim: 140 | claimName: {{ if .Values.persistence.data.existingClaim }}{{ .Values.persistence.data.existingClaim }}{{- else }}{{ template "docker-osx.fullname" . }}-data{{- end }} 141 | {{- else }} 142 | emptyDir: {} 143 | {{- end }} 144 | {{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 6 }}{{ end }} 145 | {{- if .Values.nodeSelector }} 146 | nodeSelector: 147 | {{ toYaml .Values.nodeSelector | indent 8 }} 148 | {{- end }} 149 | -------------------------------------------------------------------------------- /helm/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "docker-osx.fullname" . -}} 3 | {{- $ingressPath := .Values.ingress.path -}} 4 | apiVersion: extensions/v1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | app.kubernetes.io/name: {{ include "docker-osx.name" . }} 10 | helm.sh/chart: {{ include "docker-osx.chart" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- with .Values.ingress.annotations }} 14 | annotations: 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ . | quote }} 32 | http: 33 | paths: 34 | - path: {{ $ingressPath }} 35 | backend: 36 | serviceName: {{ $fullName }} 37 | servicePort: http 38 | {{- end }} 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /helm/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "docker-osx.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "docker-osx.name" . }} 7 | helm.sh/chart: {{ include "docker-osx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: {{ .Values.service.targetPort }} 15 | protocol: TCP 16 | name: http 17 | - port: 8888 18 | targetPort: 5999 19 | protocol: TCP 20 | name: vnc 21 | {{- range .Values.service.extraPorts }} 22 | - port: {{ .port }} 23 | targetPort: {{ .targetPort }} 24 | protocol: {{ .protocol }} 25 | name: {{ .name }} 26 | {{- end }} 27 | selector: 28 | app.kubernetes.io/name: {{ include "docker-osx.name" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | {{- if .Values.service.ip }} 31 | loadBalancerIP: {{ .Values.service.ip }} 32 | {{- end }} -------------------------------------------------------------------------------- /helm/values.yaml: -------------------------------------------------------------------------------- 1 | # This is a YAML-formatted file. 2 | # Declare variables to be passed into your templates. 3 | 4 | replicaCount: 1 5 | 6 | image: 7 | repository: sickcodes/docker-osx-vnc 8 | tag: latest 9 | pullPolicy: IfNotPresent 10 | userName: ubuntu 11 | 12 | # Please note, this must be a directory name within `/system_image` mounted at the bottom in extraVolumeMounts 13 | serverName: server 14 | 15 | macos: 16 | # add kexts to EFI/OC/kexts and update config.plist 17 | # make sure your kexts are in kexts.path 18 | kexts: 19 | add: false 20 | path: /system_image/kexts 21 | kextsToAdd: {} 22 | # - name: BrcmBluetoothInjector.kext 23 | # executablePath: Contents/MacOS/BrcmBluetoothInjector 24 | # plistPath: Contents/Info.plist 25 | # - name: BrcmFirmwareData.kext 26 | # executablePath: Contents/MacOS/BrcmFirmwareData 27 | # plistPath: Contents/Info.plist 28 | # - name: BrcmPatchRAM3.kext 29 | # executablePath: Contents/MacOS/BrcmPatchRAM3 30 | # plistPath: Contents/Info.plist 31 | # SMBIOS settings 32 | configPlist: 33 | SystemProductName: iMacPro1,1 34 | MLB: D25338500GUF8YLJA 35 | SystemSerialNumber: D25LF7ZEF8JC 36 | SystemUUID: 139C94D6-A533-47D2-874F-D365BFD8B047 37 | bootArgs: '-v keepsyms=1 tlbto_us=0 vti=9 -wegoff agdpmod=pikera' 38 | openCore: 39 | # Rebuild OpenCore.qcow2: this can be disabled if none of the above parameters in kexts, configPlist changes, and changing the 40 | # resolution are not