Showing preview only (452K chars total). Download the full file or copy to clipboard to get everything.
Repository: sickcodes/Docker-OSX
Branch: master
Commit: aa05a2c9a06a
Files: 46
Total size: 434.5 KB
Directory structure:
gitextract_e88t8r5q/
├── .github/
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE/
│ │ ├── issue-running-docker-osx.md
│ │ └── open-an-issue.md
│ └── workflows/
│ └── docker-build.yml
├── .gitmodules
├── CHANGELOG.md
├── CREDITS.md
├── Dockerfile
├── Dockerfile.auto
├── Dockerfile.naked
├── Dockerfile.naked-auto
├── FAQ.md
├── LICENSE
├── README.md
├── custom/
│ ├── README.md
│ ├── config-custom.plist
│ ├── config-legacy.plist
│ ├── config-nopicker-custom.plist
│ ├── config-nopicker-legacy.plist
│ ├── generate-specific-bootdisk.sh
│ ├── generate-unique-machine-values.sh
│ └── opencore-image-ng.sh
├── docker-compose.yml
├── fetch-macOS.py
├── glibc-linux4-2.33-4-x86_64.pkg.tar.zst
├── helm/
│ ├── Chart.yaml
│ ├── Dockerfile
│ ├── INSTALL-QEMU-AND-GPU-IOMMU.md
│ ├── README.md
│ ├── artifacthub-repo.yml
│ ├── docker-osx-0.2.0.tgz
│ ├── helm-chart-generate.sh
│ ├── index.yaml
│ ├── templates/
│ │ ├── _helpers.tpl
│ │ ├── configmap.yaml
│ │ ├── data-pvc.yaml
│ │ ├── deployment.yaml
│ │ ├── ingress.yaml
│ │ └── service.yaml
│ └── values.yaml
├── rankmirrors
├── scripts/
│ └── apply_appleid_kernelpatch.py
├── tests/
│ ├── boot-images.sh
│ └── test.sh
└── vnc-version/
├── Dockerfile
└── Dockerfile.nakedvnc
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
github: sickcodes
================================================
FILE: .github/ISSUE_TEMPLATE/issue-running-docker-osx.md
================================================
---
name: Issue Running Docker-OSX
about: OS related issued, please help us identify the issue by posting the output
of this
title: ''
labels: ''
assignees: ''
---
# OS related issued, please help us identify the issue by posting the output of this
uname -a \
; echo "${DISPLAY}" \
; echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs \
; grep NAME /etc/os-release \
; df -h . \
; qemu-system-x86_64 --version \
; libvirtd --version \
; free -mh \
; nproc \
; egrep -c '(svm|vmx)' /proc/cpuinfo \
; ls -lha /dev/kvm \
; ls -lha /tmp/.X11-unix/ \
; ps aux | grep dockerd \
; docker ps | grep osx \
; grep "docker\|kvm\|virt" /etc/group
================================================
FILE: .github/ISSUE_TEMPLATE/open-an-issue.md
================================================
---
name: Open an Issue
about: About anything!
title: ''
labels: ''
assignees: ''
---
================================================
FILE: .github/workflows/docker-build.yml
================================================
name: Push Docker Image to Docker Hub
on:
push:
branches:
- master
jobs:
push_to_docker_hub:
name: Push Docker Image to Docker Hub
runs-on: ubuntu-latest
steps:
- name: Checkout code
id: checkout_code
uses: actions/checkout@v3
- name: Login to Docker Hub
id: login_docker_hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER_NAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Echo Docker Hub Username
run: echo ${{ secrets.DOCKER_HUB_USER_NAME }}
- name: Echo GitHub SHA
run: echo $GITHUB_SHA
- name: Build Docker image
id: build_image
run: |
docker build "$GITHUB_WORKSPACE" -t sickcodes/docker-osx:master --label dockerfile-path="Dockerfile"
- name: Label Master Docker Image as Latest
id: label_image
run: |
docker tag sickcodes/docker-osx:master sickcodes/docker-osx:latest
- name: Push Docker image master
id: push_master
run: docker push sickcodes/docker-osx:master
- name: Push Docker image latest
id: push_latest
run: docker push sickcodes/docker-osx:latest
- name: Logout from Docker Hub
run: docker logout
- name: End
run: echo "Docker image pushed to Docker Hub successfully"
================================================
FILE: .gitmodules
================================================
[submodule "osx-serial-generator"]
path = osx-serial-generator
url = https://github.com/sickcodes/osx-serial-generator.git
================================================
FILE: CHANGELOG.md
================================================
|Version|Date|Notes|
|---|---|---|
| |2021-09-09|Add Monterey|
| |2021-08-27|Add iPhone passthrough OTA!|
|6.0|2021-08-25|Added naked-auto. Keep kernel at 5.13, even tho it's just for supermin.|
|5.0|2021-07-25|Retire glibc patch. Retire file command patch. Add bootmenu=on.|
| |2021-07-08|Add CPUID_FLAGS to edit the CPUID flags on the fly.|
|4.4|2021-05-06|Prepare nakedvnc for hub.docker.com. Add `ENV BOOT_ARGS=` to supply additon boot arguments, for example, `vmx,rdtscp`. Add `ENV CPU=Penryn` to allow changes to the CPU emulation, for example, `Skylake-Client`, or see [more examples here](https://manpages.ubuntu.com/manpages/disco/man7/qemu-cpu-models.7.html).|
| |2021-05-04|Disable arbitrary chown warning|
| |2021-04-27|Fixed missing sudo|
| |2021-04-18|Add LIBGUESTFS debug & trace commands, exit on fail when creating bootdisks. Silence touch errors.|
|4.3|2021-03-24|Enable interactive QEMU again. Remove envsubst since we are already using bash... Add set -x flag|
|4.2|2021-03-24|Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add `IMAGE_FORMAT=qcow2` to allow `IMAGE_FORMAT=raw` too.|
| |2021-03-19|Use RAM=3 as the default RAM allocation. Add instructions to clear buff/cache.|
| |2021-03-17|Add RAM=max and RAM=half to dynamically select ram at runtime (DEFAULT).|
