Repository: dockur/macos Branch: master Commit: 297714126c4d Files: 30 Total size: 88.0 KB Directory structure: gitextract_z9_5as5k/ ├── .devcontainer/ │ ├── 010 - macOS Sequoia/ │ │ └── devcontainer.json │ ├── 030 - macOS Ventura/ │ │ └── devcontainer.json │ ├── 040 - macOS Monterey/ │ │ └── devcontainer.json │ ├── 050 - macOS Big Sur/ │ │ └── devcontainer.json │ ├── 060 - macOS Catalina/ │ │ └── devcontainer.json │ ├── codespaces.yml │ └── devcontainer.json ├── .dockerignore ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ ├── 1-issue.yml │ │ ├── 2-feature.yml │ │ ├── 3-bug.yml │ │ ├── 4-question.yml │ │ └── config.yml │ ├── dependabot.yml │ ├── renovate.json │ └── workflows/ │ ├── build.yml │ ├── check.yml │ ├── hub.yml │ ├── review.yml │ └── test.yml ├── .gitignore ├── Dockerfile ├── assets/ │ └── config.plist ├── compose.yml ├── kubernetes.yml ├── license.md ├── readme.md └── src/ ├── boot.sh ├── entry.sh └── install.sh ================================================ FILE CONTENTS ================================================ ================================================ FILE: .devcontainer/010 - macOS Sequoia/devcontainer.json ================================================ { "name": "macOS 15 (Sequoia)", "service": "macos", "containerEnv": { "VERSION": "15" }, "forwardPorts": [8006], "portsAttributes": { "8006": { "label": "Web", "onAutoForward": "notify" } }, "otherPortsAttributes": { "onAutoForward": "ignore" }, "dockerComposeFile": "../codespaces.yml", "initializeCommand": "docker system prune --all --force" } ================================================ FILE: .devcontainer/030 - macOS Ventura/devcontainer.json ================================================ { "name": "macOS 13 (Ventura)", "service": "macos", "containerEnv": { "VERSION": "13" }, "forwardPorts": [8006], "portsAttributes": { "8006": { "label": "Web", "onAutoForward": "notify" } }, "otherPortsAttributes": { "onAutoForward": "ignore" }, "dockerComposeFile": "../codespaces.yml", "initializeCommand": "docker system prune --all --force" } ================================================ FILE: .devcontainer/040 - macOS Monterey/devcontainer.json ================================================ { "name": "macOS 12 (Monterey)", "service": "macos", "containerEnv": { "VERSION": "12" }, "forwardPorts": [8006], "portsAttributes": { "8006": { "label": "Web", "onAutoForward": "notify" } }, "otherPortsAttributes": { "onAutoForward": "ignore" }, "dockerComposeFile": "../codespaces.yml", "initializeCommand": "docker system prune --all --force" } ================================================ FILE: .devcontainer/050 - macOS Big Sur/devcontainer.json ================================================ { "name": "macOS 11 (Big Sur)", "service": "macos", "containerEnv": { "VERSION": "11" }, "forwardPorts": [8006], "portsAttributes": { "8006": { "label": "Web", "onAutoForward": "notify" } }, "otherPortsAttributes": { "onAutoForward": "ignore" }, "dockerComposeFile": "../codespaces.yml", "initializeCommand": "docker system prune --all --force" } ================================================ FILE: .devcontainer/060 - macOS Catalina/devcontainer.json ================================================ { "name": "macOS 10 (Catalina)", "service": "macos", "containerEnv": { "VERSION": "10" }, "forwardPorts": [8006], "portsAttributes": { "8006": { "label": "Web", "onAutoForward": "notify" } }, "otherPortsAttributes": { "onAutoForward": "ignore" }, "dockerComposeFile": "../codespaces.yml", "initializeCommand": "docker system prune --all --force" } ================================================ FILE: .devcontainer/codespaces.yml ================================================ services: macos: container_name: macos image: ghcr.io/dockur/macos environment: RAM_SIZE: "half" DISK_SIZE: "max" CPU_CORES: "max" devices: - /dev/kvm - /dev/net/tun cap_add: - NET_ADMIN ports: - 8006:8006 - 5900:5900/tcp - 5900:5900/udp volumes: - ./macos:/storage restart: on-failure stop_grace_period: 2m ================================================ FILE: .devcontainer/devcontainer.json ================================================ { "name": "macOS 14 (Sonoma)", "service": "macos", "containerEnv": { "VERSION": "14" }, "forwardPorts": [8006], "portsAttributes": { "8006": { "label": "Web", "onAutoForward": "notify" } }, "otherPortsAttributes": { "onAutoForward": "ignore" }, "dockerComposeFile": "codespaces.yml", "initializeCommand": "docker system prune --all --force" } ================================================ FILE: .dockerignore ================================================ .dockerignore .devcontainer .git .github .gitignore .gitlab-ci.yml .gitmodules Dockerfile Dockerfile.archive compose.yml compose.yaml docker-compose.yml docker-compose.yaml *.md ================================================ FILE: .github/ISSUE_TEMPLATE/1-issue.yml ================================================ name: "\U0001F6A8 Technical issue" description: When you're experiencing problems using the container body: - type: input id: os attributes: label: Operating system description: Your Linux distribution (can be shown by `lsb_release -a`). placeholder: e.g. Ubuntu 24.04 validations: required: true - type: textarea id: summary attributes: label: Description description: A clear and concise description of your issue. validations: required: true - type: textarea id: compose attributes: label: Docker compose description: The compose file (or otherwise the `docker run` command used). render: yaml validations: required: true - type: textarea id: log attributes: label: Docker log description: The logfile of the container (as shown by `docker logs macos`). render: shell validations: required: true - type: textarea id: screenshot attributes: label: Screenshots (optional) description: Screenshots that might help to make the problem more clear. validations: required: false ================================================ FILE: .github/ISSUE_TEMPLATE/2-feature.yml ================================================ name: "\U0001F680 Feature request" description: Suggest an idea for improving the container title: "[Feature]: " labels: ["enhancement"] body: - type: textarea id: problem attributes: label: Is your proposal related to a problem? description: | Provide a clear and concise description of what the problem is. For example, "I'm always frustrated when..." validations: required: true - type: textarea id: solution attributes: label: Describe the solution you'd like. description: | Provide a clear and concise description of what you want to happen. validations: required: true - type: textarea id: alternatives attributes: label: Describe alternatives you've considered. description: | Let us know about other solutions you've tried or researched. validations: required: true - type: textarea id: context