desired, utilizing gpu passthrough and a few other things. Disabling is not recommended 41 | rebuild: true 42 | boot: 43 | # set to zero to have OpenCore stay at boot menu 44 | timeout: 0 45 | installerSettings: 46 | # if using more than one deployment, a write lock will be put on the system installer dmg, so this will need to be disabled 47 | # for other pods 48 | version: 10.15.7 49 | path: /system_image/installers 50 | 51 | # This section defines QEMU and virtlo parameters 52 | # 53 | # Note: 54 | # *) Increase downloadDelay if the pod gets killed for readiness/liveliness check. The first time the pod is started, 55 | # it will download the BaseSystem image and create a data partition to install the OS. If this value is really long, 56 | # the pod will take very long to allow VNC connections if it is rebooted/killed. 57 | # *) Big Sur (11.X) is currently broken, as it seems Apple reworked the packaging so that will have to be something fixed in 58 | # https://github.com/kholia/OSX-KVM/blob/master/fetch-macOS-v2.py 59 | # *) VNC and IOMMU GPU passthrough do not play together well. Disable one if using the other. This is a limitation of QEMU 60 | # unfortunately, so this means VNC from macOS will have to be used to view the VM when not using a physical GPU. 61 | # *) If using GPU passthrough, it is recommended to configure it first, as the installer will take way longer (several hours) 62 | # to install macOS with a software GPU configured. 63 | # 64 | qemu: 65 | cpu: Penryn,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+xsave,+xsaveopt,check 66 | softwareGpu: vmware 67 | hardwareGpu: 68 | # when enabled, qemu.softwareGpu will be disabled automatically. disabling this will rely on softwareGpu instead 69 | enabled: false 70 | hardwareId: 09:00 71 | # slot can be found with `lspci -v -s ` 72 | slot: 05 73 | # vfioGroup can be found with lsgroup.sh: 74 | # https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh 75 | vfioGroup: 50 76 | # leave romfile blank if not using one to disable 77 | romfile: /system_image/vbios/Sapphire.RX480.8192.160603.rom 78 | systemInstaller: 79 | # if using more than one deployment, a write lock will be put on the system installer dmg, so this will need to be disabled 80 | # for other pods 81 | enabled: false 82 | downloadDelay: 15 83 | # can be `writethrough`, `writeback`, or `none` 84 | cache: none 85 | # can be `native` or `threads` 86 | io: threads 87 | systemDisk: 88 | size: 128G 89 | # can be `writethrough`, `writeback`, or `none` 90 | cache: writeback 91 | # can be `native` or `threads` 92 | io: threads 93 | audio: 94 | # this enables onboard audio, hdmi audio is handled with qemu.hardwareGpu 95 | enabled: false 96 | driver: alsa 97 | netdev: 98 | extraPortForwarding: hostfwd=tcp::5901-:5900 99 | # for usb, pass host adapters like such: 100 | # usb: 101 | # - vendorId: 0a5c 102 | # productId: 21e8 103 | # 104 | # please use lsgroup.sh to find your host ids: 105 | # https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh 106 | # 107 | # for usb, may need to fix permissions: 108 | # sudo chmod 666 /dev/bus/usb// 109 | # 110 | # if need to add a usb controller via vfio-pci, use qemu.extraArgs 111 | # 112 | usb: {} 113 | # use the following formatting 114 | # extraArgs: 115 | # - -parallel none 116 | # - -boot order=dc 117 | extraArgs: {} 118 | 119 | # Password for accessing vm over vnc 120 | vnc: 121 | enabled: true 122 | resolution: 1920x1080 123 | password: a5aeQbaPd4$jR80Q43 124 | 125 | nameOverride: "" 126 | fullnameOverride: "" 127 | 128 | service: 129 | type: LoadBalancer 130 | ip: 