| |2021-03-06|Change envs to require --envs. Automatically enable --envs if --output-env is used. Same for plists, bootdisks. Fix help ugliness and sanity of generate serial scripts. Fix bootdisk not getting written to persistent file when using NOPICKER=true. NOPICKER=true is overridden by a custom plist now anyway. Remove useless case statements. Allow -e HEADLESS=true as human readable alternative to -e DISPLAY=:99.|
|4.1|2021-03-04|Add `-e MASTER_PLIST_URL` to all images to allow using your own remote plist.|
| |2021-03-03|Add `WIDTH` and `HEIGHT` to set the x and y resolutions, use in conjuction with serial numbers.|
| |2021-03-02|Add ADDITIONAL_PORTS, for example `-e ADDITIONAL_PORTS='hostfwd=tcp::23-:23,'`|
|4.0|2021-02-27|Add big-sur support. Use `sickcodes/docker-osx:big-sur` or build using `--build-arg VERSION=11`|
| |2021-02-26|Change `-e NOPICKER=true` to simply do `sed -i '/^.*InstallMedia.*/d' Launch.sh` and `export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2`.|
|3.2|2021-02-25|Add a script to generate unique machine serial numbers. Add a script to generate a bootdisk from given serial numbers. Add Linux for libguestfs which allows the docker container to make QEMU bootdisks with specific serial numbers.|
| |2021-02-21|Add NOPICKER environment variable to ALL images.|
|3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.|
| |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.|
| |2021-02-07|Add MAC_ADDRESS environment variable.|
| |2021-02-03|Employ wget --no-verbose to avoid buffer overload in hub.docker.com.|
| |2021-02-03|Reduce build size.|
| |2021-01-27|Add OSX_COMMANDS to allow runtime commands on :auto image.|
| |2021-01-26|Removed most pointless VOLUME build commands.|
|3.0|2021-01-23|Add fast mode boot straight to shell. And -v $PWD/disk.img:/image for all Dockerfiles|
| |2021-01-22|Add additional helm chart instructions and files.|
| |2021-01-15|Fix helm initial disk creation process and add installation instructions.|
| |2021-01-14|Add Helm Chart for Kubernetes support.|
| |2021-01-08|Use IMAGE_PATH as a variable during envsubst for the full path of mac_hdd_ng.img. In preparation for full auto.|
| |2021-01-07|Fix sounds errors and sshd missing on latest build.|
|2.7|2021-01-05|Add rankmirrors. Remove gibMacOS. Replace iptables with iptables-nft. Remove libguestfs.|
| |2020-12-17|Remove unnecessary WORKDIR commands.|
| |2020-12-16|Reduce image size by cloning OSX-KVM to only 1 depth level. Simplify mkdir && chown to mkdir -m|
| |2020-10-06|Add the ability to skip the boot screen with ./Launch-nopicker.sh|
| |2020-10-05|Add vim/vi and nano to the container.|
|2.6|2020-09-26|Increase version.|
| |2020-09-25|Add some WORKDIR fixes.|
| |2020-09-24|Clear pacman cache after use to reduce disk size significantly. Add various shell expansions to inline variables. Add set -eu to Launch.sh. Add a shebang to Launch.sh. Add tcg acceleration as a fallback to kvm. Remove need for display **(This change is reverted later)**. Chown /dev/kvm and /dev/snd. Remove --privileged by specifying required passthroughs. Add audio driver arguments to satisfy QEMU **(USB SoundCard recommended)**. Tidy Launch.sh to reduce image by 2.5GB (from 6GB). |
|2.5|2020-09-20|Critical changes to TigerVNC due to upstream overhaul in TigerVNC.|
| |2020-09-20|Replace ebtables with iptables-nft.|
| |2020-08-29|Increase default OSX to 10.15.6 and add SCREEN_SHARE_PORT=5900 ENV variable.|
| |2020-08-23|Add OSX Screen Sharing port forwarding.|
| |2020-08-23|Clear /tmp/.X99-lock before starting the VNC version.|
| |2020-07-02|Refresh the docker-compose file.|
| |2020-06-22|Add some mirrors to the container.|
| |2020-06-22|Add more force updates to pacman.|
| |2020-06-18|Significantly reduce image layer count by concatenating groups of commands.|
| |2020-06-18|Use the mainline image as the base image for the VNC version.|
|2.0|2020-06-15|Change default OSX version from 10.14.6 to 10.15.5. Add SSH port forwarding inside the container thru to the guest. Increase default arbitrary disk size to 200G. Force update pacman to prevent old mirror links. Add custom Launch.sh script. Add customizable RAM, SMP, CORES, EXTRA and INTERNAL_SSH_PORT|
| |2020-06-14|Remove yay|
| |2020-06-10|Add an OR for attemping to kill non-existent VNC lock files.|
| |2020-06-09|Instruct gibMacOS to download recovery disk only.|
| |2020-06-09|Remove VNC lockfile from killed containers preventing a restart.|
| |2020-06-08|Add docker-compose.yml|
| |2020-06-07|Add VNC version inside the vnc folder.|
| |2020-06-05|Remove systemctl enable libvirtd.service/virtlogd.service since Docker doesn't have systemd|
| |2020-06-04|Removed svm\|vmx via /proc/cpuinfo check which fails on hub.docker.com|
|1.0|2020-06-04|Initial Release|
================================================
FILE: CREDITS.md
================================================
# Credits
The most important part of the project. You.
## Upstream Acknowledgements:
This project uses OSX-KVM from https://github.com/kholia/OSX-KVM and fully appreciates the work done by [@Kholia](https://github.com/Kholia) and all the contributors who are listed: [https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md](https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md)
This project also uses KVM-OpenCore from https://github.com/Leoyzen/KVM-Opencore and fully appreciates the work done by [@Leoyzen](https://github.com/Leoyzen).
We use a special fork by [Nicholas Sherlock](https://www.nicksherlock.com/) of KVM-Opencore https://github.com/thenickdude/KVM-Opencore and thank Nick for his awesome upstream work!
This project now uses the fantastic OpenCore bootloader from the community OpenCore project: https://github.com/acidanthera/OpenCorePkg. You can join their [Subreddit here](https://www.reddit.com/r/hackintosh/)!