attributes: label: Additional context description: | Is there anything else you can add about the proposal? You might want to link to related issues here, if you haven't already. ================================================ FILE: .github/ISSUE_TEMPLATE/3-bug.yml ================================================ name: "\U0001F41E Bug report" description: Create a report to help us improve the container title: "[Bug]: " labels: ["bug"] body: - type: input id: os attributes: label: Operating system description: Your Linux distribution (can be shown by `lsb_release -a`). placeholder: e.g. Ubuntu 24.04 validations: required: true - type: textarea id: summary attributes: label: Description description: Describe the expected behaviour, the actual behaviour, and the steps to reproduce. validations: required: true - type: textarea id: compose attributes: label: Docker compose description: The compose file (or otherwise the `docker run` command used). render: yaml validations: required: true - type: textarea id: log attributes: label: Docker log description: The logfile of the container (as shown by `docker logs macos`). render: shell validations: required: true - type: textarea id: screenshot attributes: label: Screenshots (optional) description: Screenshots that might help to make the problem more clear. validations: required: false ================================================ FILE: .github/ISSUE_TEMPLATE/4-question.yml ================================================ name: "\U00002753 General question" description: Questions about the container not related to an issue title: "[Question]: " labels: ["question"] body: - type: checkboxes attributes: label: Is your question not already answered in the FAQ? description: Please read the [FAQ](https://github.com/dockur/macos/blob/master/readme.md) carefully to avoid asking duplicate questions. options: - label: I made sure the question is not listed in the [FAQ](https://github.com/dockur/macos/blob/master/readme.md). required: true - type: checkboxes attributes: label: Is this a general question and not a technical issue? description: For questions related to issues you must use the [technical issue](https://github.com/dockur/macos/issues/new?assignees=&labels=&projects=&template=1-issue.yml) form instead. It contains all the right fields (system info, logfiles, etc.) we need in order to be able to help you. options: - label: I am sure my question is not about a technical issue. required: true - type: textarea id: question attributes: label: Question description: What's the question you have about the container? validations: required: true ================================================ FILE: .github/ISSUE_TEMPLATE/config.yml ================================================ blank_issues_enabled: false ================================================ FILE: .github/dependabot.yml ================================================ version: 2 updates: - package-ecosystem: docker directory: / schedule: interval: weekly - package-ecosystem: github-actions directory: / schedule: interval: weekly ================================================ FILE: .github/renovate.json ================================================ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:recommended", ":disableDependencyDashboard"] } ================================================ FILE: .github/workflows/build.yml ================================================ name: Build on: workflow_dispatch: concurrency: group: build cancel-in-progress: false jobs: shellcheck: name: Test uses: ./.github/workflows/check.yml build: name: Build needs: shellcheck runs-on: ubuntu-latest permissions: actions: write packages: write contents: read steps: - name: Checkout uses: actions/checkout@v6 with: fetch-depth: 0 - name: Docker metadata id: meta uses: docker/metadata-action@v5 with: context: git images: | ${{ secrets.DOCKERHUB_REPO }} ghcr.io/${{ github.repository }} tags: | type=raw,value=latest,priority=100 type=raw,value=${{ vars.MAJOR }}.${{ vars.MINOR }} labels: | org.opencontainers.image.title=${{ vars.NAME }} env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login into Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build Docker image uses: docker/build-push-action@v6 with: context: . push: true provenance: false platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} build-args: | VERSION_ARG=${{ steps.meta.outputs.version }} - name: Create a release uses: action-pack/github-release@v2 with: tag: "v${{ steps.meta.outputs.version }}" title: "v${{ steps.meta.outputs.version }}" token: ${{ secrets.REPO_ACCESS_TOKEN }} - name: Increment version variable uses: action-pack/bump@v2 with: token: ${{ secrets.REPO_ACCESS_TOKEN }} - name: Send mail uses: action-pack/send-mail@v1 with: to: ${{secrets.MAILTO}} from: Github Actions <${{secrets.MAILTO}}> connection_url: ${{secrets.MAIL_CONNECTION}} subject: Build of ${{ github.event.repository.name }} v${{ steps.meta.outputs.version }} completed body: | The build job of ${{ github.event.repository.name }} v${{ steps.meta.outputs.version }} was completed successfully! See https://github.com/${{ github.repository }}/actions for more information. ================================================ FILE: .github/workflows/check.yml ================================================ on: [workflow_call] name: "Check" permissions: {} jobs: shellcheck: name: shellcheck runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: SHELLCHECK_OPTS: -x --source-path=src -e SC1091 -e SC2001 -e SC2002 -e SC2034 -e SC2064 -e SC2153 -e SC2317 -e SC2028 - name: Lint Dockerfile uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: Dockerfile ignore: DL3008,DL3018,DL3020,DL3029,DL3059 failure-threshold: warning - name: Validate JSON and YML files uses: GrantBirki/json-yaml-validate@v4 with: yaml_exclude_regex: ".