192.168.1.10 131 | targetPort: 50922 132 | port: 10022 133 | extraPorts: 134 | - port: 5901 135 | targetPort: 5901 136 | protocol: TCP 137 | name: os-level-vnc 138 | 139 | ingress: 140 | enabled: false 141 | annotations: {} 142 | # kubernetes.io/ingress.class: nginx 143 | # kubernetes.io/tls-acme: "true" 144 | paths: 145 | - / 146 | hosts: 147 | - docker-osx.local 148 | tls: [] 149 | # - secretName: chart-example-tls 150 | # hosts: 151 | # - chart-example.local 152 | 153 | # Note: Resources can vary dramatically depending on disk caching and software GPU rendering. With disk 154 | # caching and software rendering up to x5 the cpu and x9 memory can be consumed. With disk cache off 155 | # and GPU passthrough enabled up to x3 the cpu and x1.5 memory can be consumed. Therefore, these settings 156 | # really depend on hardware and configuration choices. Note, these values used a 1080p video resolution 157 | # as well. 158 | # 159 | # Warning: do not perform unit conversion on cpu and memory requests, as these units 160 | # are tied qemu and virtio settings. Also, only use intergers for cpu requests. 161 | resources: 162 | limits: 163 | cpu: 15 164 | memory: 32768Mi 165 | requests: 166 | cpu: 4 167 | memory: 16384Mi 168 | 169 | nodeSelector: {} 170 | 171 | tolerations: [] 172 | 173 | affinity: {} 174 | 175 | persistence: 176 | data: 177 | enabled: false 178 | ## configuration data Persistent Volume Storage Class 179 | ## If defined, storageClassName: 180 | ## If set to "-", storageClassName: "", which disables dynamic provisioning 181 | ## If undefined (the default) or set to null, no storageClassName spec is 182 | ## set, choosing the default provisioner. (gp2 on AWS, standard on 183 | ## GKE, AWS & OpenStack) 184 | ## 185 | # storageClass: "-" 186 | ## 187 | ## If you want to reuse an existing claim, you can pass the name of the PVC using 188 | ## the existingClaim variable 189 | existingClaim: docker-osx 190 | accessMode: ReadWriteOnce 191 | size: 5Gi 192 | 193 | # Any extra volumes to define for the pod 194 | extraVolumes: 195 | - name: data 196 | hostPath: 197 | path: /mnt/data/default/docker_osx/ 198 | type: DirectoryOrCreate 199 | 200 | # Any extra volume mounts to define for the containers 201 | extraVolumeMounts: 202 | - name: data 203 | mountPath: /system_image 204 | -------------------------------------------------------------------------------- /rankmirrors: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # 3 | # rankmirrors - read a list of mirrors from a file and rank them by speed 4 | # Generated from rankmirrors.sh.in; do not edit by hand. 5 | # 6 | # Copyright (c) 2009 Matthew Bruenig 7 | # 8 | # This program is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation; either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | 21 | # traps interrupt key to spit out pre-interrupt info 22 | trap finaloutput INT 23 | 24 | declare -r myname='rankmirrors' 25 | declare -r myver='1.4.0' 26 | 27 | usage() { 28 | echo "${myname} v${myver}" 29 | echo 30 | echo "Ranks pacman mirrors by their connection and opening speed. Pacman mirror" 31 | echo "files are located in /etc/pacman.d/. It can also rank one mirror if the URL is" 32 | echo "provided." 33 | echo 34 | echo "Usage: ${myname} [options] MIRRORFILE | URL" 35 | echo 36 | echo "Options:" 37 | echo " --version show program's version number and exit" 38 | echo " -h, --help show this help message and exit" 39 | echo " -n NUM number of servers to output, 0 for all" 40 | echo " -m, --max-time NUM specify a ranking operation timeout, can be decimal number" 41 | echo " -t, --times only output mirrors and their response times" 42 | echo " -u, --url test a specific URL" 43 | echo " -v, --verbose be verbose in output" 44 | echo " -r, --repo specify a repository name instead of guessing" 45 | exit 0 46 | } 47 | 48 | version() { 49 | echo "${myname} (pacman) ${myver}" 50 | echo "Copyright (c) 2009 Matthew Bruenig ." 