## These credits refer to the legendary contributors to this repository:
[@GreeFine](https://github.com/GreeFine) - Readme Typo #9
[@parasquid](https://github.com/parasquid) - Docker compose file
[@matusnovak](https://github.com/matusnovak) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31
[@m1k1o](https://github.com/m1k1o) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31
[@qcasey](https://github.com/qcasey) - Removed unnecessary yay in Remove yay dependancy #40
[@tlierdotfr](https://github.com/tlierdotfr) - Reduce number of layers in Dockerfile
[@Julioevm](https://github.com/Julioevm) - Update docker-compose.yml #57
[@jviotti](https://github.com/jviotti) - Auto-boot thru ShowPicker
[@IAmBenMitchell]([https://github.com/MrBenFTW](https://github.com/iambenmitchell)) - Updated macOS version 10.15.5 -> 10.15.6, Enabled screen sharing port forwarding, Removed the need to remove 1gb from the partition.
[@hoantp](https://github.com/hoantp) - Initialized TigerVNC 1.11.0 fix
[@jimdigriz](https://github.com/jimdigriz) - Epic fixes: image size, shellisms, fallback2kvm, unprivileged mode https://github.com/sickcodes/Docker-OSX/pull/82
[@NickZhouNan](https://github.com/NickZhouNan) - Bug fix with changed WORKDIR
[@MrBenFTW](https://github.com/MrBenFTW) - Added IP forwarding hot tips, useful for boosting bridged networking in remote environments.
[@mikob](https://github.com/mikob) - Added important warning for Xcode users to reserve 60GB++ - Made instructions more clear for those needing Xcode #94
[@AdamMomen](https://github.com/AdamMomen) - Fixed automatic boot vnc-version container instructions for better usablility
[@PeterDaveHello](https://github.com/PeterDaveHello) - Simplify .ssh directory setup process in Dockerfile #111
[@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce image size by setting git clone depth #110
[@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce Dockerfile instructions and Docker image layers #112
[@weskerfoot](https://github.com/weskerfoot) Docs updates: usb passthrough, headless mode, disk space reduction guide #113
[@PeterDaveHello](https://github.com/PeterDaveHello) - Improve Dockerfile #121
[@cephasara](https://github.com/cephasara) - Add helm chart #124
[@cephasara](https://github.com/cephasara) - Fix helm initial disk creation process and add installation instructions #125
[@cephasara](https://github.com/cephasara) - Add gpu passthrough support as well as dynamic OpenCore chainloader regeneration #132
[@cephasara](https://github.com/cephasara) - Fix helm installation failure and cleanup values organization #134
[@prometheas](https://github.com/prometheas) - docs: fix broken multi-line docker command #140
[@MrBenFTW](https://github.com/MrBenFTW) - Tempfix for arch #150
[@edsonboldrini](https://github.com/edsonboldrini) - Update README.md #161
[@TheHackerCoding](https://github.com/TheHackerCoding) - Typo in README.md #194
[@panos](https://github.com/panos) - Improved README #212
[@ggjulio](https://github.com/ggjulio) - Restarting an "auto" container #216
[@panos](https://github.com/panos) - Improved README #212
[@panos](https://github.com/panos) - Made further improvements to the README #219
[@kaoudis](https://github.com/kaoudis) README / troubleshooting docs improvements #235
[@a10kiloham](https://github.com/a10kiloham) - Dockerfile for :naked image with VNC support #245
[@a10kiloham](https://github.com/a10kiloham) - Adding Bluebubbles as an example use case #250
[@aronzvi](https://github.com/aronzvi) - Fixed Failed to boot OSX with GENERATE_UNIQUE #244
[@tinjaw](https://github.com/tinjaw) - Fixed Type #258
[@m-zheng](https://github.com/m-zheng) - Update README.md #260
[@johnjhacking](https://github.com/johnjhacking) - Change call function to Popen #288
[@allansrc](https://github.com/allansrc) - Update Doc detail for run on WLS #318
[@mcandre](https://github.com/mcandre) - fix typo #334
[@cybik](https://github.com/cybik) Spice fix #337
[@Silfalion](https://github.com/Silfalion) - [https://github.com/Silfalion/Iphone_docker_osx_passthrough](https://github.com/Silfalion/Iphone_docker_osx_passthrough)
[@chirag350](https://github.com/chirag350) use LABEL instead of MAINTAINER since MAINTAINER is deprecated #352
[@Buthrakaur](https://github.com/Buthrakaur) readme - improve instructions for running on windows #361
[@TheHackerCoding](https://github.com/TheHackerCoding) Typo in README #367
[@cameronsteele](https://github.com/cameronsteele) fix Big Sur build example #378
[@eggplants](https://github.com/eggplants) Fix command to launch sickcodes/docker-osx:auto #366
[@martinmullins](https://github.com/martinmullins) Notes for mounting an NFS folder from a linux host #392
[@kimjammer](https://github.com/kimjammer) Readme - Added instructions for using WSLg's built in X11 server #395
[@jk2K](https://github.com/jk2K) fix: support dynamic change of Base image #408
[@MikeCoder96](https://github.com/MikeCoder96) Update README.md with WSL how to #412
[@aslafy-z](https://github.com/aslafy-z) chore(docs): update helm requirements list style #420
[@kimjammer](https://github.com/kimjammer) Update Windows Installation section #422
[@Mhartig](https://github.com/Mhartig) - Worked out issue `Enter a number (default=1): error: invalid number: y`