*\\kubernetes\\.yml$" ================================================ FILE: .github/workflows/hub.yml ================================================ name: Update on: push: branches: - master paths: - readme.md - README.md - .github/workflows/hub.yml jobs: dockerHubDescription: runs-on: ubuntu-latest steps: - name: Checkout repo uses: actions/checkout@v6 - name: Docker Hub Description uses: peter-evans/dockerhub-description@v5 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} repository: ${{ secrets.DOCKERHUB_REPO }} short-description: ${{ github.event.repository.description }} readme-filepath: ./readme.md ================================================ FILE: .github/workflows/review.yml ================================================ on: pull_request: name: "Review" permissions: contents: read pull-requests: write checks: write jobs: review: name: review runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Spelling uses: reviewdog/action-misspell@v1 with: locale: "US" level: warning pattern: | *.md *.sh reporter: github-pr-review github_token: ${{ secrets.GITHUB_TOKEN }} - name: Hadolint uses: reviewdog/action-hadolint@v1 with: level: warning reporter: github-pr-review hadolint_ignore: DL3008 DL3018 DL3020 DL3029 DL3059 github_token: ${{ secrets.GITHUB_TOKEN }} - name: YamlLint uses: reviewdog/action-yamllint@v1 with: level: warning reporter: github-pr-review github_token: ${{ secrets.GITHUB_TOKEN }} - name: ActionLint uses: reviewdog/action-actionlint@v1 with: level: warning reporter: github-pr-review github_token: ${{ secrets.GITHUB_TOKEN }} - name: Shellformat uses: reviewdog/action-shfmt@v1 with: level: warning shfmt_flags: "-i 2 -ci -bn" github_token: ${{ secrets.GITHUB_TOKEN }} - name: Shellcheck uses: reviewdog/action-shellcheck@v1 with: level: warning reporter: github-pr-review shellcheck_flags: -x -e SC1091 -e SC2001 -e SC2002 -e SC2034 -e SC2064 -e SC2153 -e SC2317 -e SC2028 github_token: ${{ secrets.GITHUB_TOKEN }} ================================================ FILE: .github/workflows/test.yml ================================================ on: workflow_dispatch: pull_request: name: "Test" permissions: {} jobs: shellcheck: name: Test uses: ./.github/workflows/check.yml ================================================ FILE: .gitignore ================================================ ================================================ FILE: Dockerfile ================================================ # syntax=docker/dockerfile:1 FROM --platform=$BUILDPLATFORM alpine:3.22 AS builder ARG VERSION_OPENCORE="1.0.4" ARG REPO_OPENCORE="https://github.com/acidanthera/OpenCorePkg" ADD $REPO_OPENCORE/releases/download/$VERSION_OPENCORE/OpenCore-$VERSION_OPENCORE-RELEASE.zip /tmp/opencore.zip RUN apk --update --no-cache add unzip && \ unzip /tmp/opencore.zip -d /tmp/oc && \ cp /tmp/oc/Utilities/macserial/macserial.linux /macserial && \ rm -rf /tmp/* /var/tmp/* /var/cache/apk/* FROM scratch AS runner COPY --from=qemux/qemu:7.29 / / ARG VERSION_ARG="0.0" ARG VERSION_KVM_OPENCORE="v21" ARG VERSION_OSX_KVM="326053dd61f49375d5dfb28ee715d38b04b5cd8e" ARG REPO_OSX_KVM="https://raw.githubusercontent.com/kholia/OSX-KVM" ARG REPO_KVM_OPENCORE="https://github.com/thenickdude/KVM-Opencore" ARG DEBCONF_NOWARNINGS="yes" ARG DEBIAN_FRONTEND="noninteractive" ARG DEBCONF_NONINTERACTIVE_SEEN="true" RUN set -eu && \ apt-get update && \ apt-get --no-install-recommends -y install \ mtools && \ apt-get clean && \ echo "$VERSION_ARG" > /run/version && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* COPY --chmod=755 ./src /run/ COPY --chmod=755 ./assets /assets/ COPY --chmod=755 --from=builder /macserial /usr/local/bin/ ADD --chmod=644 \ $REPO_OSX_KVM/$VERSION_OSX_KVM/OVMF_CODE.fd \ $REPO_OSX_KVM/$VERSION_OSX_KVM/OVMF_VARS.fd \ $REPO_OSX_KVM/$VERSION_OSX_KVM/OVMF_VARS-1024x768.fd \ $REPO_OSX_KVM/$VERSION_OSX_KVM/OVMF_VARS-1920x1080.fd /usr/share/OVMF/ ADD $REPO_KVM_OPENCORE/releases/download/$VERSION_KVM_OPENCORE/OpenCore-$VERSION_KVM_OPENCORE.iso.gz /opencore.iso.gz VOLUME /storage EXPOSE 5900 8006 ENV VERSION="14" ENV RAM_SIZE="4G" ENV CPU_CORES="1" ENV DISK_SIZE="64G" ENTRYPOINT ["/usr/bin/tini", "-s", "/run/entry.sh"] ================================================ FILE: assets/config.plist ================================================ ACPI Add Comment My custom DSDT Enabled Path DSDT.aml Comment My custom SSDT Enabled Path SSDT-1.aml Comment Read the comment in dsl sample Enabled Path SSDT-ALS0.aml Comment Read the comment in dsl sample Enabled Path SSDT-AWAC-DISABLE.aml Comment Read the comment in dsl sample Enabled Path SSDT-BRG0.aml Comment Read the comment in dsl sample Enabled Path SSDT-EC-USBX.aml Comment Fake EC and USBX Power Enabled Path SSDT-EC.aml Comment Read the comment in dsl sample Enabled Path SSDT-EHCx-DISABLE.aml Comment Read the comment in dsl sample Enabled Path SSDT-IMEI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Comment Read the comment in dsl sample Enabled Path SSDT-PMC.aml Comment Read the comment in dsl sample Enabled Path SSDT-PNLF.aml Comment Read the comment in dsl sample Enabled Path SSDT-RTC0-RANGE.aml Comment Read the comment in dsl sample Enabled Path SSDT-RTC0.aml Comment Read the comment in dsl sample Enabled Path SSDT-SBUS-MCHC.aml Comment Read the comment in dsl sample Enabled Path SSDT-UNC.aml Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Base BaseSkip 0 Comment Replace one byte sequence with another Count 0 Enabled Find ESIzRA== Limit 0 Mask OemTableId Replace RDMiEQ== ReplaceMask Skip 0 TableLength 0 TableSignature Base \_SB.PCI0.LPCB.HPET BaseSkip 0 Comment HPET _CRS to XCRS Count 1 Enabled Find X0NSUw== Limit 0 Mask OemTableId Replace WENSUw== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus SyncTableIds Booter MmioWhitelist Patch Quirks AllowRelocationBlock AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector FixupAppleEfiImages ForceBooterSignature ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap ResizeAppleGpuBars -1 SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete Kernel Add Arch Any BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch Any BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 10.0.0 PlistPath Contents/Info.plist Arch Any BundlePath AppleALC.kext Comment Audio patches Enabled ExecutablePath Contents/MacOS/AppleALC MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath IntelMausi.kext Comment Intel Ethernet LAN Enabled ExecutablePath Contents/MacOS/IntelMausi MaxKernel MinKernel 13.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath Legacy_USB3.kext Comment XHC ports configuration Enabled ExecutablePath MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Controller MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Keyboard.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Keyboard MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Mouse.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Mouse MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Trackpad.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Trackpad MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooInput.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooInput MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath BrcmFirmwareData.kext Comment Bluetooth firmware Enabled ExecutablePath Contents/MacOS/BrcmFirmwareData MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath BrcmNonPatchRAM2.kext Comment Bluetooth support for macOS 10.11-10.14 Enabled ExecutablePath Contents/MacOS/BrcmNonPatchRAM2 MaxKernel 18.99.99 MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath BrcmPatchRAM2.kext Comment Bluetooth support for macOS 10.11-10.14 Enabled ExecutablePath Contents/MacOS/BrcmPatchRAM2 MaxKernel 18.99.99 MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath BrcmPatchRAM3.kext Comment Bluetooth support for macOS 10.15- Enabled ExecutablePath Contents/MacOS/BrcmPatchRAM3 MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath BrcmBluetoothInjector.kext Comment Bluetooth support for macOS 10.15-11 Enabled ExecutablePath MaxKernel 20.99.99 MinKernel 19.