51 | echo 52 | echo "This is free software; see the source for copying conditions." 53 | echo "There is NO WARRANTY, to the extent permitted by law." 54 | exit 0 55 | } 56 | 57 | err() { 58 | echo "$1" >&2 59 | exit 1 60 | } 61 | 62 | # gettime fetchurl (e.g gettime http://foo.com/core/os/i686/core.db.tar.gz) 63 | # returns the fetching time, or timeout, or unreachable 64 | gettime() { 65 | IFS=' ' output=( $(curl -s -m $MAX_TIME -w "%{time_total} %{http_code}" "$1" -o/dev/null) ) 66 | (( $? == 28 )) && echo timeout && return 67 | (( ${output[1]} >= 400 || ! ${output[1]} )) && echo unreachable && return 68 | echo "${output[0]}" 69 | } 70 | 71 | # getfetchurl serverurl (e.g. getturl http://foo.com/core/os/i686) 72 | # if $repo is in the line, then assumes core 73 | # if $arch is in the line, then assumes $(uname -m) 74 | # returns a fetchurl (e.g. http://foo.com/core/os/i686/core.db.tar.gz) 75 | ARCH="$(uname -m)" 76 | getfetchurl() { 77 | local strippedurl="${1%/}" 78 | 79 | local replacedurl="${strippedurl//'$arch'/$ARCH}" 80 | if [[ ! $TARGETREPO ]]; then 81 | replacedurl="${replacedurl//'$repo'/core}" 82 | local tmp="${replacedurl%/*}" 83 | tmp="${tmp%/*}" 84 | 85 | local reponame="${tmp##*/}" 86 | else 87 | replacedurl="${replacedurl//'$repo'/$TARGETREPO}" 88 | local reponame="$TARGETREPO" 89 | fi 90 | 91 | if [[ -z $reponame || $reponame = $replacedurl ]]; then 92 | echo "fail" 93 | else 94 | local fetchurl="${replacedurl}/$reponame.db" 95 | echo "$fetchurl" 96 | fi 97 | } 98 | 99 | # This exists to remove the need for a separate interrupt function 100 | finaloutput() { 101 | IFS=$'\n' read -r -d '' -a sortedarray < \ 102 | <(printf '%s\n' "${timesarray[@]}" | LC_COLLATE=C sort) 103 | 104 | # Final output for mirrorfile 105 | numiterator="0" 106 | if [[ $TIMESONLY ]]; then 107 | echo 108 | echo " Servers sorted by time (seconds):" 109 | for line in "${sortedarray[@]}"; do 110 | echo "${line#* } : ${line% *}" 111 | ((numiterator++)) 112 | (( NUM && numiterator >= NUM )) && break 113 | done 114 | else 115 | for line in "${sortedarray[@]}"; do 116 | echo "Server = ${line#* }" 117 | ((numiterator++)) 118 | (( NUM && numiterator >= NUM )) && break 119 | done 120 | fi 121 | exit 0 122 | } 123 | 124 | 125 | # Argument parsing 126 | [[ $1 ]] || usage 127 | while [[ $1 ]]; do 128 | if [[ ${1:0:2} = -- ]]; then 129 | case "${1:2}" in 130 | help) usage ;; 131 | version) version ;; 132 | max-time) 133 | [[ $2 ]] || err "Must specify number."; 134 | MAX_TIME="$2" 135 | shift 2;; 136 | times) TIMESONLY=1 ; shift ;; 137 | verbose) VERBOSE=1 ; shift ;; 138 | url) 139 | CHECKURL=1; 140 | [[ $2 ]] || err "Must specify URL."; 141 | URL="$2"; 142 | shift 2;; 143 | repo) 144 | [[ $2 ]] || err "Must specify repository name."; 145 | TARGETREPO="$2"; 146 | shift 2;; 147 | *) err "'$1' is an invalid argument." 148 | esac 149 | elif [[ ${1:0:1} = - ]]; then 150 | 151 | if [[ ! ${1:1:1} ]]; then 152 | [[ -t 0 ]] && err "Stdin is empty." 