[@felipestt](https://github.com/felipestt) Use more CPU Cores/SMP' broken #440
[@routmoute](https://github.com/routmoute) README: add PulseAudio with WSLg #442
[@dulatello08](https://github.com/dulatello08) Update README.md #452
[@Anthropohedron](https://github.com/Anthropohedron) Added FAQ.md
================================================
FILE: Dockerfile
================================================
#!/usr/bin/docker
# ____ __ ____ ______ __
# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ /
# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| /
# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / |
# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_|
#
# Title: Docker-OSX (Mac on Docker)
# Author: Sick.Codes https://twitter.com/sickcodes
# Version: 6.0
# License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX
# Website: https://sick.codes
#
# All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm
# OpenCore support go to https://github.com/Leoyzen/KVM-Opencore
# and https://github.com/thenickdude/KVM-Opencore/
#
# This Dockerfile automates the installation of Docker-OSX
# It will build a 200GB container. You can change the size using build arguments.
# This Dockerfile builds on top of the work done by Dhiru Kholia, and many others.
#
# Build:
#
# docker build -t docker-osx .
# docker build -t docker-osx --build-arg VERSION=10.15.5 --build-arg SIZE=200G .
# docker build -t docker-osx-sonoma --build-arg BRANCH=sonoma --build-arg SHORTNAME=sonoma .
#
# Basic Run:
#
# docker run --device /dev/kvm --device /dev/snd -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest
#
# Run with SSH:
#
# docker run --device /dev/kvm --device /dev/snd -e RAM=6 -p 50922:10022 -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest
# # ssh fullname@localhost -p 50922
#
# Optargs:
#
# -v $PWD/disk.img:/image
# -e SIZE=200G
# -e VERSION=10.15.6
# -e RAM=5
# -e SMP=4
# -e CORES=4
# -e EXTRA=
# -e INTERNAL_SSH_PORT=10022
# -e MAC_ADDRESS=
#
# Extra QEMU args:
#
# docker run ... -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8" ...
# # you will also need to pass the device to the container
FROM archlinux:base-devel
LABEL maintainer='https://twitter.com/sickcodes <https://sick.codes>'
SHELL ["/bin/bash", "-c"]
# change disk size here or add during build, e.g. --build-arg VERSION=10.14.5 --build-arg SIZE=50G
ARG SIZE=200G
ARG PARALLEL_DOWNLOADS=30
# OPTIONAL: Arch Linux server mirrors for super fast builds
# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true
RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ ${PARALLEL_DOWNLOADS:=30}/g /etc/pacman.conf
ARG RANKMIRRORS
ARG MIRROR_COUNTRY=US
ARG MIRROR_COUNT=10
RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'
# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys
RUN pacman -Sy archlinux-keyring --noconfirm \
&& rm -rf /etc/pacman.d/gnupg \
&& pacman-key --init \
&& pacman-key --populate archlinux
RUN if [[ "${RANKMIRRORS}" ]]; then \
{ pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \
; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \
; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \
| sed -e 's/^#Server/Server/' -e '/^#/d' \
| head -n "$((${MIRROR_COUNT:-10}+1))" \
| bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \
&& cat /etc/pacman.d/mirrorlist \
; fi
RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com'
# This fails on hub.docker.com, useful for debugging in cloud
# RUN [[ $(egrep -c '(svm|vmx)' /proc/cpuinfo) -gt 0 ]] || { echo KVM not possible on this host && exit 1; }
# RUN tee -a /etc/pacman.conf <<< '[community-testing]' \
# && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist'
RUN pacman -Syu git zip vim nano alsa-utils openssh --noconfirm \
&& ln -s /bin/vim /bin/vi \
&& useradd arch -p arch \
&& tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \
&& mkdir -p /home/arch \
&& chown arch:arch /home/arch
# allow ssh to container
RUN mkdir -p -m 700 /root/.ssh
WORKDIR /root/.ssh
RUN touch authorized_keys \
&& chmod 644 authorized_keys
WORKDIR /etc/ssh
RUN tee -a sshd_config <<< 'AllowTcpForwarding yes' \
&& tee -a sshd_config <<< 'PermitTunnel yes' \
&& tee -a sshd_config <<< 'X11Forwarding yes' \
&& tee -a sshd_config <<< 'PasswordAuthentication yes' \
&& tee -a sshd_config <<< 'PermitRootLogin yes' \
&& tee -a sshd_config <<< 'PubkeyAuthentication yes' \
&& tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_rsa_key' \
&& tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ecdsa_key' \
&& tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ed25519_key'
USER arch
# download OSX-KVM for the submodules
RUN git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git /home/arch/OSX-KVM
# enable ssh
# docker exec .... ./enable-ssh.sh
USER arch
WORKDIR /home/arch/OSX-KVM
RUN touch enable-ssh.sh \
&& chmod +x ./enable-ssh.sh \
&& tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_rsa_key ]] || \' \
&& tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \
&& tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \
&& tee -a enable-ssh.sh <<< 'sudo /usr/bin/ssh-keygen -A' \
&& tee -a enable-ssh.sh <<< 'nohup sudo /usr/bin/sshd -D &'