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath BlueToolFixup.kext Comment Bluetooth support for macOS 12- Enabled ExecutablePath Contents/MacOS/BlueToolFixup MaxKernel MinKernel 21.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath CryptexFixup.kext Comment Support for non-AVX2 CPUs in Ventura/Sonoma Enabled ExecutablePath Contents/MacOS/CryptexFixup MaxKernel 23.99.99 MinKernel 22.1.0 PlistPath Contents/Info.plist Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Strategy Disable Emulate Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== DummyPowerManagement MaxKernel MinKernel Force Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Enabled ExecutablePath Contents/MacOS/IONetworkingFamily Identifier com.apple.iokit.IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist Patch Arch x86_64 Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= MaxKernel 20.3.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 Arch x86_64 Base Comment algrey - thenickdude - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN (Big Sur 11.3+, Monterey, Ventura, Sonoma) Count 1 Enabled Find MdKzAYA9AAAAAAZ1 Identifier kernel Limit 0 Mask ////////AAAAAP// MaxKernel 23.99.99 MinKernel 20.4.0 Replace urxP6nizAJCQkJDr ReplaceMask Skip 0 Arch x86_64 Base _early_random Comment SurPlus v1 - PART 1 of 2 - Patch read_erandom (inlined in _early_random) Count 1 Enabled Find AHQjSIs= Identifier kernel Limit 800 Mask MaxKernel 21.1.0 MinKernel 20.4.0 Replace AOsjSIs= ReplaceMask Skip 0 Arch x86_64 Base _register_and_init_prng Comment SurPlus v1 - PART 2 of 2 - Patch register_and_init_prng Count 1 Enabled Find ukgBAAAx9g== Identifier kernel Limit 256 Mask MaxKernel 21.1.0 MinKernel 20.4.0 Replace ukgBAADrBQ== ReplaceMask Skip 0 Arch x86_64 Base _apfs_filevault_allowed Comment Force FileVault on Broken Seal (from OCLP project, for non-AVX2 Ventura/Sonoma) Count 0 Enabled Find Identifier com.apple.filesystems.apfs Limit 0 Mask MaxKernel 23.99.99 MinKernel 22.1.0 Replace uAEAAADD ReplaceMask Skip 0 Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomPciSerialDevice CustomSMBIOSGuid DisableIoMapper DisableIoMapperMapping DisableLinkeditJettison DisableRtcChecksum ExtendBTFeatureFlags ExternalDiskIcons ForceAquantiaEthernet ForceSecureBootScheme IncreasePciBarSize LapicKernelPanic LegacyCommpage PanicNoKextDump PowerTimeoutKernelPanic ProvideCurrentCpuInfo SetApfsTrimTimeout 0 ThirdPartyDrives XhciPortLimit Scheme CustomKernel FuzzyMatch KernelArch Auto KernelCache Auto Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HibernateSkipsPicker HideAuxiliary InstanceIdentifier LauncherOption Disabled LauncherPath Default PickerAttributes 17 PickerAudioAssist PickerMode External PickerVariant Auto PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout 0 Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 LogModules * SysReport Target 3 Entries Security AllowSetDefault ApECID 0 AuthRestart BlacklistAppleUpdate DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 18809603 SecureBootModel Disabled Vault Optional Serial Init Override Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Flavour OpenShell:UEFIShell:Shell FullNvramAccess Name UEFI Shell Path Shell.efi RealPath TextMode Arguments Auxiliary Comment Memory testing utility Enabled Flavour MemTest FullNvramAccess Name memtest86 Path memtest86/BOOTX64.efi RealPath TextMode Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Flavour Auto FullNvramAccess Name Shutdown Path ResetSystem.efi RealPath TextMode NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 #INFO (prev-lang:kbd) en:252 (ABC), set 656e3a323532 ForceDisplayRotationInEFI 0 SystemAudioVolume Rg== boot-args keepsyms=1 csr-active-config Jg8= prev-lang:kbd ZW4tVVM6MA== run-efi-updater No Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args ForceDisplayRotationInEFI LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name fmm-mobileme-token-FMM fmm-mobileme-token-FMM-BridgeHasAccount nvda_drv prev-lang:kbd backlight-level BootCampHD 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic CustomMemory Generic AdviseFeatures MLB C02717306J9JG361M MaxBIOSVersion ProcessorType 0 ROM m7zhIYfl SpoofVendor SystemMemoryStatus Auto SystemProductName iMacPro1,1 SystemSerialNumber C02TM2ZBHX87 SystemUUID 007076A6-F2A2-4461-BBE5-BAD019F8025A UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UseRawUuidEncoding UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate -1 MinVersion -1 AppleInput AppleEvent Builtin CustomDelays GraphicsInputMirroring KeyInitialDelay 50 KeySubsequentDelay 5 PointerDwellClickTimeout 0 PointerDwellDoubleClickTimeout 0 PointerDwellRadius 0 PointerPollMask -1 PointerPollMax 80 PointerPollMin 10 PointerSpeedDiv 1 PointerSpeedMul 1 Audio AudioCodec 0 AudioDevice AudioOutMask 1 AudioSupport DisconnectHda MaximumGain -15 MinimumAssistGain -30 MinimumAudibleGain -55 PlayChime Auto ResetTrafficClass SetupDelay 0 ConnectDrivers Drivers Arguments Comment Enabled LoadEarly Path OpenVariableRuntimeDxe.efi Arguments Comment Enabled LoadEarly Path OpenRuntime.efi Arguments Comment HFS+ Driver Enabled LoadEarly Path OpenHfsPlus.efi Arguments Comment Enabled LoadEarly Path OpenCanopy.efi Arguments Comment Enabled LoadEarly Path AudioDxe.efi Arguments Comment Enabled LoadEarly Path OpenPartitionDxe.efi Arguments Comment Enabled LoadEarly Path OpenUsbKbDxe.efi Arguments Comment Enabled LoadEarly Path UsbMouseDxe.efi Arguments Comment Enabled LoadEarly Path Ps2KeyboardDxe.efi Arguments Comment Enabled LoadEarly Path Ps2MouseDxe.efi Arguments Comment Enabled LoadEarly Path HiiDatabase.efi Arguments Comment Enabled LoadEarly Path NvmExpressDxe.efi Arguments Comment Enabled LoadEarly Path XhciDxe.efi Arguments Comment Enabled LoadEarly Path ExFatDxe.efi Arguments Comment Enabled LoadEarly Path CrScreenshotDxe.efi Arguments Comment Enabled LoadEarly Path Ext4Dxe.efi Arguments Comment Enabled LoadEarly Path DpcDxe.efi Arguments Comment Enabled LoadEarly Path SnpDxe.efi Arguments Comment Enabled LoadEarly Path MnpDxe.efi Arguments Comment Enabled LoadEarly Path ArpDxe.efi Arguments Comment Enabled LoadEarly Path Dhcp4Dxe.efi Arguments Comment Enabled LoadEarly Path Ip4Dxe.efi Arguments Comment Enabled LoadEarly Path Udp4Dxe.efi Arguments Comment Enabled LoadEarly Path TcpDxe.efi Arguments Comment Enabled LoadEarly Path DnsDxe.efi Arguments Comment Enabled LoadEarly Path HttpDxe.efi Arguments Comment Enabled LoadEarly Path HttpUtilitiesDxe.efi Arguments Comment Enabled LoadEarly Path HttpBootDxe.efi Arguments Comment Enabled LoadEarly Path