153 | IFS=$'\n' linearray=( $( ./"${TEST}_master.txt" 49 | 50 | # run until the screen matches the expected screen 51 | while :; do 52 | sleep 5 53 | # screenshot the Xvfb 54 | scrotcat > ./"${TEST}.txt" 55 | # diff the low res txt files created from imcat 56 | diff "./${TEST}.txt" ./"${TEST}_master.txt" && break 57 | scrotcat 58 | done 59 | 60 | # kill any containers 61 | docker kill "$(docker ps --format "{{.ID}}")" 62 | 63 | # ensure all containers are dead 64 | until [[ "$(docker ps | wc -l)" = 1 ]]; do 65 | sleep 1 66 | docker ps | xargs docker kill 67 | done 68 | 69 | done 70 | 71 | exit 0 72 | -------------------------------------------------------------------------------- /tests/catalina_master.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/tests/catalina_master.png -------------------------------------------------------------------------------- /tests/high-sierra_master.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/tests/high-sierra_master.png -------------------------------------------------------------------------------- /tests/mojave_master.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/tests/mojave_master.png -------------------------------------------------------------------------------- /tests/monterey_master.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/tests/monterey_master.png -------------------------------------------------------------------------------- /tests/sonoma_master.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sickcodes/Docker-OSX/e962dce97f384f5eee3970f566c7d1428f78e221/tests/sonoma_master.png -------------------------------------------------------------------------------- /tests/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # ____ __ ____ ______ __ 3 | # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / 4 | # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / 5 | # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | 6 | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| TESTS 7 | # 8 | # Title: Docker-OSX (Mac on Docker) 9 | # Author: Sick.Codes https://twitter.com/sickcodes 10 | # Version: 4.2 11 | # License: GPLv3+ 12 | # Repository: https://github.com/sickcodes/Docker-OSX 13 | # Website: https://sick.codes 14 | # 15 | # Status: Used internally to auto build, run and test images on DO. 16 | # 17 | 18 | help_text="Usage: ./test.sh --branch --repo 19 | 20 | General options: 21 | --branch, -b Git branch, default is master 22 | --repo, -r Alternative link to build 23 | --mirror-country, -m Two letter country code for Arch mirrors 24 | --docker-username, -u Docker hub username 25 | --docker-password, -p Docker hub password 26 | --vnc-password, -v Choose a VNC passwd. 27 | 28 | Flags 29 | --no-cache, -n Enable --no-cache (default already) 30 | --no-no-cache, -nn Disable --no-cache docker builds 31 | --help, -h, help Display this help and exit 32 | " 33 | 34 | # set -xeuf -o pipefail 35 | 36 | 37 | # gather arguments 38 | while (( "$#" )); do 39 | case "${1}" in 40 | 41 | --help | -h | h | help ) 42 | echo "${help_text}" && exit 0 43 | ;; 44 | 45 | --branch=* | -b=* ) 46 | export BRANCH="${1#*=}" 47 | shift 48 | ;; 49 | --branch* | -b* ) 50 | export BRANCH="${2}" 51 | shift 52 | shift 53 | ;; 54 | --repo=* | -r=* ) 55 | export REPO="${1#*=}" 56 | shift 57 | ;; 58 | --repo* | -r* ) 59 | export REPO="${2}" 60 | shift 61 | shift 62 | ;; 63 | --mirror-country=* | -m=* ) 64 | export MIRROR_COUNTRY="${1#*=}" 65 | shift 66 | ;; 67 | --mirror-country* | -m* ) 68 | export MIRROR_COUNTRY="${2}" 69 | shift 70 | shift 71 | ;; 72 | --vnc-password=* | -v=* | --vnc-passwd=* ) 73 | export VNC_PASSWORD="${1#*=}" 74 | shift 75 | ;; 76 | --vnc-password* | -v* | --vnc-passwd* ) 77 | export VNC_PASSWORD="${2}" 78 | shift 79 | shift 80 | ;; 81 | --docker-username=* | -u=* ) 82 | export DOCKER_USERNAME="${1#*=}" 83 | shift 84 | ;; 85 | --docker-username* | -u* ) 