# QEMU CONFIGURATOR
# set optional ram at runtime -e RAM=16
# set optional cores at runtime -e SMP=4 -e CORES=2
# add any additional commands in QEMU cli format -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8"
# default env vars, RUNTIME ONLY, not for editing in build time.
# RUN yes | sudo pacman -Syu qemu libvirt dnsmasq virt-manager bridge-utils edk2-ovmf netctl libvirt-dbus --overwrite --noconfirm
RUN yes | sudo pacman -Syu bc qemu-desktop libvirt dnsmasq virt-manager bridge-utils openresolv jack2 ebtables edk2-ovmf netctl libvirt-dbus wget scrot --overwrite --noconfirm \
&& yes | sudo pacman -Scc
WORKDIR /home/arch/OSX-KVM
# fix invalid signature on old libguestfs
ARG SIGLEVEL=Never
RUN sudo tee -a /etc/pacman.conf <<< "SigLevel = ${SIGLEVEL}" \
&& sudo tee -a /etc/pacman.conf <<< 'RemoteFileSigLevel = Optional' \
&& sudo sed -i -e 's/^\#RemoteFileSigLevel/RemoteFileSigLevel/g' /etc/pacman.conf
ARG LINUX=true
# required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly
# reminder this is what makes :naked image larger than expected
RUN if [[ "${LINUX}" == true ]]; then \
sudo pacman -Syu linux linux-headers archlinux-keyring guestfs-tools mkinitcpio pcre pcre2 --noconfirm \
&& libguestfs-test-tool \
&& rm -rf /var/tmp/.guestfs-* \
&& yes | sudo pacman -Scc \
; fi
# optional --build-arg to change branches for testing
ARG BRANCH=master
ARG REPO='https://github.com/sickcodes/Docker-OSX.git'
RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH:=master}" "${REPO:=https://github.com/sickcodes/Docker-OSX.git}"
RUN touch Launch.sh \
&& chmod +x ./Launch.sh \
&& tee -a Launch.sh <<< '#!/bin/bash' \
&& tee -a Launch.sh <<< 'set -eux' \
&& tee -a Launch.sh <<< 'sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true' \
&& tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \
&& tee -a Launch.sh <<< '[[ "${RAM}" = max ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 1000000"))"' \
&& tee -a Launch.sh <<< '[[ "${RAM}" = half ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 2000000"))"' \
&& tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \
&& tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-4}000 \' \
&& tee -a Launch.sh <<< '-cpu ${CPU:-Penryn},${CPUID_FLAGS:-vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,}${BOOT_ARGS} \' \
&& tee -a Launch.sh <<< '-machine q35,${KVM-"accel=kvm:tcg"} \' \
&& tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \
&& tee -a Launch.sh <<< '-device qemu-xhci,id=xhci \' \
&& tee -a Launch.sh <<< '-device usb-kbd,bus=xhci.0 -device usb-tablet,bus=xhci.0 \' \
&& tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \
&& tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \
&& tee -a Launch.sh <<< '-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \' \
&& tee -a Launch.sh <<< '-smbios type=2 \' \
&& tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \
&& tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \
&& tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2} \' \
&& tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \
&& tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \
&& tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=${BASESYSTEM_FORMAT:-qcow2} \' \
&& tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \
&& tee -a Launch.sh <<< '-device ide-hd,bus=sata.4,drive=MacHDD \' \
&& tee -a Launch.sh <<< '-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \' \
&& tee -a Launch.sh <<< '-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \' \
&& tee -a Launch.sh <<< '-monitor stdio \' \
&& tee -a Launch.sh <<< '-boot menu=on \' \
&& tee -a Launch.sh <<< '-vga vmware \' \
&& tee -a Launch.sh <<< '${EXTRA:-}'
# docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh
# This is now a legacy command.
# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk
### LEGACY CODE
RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \
&& chmod +x ./Launch-nopicker.sh \
&& sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh
###
USER arch
ENV USER=arch
# These are hardcoded serials for non-iMessage related research
# Overwritten by using GENERATE_UNIQUE=true
# Upstream removed nopicker, so we are adding it back in, at build time
# Once again, this is just for the Docker build so there is a default nopicker image there
# libguestfs verbose
ENV LIBGUESTFS_DEBUG=1
ENV LIBGUESTFS_TRACE=1
ARG STOCK_DEVICE_MODEL=iMacPro1,1
ARG STOCK_SERIAL=C02TM2ZBHX87
ARG STOCK_BOARD_SERIAL=C02717306J9JG361M
ARG STOCK_UUID=007076A6-F2A2-4461-BBE5-BAD019F8025A
ARG STOCK_MAC_ADDRESS=00:0A:27:00:00:00
ARG STOCK_WIDTH=1920
ARG STOCK_HEIGHT=1080
ARG STOCK_MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist
ARG STOCK_MASTER_PLIST_URL_NOPICKER=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist
ARG STOCK_BOOTDISK=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2
ARG STOCK_BOOTDISK_NOPICKER=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2
RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \
--master-plist-url="${STOCK_MASTER_PLIST_URL}" \
--model "${STOCK_DEVICE_MODEL}" \
--serial "${STOCK_SERIAL}" \
--board-serial "${STOCK_BOARD_SERIAL}" \
--uuid "${STOCK_UUID}" \
--mac-address "${STOCK_MAC_ADDRESS}" \
--width "${STOCK_WIDTH}" \
--height "${STOCK_HEIGHT}" \
--output-bootdisk "${STOCK_BOOTDISK}" || exit 1 \
; rm -rf /var/tmp/.guestfs-*
RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \
--master-plist-url="${STOCK_MASTER_PLIST_URL_NOPICKER}" \
--model "${STOCK_DEVICE_MODEL}" \
--serial "${STOCK_SERIAL}" \
--board-serial "${STOCK_BOARD_SERIAL}" \
--uuid "${STOCK_UUID}" \
--mac-address "${STOCK_MAC_ADDRESS}" \
--width "${STOCK_WIDTH}" \
--height "${STOCK_HEIGHT}" \
--output-bootdisk "${STOCK_BOOTDISK_NOPICKER}" || exit 1 \
; rm -rf /var/tmp/.guestfs-*
### symlink the old directory as upstream has renamed a directory. Symlinking purely for backwards compatability!
RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true
####
#### SPECIAL RUNTIME ARGUMENTS BELOW
# env -e ADDITIONAL_PORTS with a comma
# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23,
ENV ADDITIONAL_PORTS=
# since the Makefile uses raw, and raw uses the full disk amount
# we want to use a compressed qcow2
# ENV BASESYSTEM_FORMAT=raw
ENV BASESYSTEM_FORMAT=qcow2
# add additional QEMU boot arguments
ENV BOOT_ARGS=
ENV BOOTDISK=
# edit the CPU that is being emulated
ENV CPU=Penryn
ENV CPUID_FLAGS='vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,'
ENV DISPLAY=:0.0
# Deprecated
ENV ENV=/env
# Boolean for generating a bootdisk with new random serials.
ENV GENERATE_UNIQUE=false
# Boolean for generating a bootdisk with specific serials.
ENV GENERATE_SPECIFIC=false
ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img
ENV IMAGE_FORMAT=qcow2
ENV KVM='accel=kvm:tcg'
ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist"
# ENV NETWORKING=e1000-82545em
ENV NETWORKING=vmxnet3
# boolean for skipping the disk selection menu at in the boot process
ENV NOPICKER=false
# dynamic RAM options for runtime
ENV RAM=4
# ENV RAM=max
# ENV RAM=half
# The x and y coordinates for resolution.
# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true.