OpenLinuxBoot.efi Arguments Comment Enabled LoadEarly Path ResetNvramEntry.efi Arguments Comment Enabled LoadEarly Path ToggleSipEntry.efi Arguments Comment Enabled LoadEarly Path FirmwareSettingsEntry.efi Input KeyFiltering KeyForgetThreshold 5 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleFont ConsoleMode DirectGopRendering ForceResolution GopBurstMode GopPassThrough Disabled IgnoreTextInGraphics InitialMode Auto ProvideConsoleGop ReconnectGraphicsOnConnect ReconnectOnResChange ReplaceTabWithSpace Resolution 1920x1080@32 SanitiseClearScreen TextRenderer BuiltinGraphics UIScale 0 UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEg2Info AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo PciIo UnicodeCollation Quirks ActivateHpetSupport DisableSecurityPolicy EnableVectorAcceleration EnableVmx ExitBootServicesDelay 0 ForceOcWriteFlash ForgeUefiSupport IgnoreInvalidFlexRatio ReleaseUsbOwnership ReloadOptionRoms RequestBootVarRouting ResizeGpuBars -1 ResizeUsePciRbIo ShimRetainProtocol TscSyncTimeout 0 UnblockFsConnect ReservedMemory ================================================ FILE: compose.yml ================================================ services: macos: image: dockurr/macos container_name: macos environment: VERSION: "14" devices: - /dev/kvm - /dev/net/tun cap_add: - NET_ADMIN ports: - 8006:8006 - 5900:5900/tcp - 5900:5900/udp volumes: - ./macos:/storage restart: always stop_grace_period: 2m ================================================ FILE: kubernetes.yml ================================================ --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: macos-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 64Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: macos labels: name: macos spec: replicas: 1 selector: matchLabels: app: macos template: metadata: labels: app: macos spec: containers: - name: macos image: dockurr/macos env: - name: VERSION value: "14" - name: DISK_SIZE value: "64G" ports: - containerPort: 8006 name: http protocol: TCP - containerPort: 5900 name: vnc protocol: TCP securityContext: capabilities: add: - NET_ADMIN privileged: true volumeMounts: - mountPath: /storage name: storage - mountPath: /dev/kvm name: dev-kvm - mountPath: /dev/net/tun name: dev-tun terminationGracePeriodSeconds: 120 volumes: - name: storage persistentVolumeClaim: claimName: macos-pvc - hostPath: path: /dev/kvm name: dev-kvm - hostPath: path: /dev/net/tun type: CharDevice name: dev-tun --- apiVersion: v1 kind: Service metadata: name: macos spec: internalTrafficPolicy: Cluster ports: - name: http port: 8006 protocol: TCP targetPort: 8006 - name: vnc port: 5900 protocol: TCP targetPort: 5900 selector: app: macos type: ClusterIP ================================================ FILE: license.md ================================================ MIT License Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: readme.md ================================================

macOS
[![Build]][build_url] [![Version]][tag_url] [![Size]][tag_url] [![Package]][pkg_url] [![Pulls]][hub_url]

MacOS inside a Docker container. ## Features ✨ - KVM acceleration - Web-based viewer - Automatic download ## Usage 🐳 ##### Via Docker Compose: ```yaml services: macos: image: dockurr/macos container_name: macos environment: VERSION: "14" devices: - /dev/kvm - /dev/net/tun cap_add: - NET_ADMIN ports: - 8006:8006 - 5900:5900/tcp - 5900:5900/udp volumes: - ./macos:/storage restart: always stop_grace_period: 2m ``` ##### Via Docker CLI: ```bash docker run -it --rm --name macos -e "VERSION=14" -p 8006:8006 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/macos:/storage" --stop-timeout 120 docker.io/dockurr/macos ``` ##### Via Kubernetes: ```shell kubectl apply -f https://raw.githubusercontent.com/dockur/macos/refs/heads/master/kubernetes.yml ``` ##### Via Github Codespaces: [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/dockur/macos) ## FAQ 💬 ### How do I use it? Very simple! These are the steps: - Start the container and connect to [port 8006](http://127.0.0.1:8006/) using your web browser. - Choose `Disk Utility` and then select the largest `Apple Inc. VirtIO Block Media` disk. - Click the `Erase` button to format the disk to APFS, and give it any name you like. - Close the current window and proceed the installation by clicking `Reinstall macOS`. - When prompted where you want to install it, select the disk you created previously. - After all files are copied, select your region, language, and keyboard settings. - When the `Migration Assistant` wants to transfer data, select `Not now` (bottom left). - On the `Apple ID` screen, select `Set Up Later` (bottom left) and then proceed using `Skip`. - On the `Create a Computer Account` screen, fill in a username and password and `Continue`. Enjoy your brand new machine, and don't forget to star this repo! ### How do I select the version of macOS? By default, macOS 14 (Sonoma) will be installed, but you can add the `VERSION` environment variable in order to specify an alternative: ```yaml environment: VERSION: "15" ``` Select from the values below: | **Value** | **Version** | **Name** | |-------------|----------------|------------------| | `15` | macOS 15 | Sequoia | | `14` | macOS 14 | Sonoma | | `13` | macOS 13 | Ventura | | `12` | macOS 12 | Monterey | | `11` | macOS 11 | Big Sur | > [!NOTE] > Support for macOS 15 (Sequoia) is still in its infancy, as it does not allow you to sign in to your Apple Account yet. ### How do I change the storage location? To change the storage location, include the following bind mount in your compose file: ```yaml volumes: - ./macos:/storage ``` Replace the example path `./macos` with the desired storage folder or named volume. ### How do I change the size of the disk? To expand the default size of 64 GB, add the `DISK_SIZE` setting to your compose file and set it to your preferred capacity: ```yaml environment: DISK_SIZE: "256G" ``` > [!TIP] > This can also be used to resize the existing disk to a larger capacity without any data loss. ### How do I change the amount of CPU or RAM? By default, macOS will be allowed to use a single CPU core and 4 GB of RAM. If you want to adjust this, you can specify the desired amount using the following environment variables: ```yaml environment: RAM_SIZE: "8G" CPU_CORES: "4" ``` > [!IMPORTANT] > If your system has an AMD processor (instead of Intel), it is not advisable to enable multiple cores before the installation is completed and you have verified that everything runs stable for a while. Because in many cases it will introduce issues, which are difficult to pinpoint if you do not have experience with its behavior on a single core first. ### How do I assign an individual IP address to the container? By default, the container uses bridge networking, which shares the IP address with the host. If you