86 | export DOCKER_USERNAME="${2}" 87 | shift 88 | shift 89 | ;; 90 | --docker-password=* | -p=* ) 91 | export DOCKER_PASSWORD="${1#*=}" 92 | shift 93 | ;; 94 | --docker-password* | -p* ) 95 | export DOCKER_PASSWORD="${2}" 96 | shift 97 | shift 98 | ;; 99 | --no-cache | -n ) 100 | export NO_CACHE='--no-cache' 101 | shift 102 | ;; 103 | --no-no-cache | -nn ) 104 | export NO_CACHE= 105 | shift 106 | ;; 107 | *) 108 | echo "Invalid option: ${1}" 109 | exit 1 110 | ;; 111 | 112 | esac 113 | done 114 | 115 | BRANCH="${BRANCH:=master}" 116 | REPO="${REPO:=https://github.com/sickcodes/Docker-OSX.git}" 117 | VNC_PASSWORD="${VNC_PASSWORD:=testing}" 118 | MIRROR_COUNTRY="${MIRROR_COUNTRY:=US}" 119 | NO_CACHE="${NO_CACHE:=--no-cache}" 120 | 121 | 122 | TEST_BUILDS=( 123 | 'docker-osx:naked' 124 | 'docker-osx:naked-auto' 125 | 'docker-osx:auto' 126 | ) 127 | 128 | TEST_BUILDS=( 129 | 'docker-osx:naked' 130 | 'docker-osx:naked-auto' 131 | 'docker-osx:auto' 132 | ) 133 | 134 | VERSION_BUILDS=( 135 | 'high-sierra' 136 | 'mojave' 137 | 'catalina' 138 | 'big-sur' 139 | 'monterey' 140 | 'ventura' 141 | 'sonoma' 142 | ) 143 | 144 | warning () { 145 | clear 146 | for j in {15..1}; do 147 | echo "############# WARNING: THIS SCRIPT IS NOT INTENDED FOR USE BY ################" 148 | echo "############# IT IS USED BY THE PROJECT TO BUILD AND PUSH TO DOCKERHUB #######" 149 | echo "" 150 | echo " Press Ctrl C to stop. " 151 | MAX_COLS=$((${COLUMNS}/2)) 152 | printf "$j %.0s" {1..20} 153 | echo 154 | sleep 1 155 | done 156 | } 157 | 158 | install_docker () { 159 | apt remove docker docker-engine docker.io containerd runc -y \ 160 | ; apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y \ 161 | && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ 162 | && apt-key fingerprint 0EBFCD88 \ 163 | && > /etc/apt/sources.list.d/docker.list \ 164 | && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ 165 | && apt update -y \ 166 | && apt install docker-ce docker-ce-cli containerd.io -y \ 167 | && usermod -aG docker "${USER}" \ 168 | && su hook docker run --rm hello-world 169 | } 170 | 171 | install_vnc () { 172 | apt update -y \ 173 | && apt install xorg openbox tigervnc-standalone-server tigervnc-common tigervnc-xorg-extension tigervnc-viewer -y \ 174 | && mkdir -p ${HOME}/.vnc \ 175 | && touch ~/.vnc/config \ 176 | && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ 177 | && tee -a ~/.vnc/config <<< 'localhost' \ 178 | && tee -a ~/.vnc/config <<< 'alwaysshared' \ 179 | && touch ./vnc.sh \ 180 | && printf '\n%s\n' \ 181 | 'sudo rm -f /tmp/.X99-lock' \ 182 | 'export DISPLAY=:99' \ 183 | '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth ~/.vnc/passwd :99 &' > ./vnc.sh \ 184 | && tee vncpasswd_file <<< "${VNC_PASSWORD:=testing}" && echo "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd \ 186 | && chmod 600 ~/.vnc/passwd \ 187 | && apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager -y \ 188 | && sudo systemctl enable libvirtd.service \ 189 | && sudo systemctl enable virtlogd.service \ 190 | && echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs \ 191 | && sudo modprobe kvm \ 192 | && echo 'export DISPLAY=:99' >> ~/.bashrc \ 193 | && printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$( 77 | 78 | USER root 79 | 80 | # OPTIONAL: Arch Linux server mirrors for super fast builds 81 | # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true 82 | ARG RANKMIRRORS 83 | ARG MIRROR_COUNTRY=US 84 | ARG MIRROR_COUNT=10 85 | RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ 86 | ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors" \ 