ENV WIDTH=1920
ENV HEIGHT=1080
VOLUME ["/tmp/.X11-unix"]
# check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image
# NOPICKER is used to skip the disk selection screen
# GENERATE_UNIQUE is used to generate serial numbers on boot.
# /env is a file that you can generate and save using -v source.sh:/env
# the env file is a file that you can carry to the next container which will supply the serials numbers.
# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using:
# -e DEVICE_MODEL="iMacPro1,1" \
# -e SERIAL="C02TW0WAHX87" \
# -e BOARD_SERIAL="C027251024NJG36UE" \
# -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
# -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
# the output will be /bootdisk.
# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk.
# if you don't set any of the above:
# the default serial numbers are already contained in ./OpenCore/OpenCore.qcow2
# And the default serial numbers
# DMCA compliant download process
# If BaseSystem.img does not exist, download ${SHORTNAME}
# shortname default is below
ENV SHORTNAME=sequoia
ENV BASESYSTEM_IMAGE=BaseSystem.img
CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \
&& printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \
&& make \
&& qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \
&& rm ./BaseSystem.dmg \
; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \
; } \
|| export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" \
|| exit 1 ; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" 2>/dev/null \
; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
|| exit 1 ; } \
; ./enable-ssh.sh && /bin/bash -c ./Launch.sh
# virt-manager mode: eta son
# CMD virsh define <(envsubst < Docker-OSX.xml) && virt-manager || virt-manager
# CMD virsh define <(envsubst < macOS-libvirt-Catalina.xml) && virt-manager || virt-manager
================================================
FILE: Dockerfile.auto
================================================
#!/usr/bin/docker
# ____ __ ____ ______ __
# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ /
# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| /
# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / |
# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :AUTO
#
# Title: Docker-OSX (Mac on Docker)
# Author: Sick.Codes https://twitter.com/sickcodes
# Version: 6.0
# License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX
# Website: https://sick.codes
#
# This Dockerfile is a pre-installed naked installation of Docker-OSX!
#
# Default username: user
# Default password: alpine
#
# Take screenshots in the Arch container and display in terminal: scrotcat
# readme:
# timezone: UTC/GMT
#
# Future versions will navigate the installation process, inside the Dockerfile.
#
#
# Build:
#
# docker build -t docker-osx:auto -f Dockerfile.auto .
#
# Run:
#
# docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng_auto.img:/image docker-osx-auto:latest
#
# SSH:
# From inside the container:
# ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022
#
# From outside the container:
# ssh localhost user@127.0.0.1 -p 50922
# docker exec -it containerid ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022
FROM sickcodes/docker-osx:latest
LABEL maintainer='https://twitter.com/sickcodes <https://sick.codes>'
USER root
WORKDIR /root
# For taking screenshots of the Xfvb screen, useful during development.
ARG SCROT
# OPTIONAL: Arch Linux server mirrors for super fast builds
# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true
RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf
ARG RANKMIRRORS
ARG MIRROR_COUNTRY=US
ARG MIRROR_COUNT=10
RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'
# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys
RUN pacman -Sy archlinux-keyring --noconfirm \
&& rm -rf /etc/pacman.d/gnupg \
&& pacman-key --init \
&& pacman-key --populate archlinux
RUN if [[ "${RANKMIRRORS}" ]]; then \
{ pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \
; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \
; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \
| sed -e 's/^#Server/Server/' -e '/^#/d' \
| head -n "$((${MIRROR_COUNT:-10}+1))" \
| bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \
&& cat /etc/pacman.d/mirrorlist \
; fi
RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com'
RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \
&& if [[ "${SCROT}" ]]; then \
pacman -Syu scrot base-devel --noconfirm \
&& git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \
&& cd imcat \
&& make \
&& sudo cp imcat /usr/bin/imcat \
&& touch /usr/bin/scrotcat \
&& tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \
&& chmod +x /usr/bin/scrotcat \
; else \
touch /usr/bin/scrotcat \
&& echo echo >> /usr/bin/scrotcat \
&& chmod +x /usr/bin/scrotcat \
; fi \
; yes | pacman -Scc
RUN pacman -S sshpass --noconfirm \
&& yes | pacman -Scc
USER arch
ENV USER arch
WORKDIR /home/arch/OSX-KVM
RUN mkdir -p ~/.ssh \
&& touch ~/.ssh/authorized_keys \
&& touch ~/.ssh/config \
&& chmod 700 ~/.ssh \
&& chmod 600 ~/.ssh/config \
&& chmod 600 ~/.ssh/authorized_keys \
&& tee -a ~/.ssh/config <<< 'Host *' \
&& tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
&& tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null'
ARG COMPLETE=true
# use the COMPLETE arg, for a complete image, ready to boot.
# otherwise use your own image: -v "$PWD/disk.img":/image
ARG WGET_OPTIONS=
# ARG WGET_OPTIONS='--no-verbose'
# Feel free to take a copy of this image and then host it internally
ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto.img'
# ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img'
RUN if [[ "${COMPLETE}" ]]; then \
echo "Downloading 20GB image... This step might take a while... Press Ctrl+C if you want to abort." \
; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \
&& wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \
; fi
####
# symlink the old directory, for redundancy
RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true
####
#### SPECIAL RUNTIME ARGUMENTS BELOW
ENV ADDITIONAL_PORTS=
# add additional QEMU boot arguments
ENV BOOT_ARGS=
ENV BOOTDISK=
# edit the CPU that is beign emulated
ENV CPU=Penryn
ENV DISPLAY=:99
ENV HEADLESS=false
ENV ENV=/env
# Boolean for generating a bootdisk with new random serials.
ENV GENERATE_UNIQUE=false
# Boolean for generating a bootdisk with specific serials.
ENV GENERATE_SPECIFIC=false
ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img
ENV IMAGE_FORMAT=qcow2
ENV KVM='accel=kvm:tcg'
# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist"
# ENV NETWORKING=e1000-82545em
ENV NETWORKING=vmxnet3
ENV NOPICKER=true
# set the username and password for automatically logging in
ENV USERNAME=user
ENV PASSWORD=alpine
# dynamic RAM options for runtime
ENV RAM=3
# ENV RAM=max
# ENV RAM=half
# The x and y coordinates for resolution.
# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true.