want to assign an individual IP address to the container, you can create a macvlan network as follows: ```bash docker network create -d macvlan \ --subnet=192.168.0.0/24 \ --gateway=192.168.0.1 \ --ip-range=192.168.0.100/28 \ -o parent=eth0 vlan ``` Be sure to modify these values to match your local subnet. Once you have created the network, change your compose file to look as follows: ```yaml services: macos: container_name: macos .... networks: vlan: ipv4_address: 192.168.0.100 networks: vlan: external: true ``` An added benefit of this approach is that you won't have to perform any port mapping anymore, since all ports will be exposed by default. > [!IMPORTANT] > This IP address won't be accessible from the Docker host due to the design of macvlan, which doesn't permit communication between the two. If this is a concern, you need to create a [second macvlan](https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/#host-access) as a workaround. ### How can macOS acquire an IP address from my router? After configuring the container for [macvlan](#how-do-i-assign-an-individual-ip-address-to-the-container), it is possible for macOS to become part of your home network by requesting an IP from your router, just like your other devices. To enable this mode, in which the container and macOS will have separate IP addresses, add the following lines to your compose file: ```yaml environment: DHCP: "Y" devices: - /dev/vhost-net device_cgroup_rules: - 'c *:* rwm' ``` ### How do I pass-through a disk? It is possible to pass-through disk devices or partitions directly by adding them to your compose file in this way: ```yaml devices: - /dev/sdb:/disk1 - /dev/sdc1:/disk2 ``` Use `/disk1` if you want it to become your main drive, and use `/disk2` and higher to add them as secondary drives. ### How do I pass-through a USB device? To pass-through a USB device, first lookup its vendor and product id via the `lsusb` command, then add them to your compose file like this: ```yaml environment: ARGUMENTS: "-device usb-host,vendorid=0x1234,productid=0x1234" devices: - /dev/bus/usb ``` ### How do I share files with the host? To share files with the host, add the following volume to your compose file: ```yaml volumes: - ./example:/shared ``` Then start macOS and execute the following command: ```shell sudo -S mount_9p shared ``` In Finder’s menu bar, click on “Go – Computer” to access this shared folder, it will show the contents of `./example`. ### How do I verify if my system supports KVM? First check if your software is compatible using this chart: | **Product** | **Linux** | **Win11** | **Win10** | **macOS** | |---|---|---|---|---| | Docker CLI | ✅ | ✅ | ❌ | ❌ | | Docker Desktop | ❌ | ✅ | ❌ | ❌ | | Podman CLI | ✅ | ✅ | ❌ | ❌ | | Podman Desktop | ✅ | ✅ | ❌ | ❌ | After that you can run the following commands in Linux to check your system: ```bash sudo apt install cpu-checker sudo kvm-ok ``` If you receive an error from `kvm-ok` indicating that KVM cannot be used, please check whether: - the virtualization extensions (`Intel VT-x` or `AMD SVM`) are enabled in your BIOS. - you enabled "nested virtualization" if you are running the container inside a virtual machine. - you are not using a cloud provider, as most of them do not allow nested virtualization for their VPS's. If you did not receive any error from `kvm-ok` but the container still complains about a missing KVM device, it could help to add `privileged: true` to your compose file (or `sudo` to your `docker` command) to rule out any permission issue. ### How do I run Windows in a container? You can use [dockur/windows](https://github.com/dockur/windows) for that. It shares many of the same features, and even has completely automatic installation. ### How do I run a Linux desktop in a container? You can use [qemus/qemu](https://github.com/qemus/qemu) in that case. ### Is this project legal? Yes, this project contains only open-source code and does not distribute any copyrighted material. Neither does it try to circumvent any copyright protection measures. So under all applicable laws, this project will be considered legal. However, by installing Apple's macOS, you must accept their end-user license agreement, which does not permit installation on non-official hardware. So only run this container on hardware sold by Apple, as any other use will be a violation of their terms and conditions. ## Acknowledgements 🙏 Special thanks to [seitenca](https://github.com/seitenca), this project would not exist without her invaluable work. ## Stars 🌟 [![Stars](https://starchart.cc/dockur/macos.svg?variant=adaptive)](https://starchart.cc/dockur/macos) ## Disclaimer ⚖️ *Only run this container on Apple hardware, any other use is not permitted by their EULA. The product names, logos, brands, and other trademarks referred to within this project are the property of their respective trademark holders. This project is not affiliated, sponsored, or endorsed by Apple Inc.* [build_url]: https://github.com/dockur/macos/ [hub_url]: https://hub.docker.com/r/dockurr/macos/ [tag_url]: https://hub.docker.com/r/dockurr/macos/tags [pkg_url]: https://github.com/dockur/macos/pkgs/container/macos [Build]: https://github.com/dockur/macos/actions/workflows/build.yml/badge.svg [Size]: https://img.shields.io/docker/image-size/dockurr/macos/latest?color=066da5&label=size [Pulls]: https://img.shields.io/docker/pulls/dockurr/macos.svg?style=flat&label=pulls&logo=docker [Version]: https://img.shields.io/docker/v/dockurr/macos/latest?arch=amd64&sort=semver&color=066da5 [Package]: https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fipitio.github.io%2Fbackage%2Fdockur%2Fmacos%2Fmacos.json&query=%24.downloads&logo=github&style=flat&color=066da5&label=pulls ================================================ FILE: src/boot.sh ================================================ #!