87 | ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ 88 | | sed -e 's/^#Server/Server/' -e '/^#/d' \ 89 | | head -n "$((${MIRROR_COUNT:-10}+1))" \ 90 | | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ 91 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch' \ 92 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 93 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 94 | && cat /etc/pacman.d/mirrorlist ; fi 95 | 96 | # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys 97 | RUN pacman -Sy archlinux-keyring --noconfirm && rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate 98 | 99 | USER arch 100 | 101 | RUN yes | sudo pacman -Syyuu --noconfirm \ 102 | && yes | sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm \ 103 | && mkdir -p ${HOME}/.vnc \ 104 | && touch ~/.vnc/config \ 105 | && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ 106 | && tee -a ~/.vnc/config <<< 'localhost' \ 107 | && tee -a ~/.vnc/config <<< 'alwaysshared' 108 | 109 | # this won't work if you have 99 monitors, 98 monitors is fine though 110 | # don't forget to remove the lock file incase you shut down incorrectly or create an image. 111 | RUN printf '\n%s\n' \ 112 | 'sudo rm -f /tmp/.X99-lock' \ 113 | 'export DISPLAY=:99' \ 114 | '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &' > vnc.sh 115 | 116 | RUN cat vnc.sh Launch.sh > Launch_custom.sh 117 | 118 | RUN chmod +x Launch_custom.sh 119 | 120 | RUN tee vncpasswd_file <<< "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd 122 | 123 | RUN chmod 600 ~/.vnc/passwd 124 | RUN printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$( 37 | 38 | USER root 39 | 40 | WORKDIR /root 41 | 42 | RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img 43 | 44 | # OPTIONAL: Arch Linux server mirrors for super fast builds 45 | # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true 46 | ARG RANKMIRRORS 47 | ARG MIRROR_COUNTRY=US 48 | ARG MIRROR_COUNT=10 49 | RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ 50 | ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors" \ 51 | ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ 52 | | sed -e 's/^#Server/Server/' -e '/^#/d' \ 53 | | head -n "$((${MIRROR_COUNT:-10}+1))" \ 54 | | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ 55 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch' \ 56 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 57 | && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' \ 58 | && cat /etc/pacman.d/mirrorlist ; fi 59 | 60 | # For taking screenshots of the Xfvb screen, useful during development. 61 | ARG SCROT 62 | 63 | RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \ 64 | && if [[ "${SCROT}" ]]; then \ 65 | pacman -Syu scrot base-devel --noconfirm \ 66 | && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ 67 | && cd imcat \ 68 | && make \ 69 | && sudo cp imcat /usr/bin/imcat \ 70 | && touch /usr/bin/scrotcat \ 71 | && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ 72 | && chmod +x /usr/bin/scrotcat \ 73 | ; else \ 74 | touch /usr/bin/scrotcat \ 75 | && echo echo >> /usr/bin/scrotcat \ 76 | && chmod +x /usr/bin/scrotcat \ 77 | ; fi \ 78 | ; yes | pacman -Scc 79 | 80 | USER arch 81 | 82 | WORKDIR /home/arch/OSX-KVM 83 | 84 | RUN mkdir -p ~/.ssh \ 85 | && touch ~/.ssh/authorized_keys \ 86 | && touch ~/.ssh/config \ 87 | && chmod 700 ~/.ssh \ 88 | && chmod 600 ~/.ssh/config \ 89 | && chmod 600 ~/.ssh/authorized_keys \ 90 | && tee -a ~/.ssh/config <<< 'Host *' \ 91 | && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ 92 | && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' 93 | 94 | #### SPECIAL RUNTIME ARGUMENTS BELOW 95 | 96 | ENV ADDITIONAL_PORTS= 97 | 98 | # add additional QEMU boot arguments 99 | ENV BOOT_ARGS= 100 | 101 | ENV BOOTDISK= 102 | 103 | # edit the CPU that is beign emulated 104 | ENV CPU=Penryn 105 | 106 | ENV DISPLAY=:99 107 | 108 | ENV HEADLESS=false 109 | 110 | ENV ENV=/env 111 | 112 | # Boolean for generating a bootdisk with new random serials. 