ENV WIDTH=1920
ENV HEIGHT=1080
# libguestfs verbose
ENV LIBGUESTFS_DEBUG=1
ENV LIBGUESTFS_TRACE=1
ENV TERMS_OF_USE=i_agree
ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree"
# DMCA compliant download process
# If BaseSystem.img does not exist, download ${SHORTNAME}
# shortname default is catalina, which means :latest is catalina
ENV SHORTNAME=sonoma
ENV BASESYSTEM_IMAGE=BaseSystem.img
CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \
&& printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \
&& make \
&& qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \
&& rm ./BaseSystem.dmg \
; echo "${BOILERPLATE}" \
; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \
; echo "Disk is being copied between layers... Please wait a minute..." \
; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \
; } \
|| export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" \
|| exit 1 ; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" 2>/dev/null \
; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
|| exit 1 ; } \
; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \
nohup Xvfb :99 -screen 0 1920x1080x16 \
& until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \
; } \
; stat "${IMAGE_PATH}" \
; echo "Large image is being copied between layers, please wait a minute..." \
; ./enable-ssh.sh \
; [[ -e ~/.ssh/id_docker_osx ]] || { \
/usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \
&& chmod 600 ~/.ssh/id_docker_osx \
; } \
; /bin/bash -c ./Launch.sh \
& echo "Booting Docker-OSX in the background. Please wait..." \
; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \
echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \
; sleep 1 \
; done \
; grep id_docker_osx ~/.ssh/config || { \
tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \
; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \
; tee -a ~/.ssh/config <<< ' Port 10022' \
; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \
; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \
; } \
&& echo 'Default username: user' \
&& echo 'Default password: alpine' \
&& echo 'Change it immediately using the command: passwd' \
&& ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}"
# username: user
# password: alpine
# screenshot: docker exec -it containerid scrotcat
# readme: https://github.com/sickcodes/Docker-OSX
# timezone: UTC/GMT
# Future case option when supplying IMAGE_PATH:
# Zstandard*) zstd -d /image && export IMAGE_PATH=/image;; \
================================================
FILE: Dockerfile.naked
================================================
#!/usr/bin/docker
# ____ __ ____ ______ __
# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ /
# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| /
# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / |
# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED
#
# Title: Docker-OSX (Mac on Docker)
# Author: Sick.Codes https://twitter.com/sickcodes
# Version: 6.0
# License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX
# Website: https://sick.codes
#
# This image won't run unless you supply a disk image using:
# -v ${PWD}/mac_hdd_ng.img:/image
#
# Take screenshots in the Arch container and display in terminal: scrotcat
#
# Build:
#
# docker build -t docker-osx:naked -f Dockerfile.naked .
#
# Run headless:
#
# docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image docker-osx:naked
#
# Run with display:
#
# docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image -e "DISPLAY=${DISPLAY:-:0.0}" -v /tmp/.X11-unix:/tmp/.X11-unix docker-osx:naked
#
FROM sickcodes/docker-osx:latest
LABEL maintainer='https://twitter.com/sickcodes <https://sick.codes>'
USER root
WORKDIR /root
RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img
# OPTIONAL: Arch Linux server mirrors for super fast builds
# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true
RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf
ARG RANKMIRRORS
ARG MIRROR_COUNTRY=US
ARG MIRROR_COUNT=10
RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'
# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys
RUN pacman -Sy archlinux-keyring --noconfirm \
&& rm -rf /etc/pacman.d/gnupg \
&& pacman-key --init \
&& pacman-key --populate archlinux
RUN if [[ "${RANKMIRRORS}" ]]; then \
{ pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \
; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \
; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \
| sed -e 's/^#Server/Server/' -e '/^#/d' \
| head -n "$((${MIRROR_COUNT:-10}+1))" \
| bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \
&& cat /etc/pacman.d/mirrorlist \
; fi
RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com'
# For taking screenshots of the Xfvb screen, useful during development.
ARG SCROT
RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \
&& if [[ "${SCROT}" ]]; then \
pacman -Syu scrot base-devel --noconfirm \
&& git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \
&& cd imcat \
&& make \
&& sudo cp imcat /usr/bin/imcat \
&& touch /usr/bin/scrotcat \
&& tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \
&& chmod +x /usr/bin/scrotcat \
; else \
touch /usr/bin/scrotcat \
&& echo echo >> /usr/bin/scrotcat \
&& chmod +x /usr/bin/scrotcat \
; fi \
; yes | pacman -Scc
USER arch
ENV USER arch
WORKDIR /home/arch/OSX-KVM
RUN mkdir -p ~/.ssh \
&& touch ~/.ssh/authorized_keys \
&& touch ~/.ssh/config \
&& chmod 700 ~/.ssh \
&& chmod 600 ~/.ssh/config \
&& chmod 600 ~/.ssh/authorized_keys \
&& tee -a ~/.ssh/config <<< 'Host *' \
&& tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
&& tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null'
####
# symlink the old directory, for redundancy
RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true
####
#### SPECIAL RUNTIME ARGUMENTS BELOW
ENV ADDITIONAL_PORTS=
# add additional QEMU boot arguments
ENV BOOT_ARGS=
ENV BOOTDISK=
# edit the CPU that is beign emulated
ENV CPU=Penryn
ENV DISPLAY=:99
ENV HEADLESS=false
ENV ENV=/env
# Boolean for generating a bootdisk with new random serials.
ENV GENERATE_UNIQUE=false
# Boolean for generating a bootdisk with specific serials.
ENV GENERATE_SPECIFIC=false
ENV IMAGE_PATH=/image
ENV IMAGE_FORMAT=qcow2
ENV KVM='accel=kvm:tcg'
# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist"
# ENV NETWORKING=e1000-82545em
ENV NETWORKING=vmxnet3
ENV NOPICKER=true
# dynamic RAM options for runtime
ENV RAM=3
# ENV RAM=max
# ENV RAM=half
# The x and y coordinates for resolution.
# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true.