/usr/bin/env bash set -Eeuo pipefail # Docker environment variables : "${SECURE:="off"}" # Secure boot : "${BOOT_MODE:="macos"}" # Boot mode BOOT_DESC="" BOOT_OPTS="" OVMF="/usr/share/OVMF" msg="Configuring boot..." html "$msg" [[ "$DEBUG" == [Yy1]* ]] && echo "$msg" case "${HEIGHT,,}" in "1080" ) DEST="$PROCESS" ROM="OVMF_CODE.fd" VARS="OVMF_VARS-1920x1080.fd" ;; "768" ) DEST="${PROCESS}_hd" ROM="OVMF_CODE.fd" VARS="OVMF_VARS-1024x768.fd" ;; *) ROM="OVMF_CODE.fd" VARS="OVMF_VARS.fd" DEST="${PROCESS}_${HEIGHT}" ;; esac BOOT_OPTS+=" -smbios type=2" BOOT_OPTS+=" -rtc base=utc,base=localtime" BOOT_OPTS+=" -global ICH9-LPC.disable_s3=1" BOOT_OPTS+=" -global ICH9-LPC.disable_s4=1" BOOT_OPTS+=" -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off" osk=$(echo "bheuneqjbexolgurfrjbeqfthneqrqcyrnfrqbagfgrny(p)NccyrPbzchgreVap" | tr 'A-Za-z' 'N-ZA-Mn-za-m') BOOT_OPTS+=" -device isa-applesmc,osk=$osk" # OVMF DEST="$STORAGE/$DEST" if [ ! -s "$DEST.rom" ] || [ ! -f "$DEST.rom" ]; then [ ! -s "$OVMF/$ROM" ] || [ ! -f "$OVMF/$ROM" ] && error "UEFI boot file ($OVMF/$ROM) not found!" && exit 44 if [[ "${LOGO:-}" == [Nn]* ]]; then cp "$OVMF/$ROM" "$DEST.tmp" else if ! /run/utk.bin "$OVMF/$ROM" replace_ffs LogoDXE "/var/www/img/${PROCESS,,}.ffs" save "$DEST.tmp"; then warn "failed to add custom logo to BIOS!" cp "$OVMF/$ROM" "$DEST.tmp" fi fi mv "$DEST.tmp" "$DEST.rom" ! setOwner "$DEST.rom" && error "Failed to set the owner for \"$DEST.rom\" !" fi if [ ! -s "$DEST.vars" ] || [ ! -f "$DEST.vars" ]; then [ ! -s "$OVMF/$VARS" ] || [ ! -f "$OVMF/$VARS" ]&& error "UEFI vars file ($OVMF/$VARS) not found!" && exit 45 cp "$OVMF/$VARS" "$DEST.tmp" mv "$DEST.tmp" "$DEST.vars" ! setOwner "$DEST.vars" && error "Failed to set the owner for \"$DEST.vars\" !" fi BOOT_OPTS+=" -drive if=pflash,format=raw,readonly=on,file=$DEST.rom" BOOT_OPTS+=" -drive if=pflash,format=raw,file=$DEST.vars" IMG="$STORAGE/boot.img" if [ ! -f "$IMG" ]; then FILE="OpenCore.img" IMG="/tmp/$FILE" rm -f "$IMG" # OpenCoreBoot ISO="/opencore.iso" OUT="/tmp/extract" rm -rf "$OUT" mkdir -p "$OUT" msg="Building boot image" info "$msg..." && html "$msg..." [ ! -f "$ISO" ] && gzip -dk "$ISO.gz" if [ ! -f "$ISO" ] || [ ! -s "$ISO" ]; then error "Could not find image file \"$ISO\"." && exit 10 fi START=$(sfdisk -l "$ISO" | grep -i -m 1 "EFI System" | awk '{print $2}') mcopy -bspmQ -i "$ISO@@${START}S" ::EFI "$OUT" CFG="$OUT/EFI/OC/config.plist" PLIST="/assets/config.plist" [ -f "/config.plist" ] && PLIST="/config.plist" cp "$PLIST" "$CFG" ROM="${MAC//[^[:alnum:]]/}" ROM="${ROM,,}" BROM=$(echo "$ROM" | xxd -r -p | base64) RESOLUTION="${WIDTH}x${HEIGHT}@32" sed -r -i -e 's|m7zhIYfl|'"${BROM}"'|g' "$CFG" sed -r -i -e 's|iMacPro1,1|'"${MODEL}"'|g' "$CFG" sed -r -i -e 's|C02TM2ZBHX87|'"${SN}"'|g' "$CFG" sed -r -i -e 's|C02717306J9JG361M|'"${MLB}"'|g' "$CFG" sed -r -i -e 's|1920x1080@32|'"${RESOLUTION}"'|g' "$CFG" sed -r -i -e 's|007076A6-F2A2-4461-BBE5-BAD019F8025A|'"${UUID}"'|g' "$CFG" # Build image MB=256 CLUSTER=4 START=2048 SECTOR=512 FIRST_LBA=34 SIZE=$(( MB*1024*1024 )) OFFSET=$(( START*SECTOR )) TOTAL=$(( SIZE-(FIRST_LBA*SECTOR) )) LAST_LBA=$(( TOTAL/SECTOR )) COUNT=$(( LAST_LBA-(START-1) )) if ! truncate -s "$SIZE" "$IMG"; then rm -f "$IMG" error "Could not allocate space to create image $IMG ." && exit 11 fi PART="/tmp/partition.fdisk" { echo "label: gpt" echo "label-id: 1ACB1E00-3B8F-4B2A-86A4-D99ED21DCAEB" echo "device: $FILE" echo "unit: sectors" echo "first-lba: $FIRST_LBA" echo "last-lba: $LAST_LBA" echo "sector-size: $SECTOR" echo "" echo "${FILE}1 : start=$START, size=$COUNT, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=05157F6E-0AE8-4D1A-BEA5-AC172453D02C, name=\"primary\"" } > "$PART" sfdisk -q "$IMG" < "$PART" echo "drive c: file=\"$IMG\" partition=0 offset=$OFFSET" > /etc/mtools.conf mformat -F -M "$SECTOR" -c "$CLUSTER" -T "$COUNT" -v "EFI" "C:" mcopy -bspmQ "$OUT/EFI" "C:" rm -rf "$OUT" info "" info "Model: $MODEL" info "Rom: $ROM" info "Serial: $SN" info "Board: $MLB" info "" fi ! setOwner "$IMG" && error "Failed to set the owner for \"$IMG\" !" BOOT_DRIVE_ID="OpenCore" DISK_OPTS+=" -device virtio-blk-pci,drive=${BOOT_DRIVE_ID},bus=pcie.0,addr=0x5,bootindex=$BOOT_INDEX" DISK_OPTS+=" -drive file=$IMG,id=$BOOT_DRIVE_ID,format=raw,cache=unsafe,readonly=on,if=none" CPU_VENDOR=$(lscpu | awk '/Vendor ID/{print $3}') DEFAULT_FLAGS="vendor=GenuineIntel,vmx=off,vmware-cpuid-freq=on,-pdpe1gb" if [[ "$CPU_VENDOR" == "AuthenticAMD" || "${KVM:-}" == [Nn]* ]]; then if [ -z "${CPU_MODEL:-}" ]; then case "${VERSION,,}" in "ventura" | "13"* ) CPU_MODEL="Haswell-noTSX" ;; "monterey" | "12"* ) CPU_MODEL="Haswell-noTSX" ;; "bigsur" | "big-sur" | "11"* ) CPU_MODEL="Haswell-noTSX" ;; "catalina" | "10"* ) CPU_MODEL="Haswell-noTSX" ;; *) CPU_MODEL="Skylake-Client-v4" DEFAULT_FLAGS+=",-spec-ctrl" ;; esac fi if [[ "${KVM:-}" == [Nn]* ]] || [[ "${ARCH,,}" != "amd64" ]] || [[ "$OSTYPE" =~ ^darwin ]]; then DEFAULT_FLAGS+=",-pcid,-tsc-deadline,-invpcid,-xsavec,-xsaves,+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+fma,+bmi1,+bmi2,+smep,+xsave,+xsaveopt,+xgetbv1,+movbe,+rdrand,check" else DEFAULT_FLAGS+=",+pcid,+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+fma,+bmi1,+bmi2,+smep,+xsave,+xsavec,+xsaves,+xsaveopt,+xgetbv1,+movbe,+rdrand,check" fi fi if [ -z "${CPU_FLAGS:-}" ]; then CPU_FLAGS="$DEFAULT_FLAGS" else CPU_FLAGS="$DEFAULT_FLAGS,$CPU_FLAGS" fi SM_BIOS="" CLOCKSOURCE="tsc" [[ "${ARCH,,}" == "arm64" ]] && CLOCKSOURCE="arch_sys_counter" CLOCK="/sys/devices/system/clocksource/clocksource0/current_clocksource" if [ ! -f "$CLOCK" ]; then warn "file \"$CLOCK\" cannot not found?" else result=$(<"$CLOCK") result="${result//[![:print:]]/}" case "${result,,}" in "${CLOCKSOURCE,,}" ) if [[ "$CPU_VENDOR" == "GenuineIntel" && "$CPU_CORES" == "1" && "${KVM:-}" != [Nn]* ]]; then CPU_CORES="2" fi ;; "kvm-clock" ) warn "Nested KVM virtualization detected, this might cause issues running macOS!" ;; "hyperv_clocksource_tsc_page" ) info "Nested Hyper-V virtualization detected, this might cause issues running macOS!" ;; "hpet" ) warn "unsupported clock source detected: '$result'. Please set host clock source to '$CLOCKSOURCE', otherwise it will cause issues running macOS!" ;; *) warn "unexpected clock source detected: '$result'. Please set host clock source to '$CLOCKSOURCE', otherwise it will cause issues running macOS!" ;; esac fi case "$CPU_CORES" in "" | "0" | "3" ) CPU_CORES="2" ;; "5" ) CPU_CORES="4" ;; "9" ) CPU_CORES="8" ;; esac case "$CPU_CORES" in "1" | "2" | "4" | "8" ) SMP="$CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1" ;; "6" | "7" ) SMP="$CPU_CORES,sockets=3,dies=1,cores=2,threads=1" ;; "10" | "11" ) SMP="$CPU_CORES,sockets=5,dies=1,cores=2,threads=1" ;; "12" | "13" ) SMP="$CPU_CORES,sockets=3,dies=1,cores=4,threads=1" ;; "14" | "15" ) SMP="$CPU_CORES,sockets=7,dies=1,cores=2,threads=1" ;; "16" | "32" | "64" ) SMP="$CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1" ;; *) error "Invalid amount of CPU_CORES, value \"${CPU_CORES}\" is not a power of 2!" && exit 35 ;; esac USB="nec-usb-xhci,id=xhci" USB+=" -device usb-kbd,bus=xhci.0" USB+=" -global nec-usb-xhci.msi=off" return 0 ================================================ FILE: src/entry.sh ================================================ #!/usr/bin/env bash set -Eeuo pipefail : "${APP:="macOS"}" : "${VGA:="vmware"}" : "${DISK_TYPE:="blk"}" : "${PLATFORM:="x64"}" : "${SUPPORT:="https://github.com/dockur/macos"}" cd /run . start.sh # Startup hook . utils.sh # Load functions . reset.sh # Initialize system . server.sh # Start webserver . install.sh # Get the OSX images . disk.sh # Initialize disks . display.sh # Initialize graphics . network.sh # Initialize network . boot.sh # Configure boot . proc.sh # Initialize processor . memory.sh # Check available memory . config.sh # Configure arguments . finish.sh # Finish initialization trap - ERR version=$(qemu-system-x86_64 --version | head -n 1 | cut -d '(' -f 1 | awk '{ print $NF }') info "Booting ${APP}${BOOT_DESC} using QEMU v$version..." exec qemu-system-x86_64 ${ARGS:+ $ARGS} ================================================ FILE: src/install.sh ================================================ #!