113 | ENV GENERATE_UNIQUE=false 114 | 115 | # Boolean for generating a bootdisk with specific serials. 116 | ENV GENERATE_SPECIFIC=false 117 | 118 | ENV IMAGE_PATH=/image 119 | ENV IMAGE_FORMAT=qcow2 120 | 121 | ENV KVM='accel=kvm:tcg' 122 | 123 | # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" 124 | 125 | # ENV NETWORKING=e1000-82545em 126 | ENV NETWORKING=vmxnet3 127 | 128 | ENV NOPICKER=true 129 | 130 | # dynamic RAM options for runtime 131 | ENV RAM=8 132 | # ENV RAM=max 133 | # ENV RAM=half 134 | 135 | # The x and y coordinates for resolution. 136 | # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. 137 | ENV WIDTH=1920 138 | ENV HEIGHT=1080 139 | 140 | # libguestfs verbose 141 | ENV LIBGUESTFS_DEBUG=1 142 | ENV LIBGUESTFS_TRACE=1 143 | 144 | CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 145 | ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ 146 | ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ 147 | nohup Xvfb :99 -screen 0 1920x1080x16 \ 148 | & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ 149 | ; } \ 150 | ; [[ "${NOPICKER}" == true ]] && { \ 151 | sed -i '/^.*InstallMedia.*/d' Launch.sh \ 152 | && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2}" \ 153 | ; } \ 154 | || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ 155 | ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ 156 | ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ 157 | --master-plist-url="${MASTER_PLIST_URL}" \ 158 | --count 1 \ 159 | --tsv ./serial.tsv \ 160 | --bootdisks \ 161 | --width "${WIDTH:-1920}" \ 162 | --height "${HEIGHT:-1080}" \ 163 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ 164 | --output-env "${ENV:=/env}" \ 165 | || exit 1 ; } \ 166 | ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ 167 | source "${ENV:=/env}" 2>/dev/null \ 168 | ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ 169 | --master-plist-url="${MASTER_PLIST_URL}" \ 170 | --model "${DEVICE_MODEL}" \ 171 | --serial "${SERIAL}" \ 172 | --board-serial "${BOARD_SERIAL}" \ 173 | --uuid "${UUID}" \ 174 | --mac-address "${MAC_ADDRESS}" \ 175 | --width "${WIDTH:-1920}" \ 176 | --height "${HEIGHT:-1080}" \ 177 | --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ 178 | || exit 1 ; } \ 179 | # ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh 180 | 181 | WORKDIR /home/arch/OSX-KVM 182 | 183 | RUN yes | sudo pacman -Syyuu --noconfirm \ 184 | && yes | sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm \ 185 | && mkdir -p ${HOME}/.vnc \ 186 | && touch ~/.vnc/config \ 187 | && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ 188 | && tee -a ~/.vnc/config <<< 'localhost' \ 189 | && tee -a ~/.vnc/config <<< 'alwaysshared' 190 | 191 | RUN printf '\n%s\n' \ 192 | 'sudo rm -f /tmp/.X99-lock' \ 193 | 'export DISPLAY=:99' \ 194 | '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &' > vnc.sh 195 | 196 | RUN cat vnc.sh Launch.sh > Launch_custom.sh 197 | 198 | RUN chmod +x Launch_custom.sh 199 | 200 | RUN tee vncpasswd_file <<< "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd 202 | 203 | RUN chmod 600 ~/.vnc/passwd 204 | RUN printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$(