/usr/bin/env bash set -Eeuo pipefail # Docker environment variables : "${SN:=""}" # Device serial : "${MLB:=""}" # Board serial : "${MAC:=""}" # MAC address : "${UUID:=""}" # Unique ID : "${VERSION:=""}" # OSX Version : "${WIDTH:="1920"}" # Horizontal : "${HEIGHT:="1080"}" # Vertical : "${MODEL:="iMacPro1,1"}" # Device model BASE_IMG_ID="InstallMedia" BASE_IMG="$STORAGE/base.dmg" function getRandom() { local length="${1}" local result="" local chars=("0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "A" "B" "C" "D" "E" "F") for ((i=0; i&1 | tr ';' '\n' | awk -F'session=|;' '{print $2}' | grep 1) info=$(curl --disable -s -X POST -H "Host: osrecovery.apple.com" \ -H "Connection: close" \ -A "InternetRecovery/1.0" \ -b "session=\"${appleSession}\"" \ -H "Content-Type: text/plain" \ -d $'cid='"$(getRandom 16)"$'\nsn='"${mlb}"$'\nbid='"${board}"$'\nk='"$(getRandom 64)"$'\nfg='"$(getRandom 64)"$'\nos='"${type}" \ https://osrecovery.apple.com/InstallationPayload/RecoveryImage | tr ' ' '\n') downloadLink=$(echo "$info" | grep 'oscdn' | grep 'dmg') downloadSession=$(echo "$info" | grep 'expires' | grep 'dmg') if [ -z "$downloadLink" ] || [ -z "$downloadSession" ]; then local code="99" msg="Failed to connect to the Apple servers, reason:" curl --silent --max-time 10 --output /dev/null --fail -H "Host: osrecovery.apple.com" -H "Connection: close" -A "InternetRecovery/1.0" https://osrecovery.apple.com/ || { code="$?" } case "${code,,}" in "6" ) error "$msg could not resolve host!" ;; "7" ) error "$msg no internet connection available!" ;; "28" ) error "$msg connection timed out!" ;; "99" ) [ -n "$info" ] && echo "$info" && echo error "$msg unknown error" ;; *) error "$msg $code" ;; esac return 1 fi # Check if running with interactive TTY or redirected to docker log if [ -t 1 ]; then progress="--progress=bar:noscroll" else progress="--progress=dot:giga" fi rm -f "$dest" /run/progress.sh "$dest" "0" "$msg ([P])..." & { wget "$downloadLink" -O "$dest" -q --header "Host: oscdn.apple.com" --header "Connection: close" --header "User-Agent: InternetRecovery/1.0" --header "Cookie: AssetToken=${downloadSession}" --timeout=30 --no-http-keep-alive --show-progress "$progress"; rc=$?; } || : fKill "progress.sh" if (( rc == 0 )) && [ -f "$dest" ]; then total=$(stat -c%s "$dest") size=$(formatBytes "$total") if [ "$total" -lt 100000 ]; then error "Invalid recovery image, file is only $size ?" && return 1 fi html "Download finished successfully..." return 0 fi msg="Failed to download $downloadLink" (( rc == 3 )) && error "$msg , cannot write file (disk full?)" && return 1 (( rc == 4 )) && error "$msg , network failure!" && return 1 (( rc == 8 )) && error "$msg , server issued an error response!" && return 1 error "$msg , reason: $rc" return 1 } install() { local board local version="$1" local dest="$2" case "${version,,}" in "tahoe" | "26"* | "16"* ) board="Mac-CFF7D910A743CAAF" ;; "sequoia" | "15"* ) board="Mac-937A206F2EE63C01" ;; "sonoma" | "14"* ) board="Mac-827FAC58A8FDFA22" ;; "ventura" | "13"* ) board="Mac-4B682C642B45593E" ;; "monterey" | "12"* ) board="Mac-B809C3757DA9BB8D" ;; "bigsur" | "big-sur" | "11"* ) board="Mac-2BD1B31983FE1663" ;; "catalina" | "10"* ) board="Mac-00BE6ED71E35EB86" ;; *) error "Unknown VERSION specified, value \"${version}\" is not recognized!" return 1 ;; esac rm -f "$dest" if ! makeDir "$STORAGE"; then error "Failed to create directory \"$STORAGE\" !" && return 1 fi find "$STORAGE" -maxdepth 1 -type f \( -iname '*.rom' -or -iname '*.vars' \) -delete find "$STORAGE" -maxdepth 1 -type f \( -iname 'data.*' -or -iname 'macos.*' \) -delete if [ -f "/boot.dmg" ]; then cp "/boot.dmg" "$dest" return 0 fi local file="$STORAGE/boot.dmg" if ! download "$file" "$board" "$version"; then delay 5 if ! download "$file" "$board" "$version"; then rm -f "$file" exit 60 fi fi mv -f "$file" "$dest" return 0 } generateID() { local file="$STORAGE/$PROCESS.id" [ -n "$UUID" ] && return 0 [ -s "$file" ] && UUID=$(<"$file") UUID="${UUID//[![:print:]]/}" [ -n "$UUID" ] && return 0 UUID=$(cat /proc/sys/kernel/random/uuid 2> /dev/null || uuidgen --random) UUID="${UUID^^}" UUID="${UUID//[![:print:]]/}" echo "$UUID" > "$file" ! setOwner "$file" && error "Failed to set the owner for \"$file\" !" return 0 } generateAddress() { local file="$STORAGE/$PROCESS.mac" [ -n "$MAC" ] && return 0 [ -s "$file" ] && MAC=$(<"$file") MAC="${MAC//[![:print:]]/}" [ -n "$MAC" ] && return 0 # Generate Apple MAC address based on Docker container ID in hostname MAC=$(echo "$HOST" | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/00:16:cb:\3:\4:\5/') MAC="${MAC^^}" echo "$MAC" > "$file" ! setOwner "$file" && error "Failed to set the owner for \"$file\" !" return 0 } generateSerial() { local file="$STORAGE/$PROCESS.sn" local file2="$STORAGE/$PROCESS.mlb" [ -n "$SN" ] && [ -n "$MLB" ] && return 0 [ -s "$file" ] && SN=$(<"$file") [ -s "$file2" ] && MLB=$(<"$file2") SN="${SN//[![:print:]]/}" MLB="${MLB//[![:print:]]/}" [ -n "$SN" ] && [ -n "$MLB" ] && return 0 # Generate unique serial numbers for machine SN=$(/usr/local/bin/macserial --num 1 --model "${MODEL}" 2>/dev/null) SN="${SN##*$'\n'}" [[ "$SN" != *" | "* ]] && error "$SN" && return 1 MLB=${SN#*|} MLB="${MLB#"${MLB%%[![:space:]]*}"}" SN="${SN%%|*}" SN="${SN%"${SN##*[![:space:]]}"}" echo "$SN" > "$file" echo "$MLB" > "$file2" ! setOwner "$file" && error "Failed to set the owner for \"$file\" !" ! setOwner "$file2" && error "Failed to set the owner for \"$file2\" !" return 0 } if [[ "${VERSION}" == \"*\" || "${VERSION}" == \'*\' ]]; then VERSION="${VERSION:1:-1}" fi VERSION=$(expr "$VERSION" : "^\ *\(.*[^ ]\)\ *$") if [ -z "$VERSION" ]; then VERSION="14" warn "no value specified for the VERSION variable, defaulting to \"${VERSION}\"." fi if [ ! -f "$BASE_IMG" ] || [ ! -s "$BASE_IMG" ]; then STORAGE="$STORAGE/${VERSION,,}" BASE_IMG="$STORAGE/base.dmg" if [ ! -f "$BASE_IMG" ] || [ ! -s "$BASE_IMG" ]; then ! install "$VERSION" "$BASE_IMG" && exit 34 ! setOwner "$BASE_IMG" && error "Failed to set the owner for \"$BASE_IMG\" !" fi fi if ! generateID; then error "Failed to generate UUID!" && exit 35 fi if ! generateSerial; then error "Failed to generate serial number!" && exit 36 fi if ! generateAddress; then error "Failed to generate MAC address!" && exit 37 fi DISK_OPTS="-device virtio-blk-pci,drive=${BASE_IMG_ID},bus=pcie.0,addr=0x6" DISK_OPTS+=" -drive file=$BASE_IMG,id=$BASE_IMG_ID,format=dmg,cache=unsafe,readonly=on,if=none" return 0