ENV WIDTH=1920
ENV HEIGHT=1080
# libguestfs verbose
ENV LIBGUESTFS_DEBUG=1
ENV LIBGUESTFS_TRACE=1
# DMCA compliant download process
# If BaseSystem.img does not exist, download ${SHORTNAME}
# shortname default is catalina, which means :latest is catalina
ENV SHORTNAME=sonoma
ENV BASESYSTEM_IMAGE=BaseSystem.img
CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \
&& printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \
&& make \
&& qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \
&& rm ./BaseSystem.dmg \
; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \
nohup Xvfb :99 -screen 0 1920x1080x16 \
& until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \
; } \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \
; } \
|| export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" \
|| exit 1 ; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" 2>/dev/null \
; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
|| exit 1 ; } \
; ./enable-ssh.sh && /bin/bash -c ./Launch.sh
================================================
FILE: Dockerfile.naked-auto
================================================
#!/usr/bin/docker
# ____ __ ____ ______ __
# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ /
# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| /
# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / |
# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED-AUTO
#
# Title: Docker-OSX (Mac on Docker)
# Author: Sick.Codes https://twitter.com/sickcodes
# Version: 6.0
# License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX
# Website: https://sick.codes
#
# This Dockerfile needs you to supply a pre-installed installation of Docker-OSX!
#
# Visit https://github.com/sickcodes/Docker-OSX for info
FROM sickcodes/docker-osx:latest
LABEL maintainer='https://twitter.com/sickcodes <https://sick.codes>'
USER root
WORKDIR /root
RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img
# For taking screenshots of the Xfvb screen, useful during development.
ARG SCROT
# OPTIONAL: Arch Linux server mirrors for super fast builds
# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true
RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf
ARG RANKMIRRORS
ARG MIRROR_COUNTRY=US
ARG MIRROR_COUNT=10
RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'
# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys
RUN pacman -Sy archlinux-keyring --noconfirm \
&& rm -rf /etc/pacman.d/gnupg \
&& pacman-key --init \
&& pacman-key --populate archlinux
RUN if [[ "${RANKMIRRORS}" ]]; then \
{ pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \
; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \
; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \
| sed -e 's/^#Server/Server/' -e '/^#/d' \
| head -n "$((${MIRROR_COUNT:-10}+1))" \
| bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \
&& cat /etc/pacman.d/mirrorlist \
; fi
RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \
&& tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com'
# For taking screenshots of the Xfvb screen, useful during development.
ARG SCROT
RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \
&& if [[ "${SCROT}" ]]; then \
pacman -Syu scrot base-devel --noconfirm \
&& git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \
&& cd imcat \
&& make \
&& sudo cp imcat /usr/bin/imcat \
&& touch /usr/bin/scrotcat \
&& tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \
&& chmod +x /usr/bin/scrotcat \
; else \
touch /usr/bin/scrotcat \
&& echo echo >> /usr/bin/scrotcat \
&& chmod +x /usr/bin/scrotcat \
; fi \
; yes | pacman -Scc
RUN pacman -S sshpass --noconfirm \
&& yes | pacman -Scc
USER arch
ENV USER arch
WORKDIR /home/arch/OSX-KVM
RUN mkdir -p ~/.ssh \
&& touch ~/.ssh/authorized_keys \
&& touch ~/.ssh/config \
&& chmod 700 ~/.ssh \
&& chmod 600 ~/.ssh/config \
&& chmod 600 ~/.ssh/authorized_keys \
&& tee -a ~/.ssh/config <<< 'Host *' \
&& tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
&& tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null'
ARG COMPLETE=
# use the COMPLETE arg, for a complete image, ready to boot.
# otherwise use your own image: -v "$PWD/disk.img":/image
ARG WGET_OPTIONS=
# ARG WGET_OPTIONS='--no-verbose'
# Feel free to take a copy of this image and then host it internally
ARG IMAGE_URL=
# ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img'
RUN if [[ "${COMPLETE}" ]]; then \
echo "Downloading your image... This step might take a while... Press Ctrl+C if you want to abort." \
; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \
&& wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \
; fi
####
# symlink the old directory, for redundancy
RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true
####
#### SPECIAL RUNTIME ARGUMENTS BELOW
ENV ADDITIONAL_PORTS=
# add additional QEMU boot arguments
ENV BOOT_ARGS=
ENV BOOTDISK=
# edit the CPU that is beign emulated
ENV CPU=Penryn
ENV DISPLAY=:99
ENV HEADLESS=false
ENV ENV=/env
# Boolean for generating a bootdisk with new random serials.
ENV GENERATE_UNIQUE=false
# Boolean for generating a bootdisk with specific serials.
ENV GENERATE_SPECIFIC=false
ENV IMAGE_PATH=/image
ENV IMAGE_FORMAT=qcow2
ENV KVM='accel=kvm:tcg'
# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist"
# ENV NETWORKING=e1000-82545em
ENV NETWORKING=vmxnet3
ENV NOPICKER=true
# set the username and password for automatically logging in
ENV USERNAME=user
ENV PASSWORD=alpine
# dynamic RAM options for runtime
ENV RAM=3
# ENV RAM=max
# ENV RAM=half
# The x and y coordinates for resolution.
# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true.
ENV WIDTH=1920
ENV HEIGHT=1080
# libguestfs verbose
ENV LIBGUESTFS_DEBUG=1
ENV LIBGUESTFS_TRACE=1
ENV TERMS_OF_USE=i_agree
ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree"
# DMCA compliant download process
# If BaseSystem.img does not exist, download ${SHORTNAME}
# shortname default is catalina, which means :latest is catalina
ENV SHORTNAME=sonoma
ENV BASESYSTEM_IMAGE=BaseSystem.img
CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \
&& printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \
&& make \
&& qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \
&& rm ./BaseSystem.dmg \
; echo "${BOILERPLATE}" \
; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \
; echo "Disk is being copied between layers... Please wait a minute..." \
; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \
; } \
|| export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" \
|| exit 1 ; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" 2>/dev/null \
; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \
--master-plist-url="${MASTER_PLIST_URL}" \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--width "${WIDTH:-1920}" \
--height "${HEIGHT:-1080}" \
--output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \
|| exit 1 ; } \
; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \
nohup Xvfb :99 -screen 0 1920x1080x16 \
& until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \
; } \
; stat "${IMAGE_PATH}" \
; echo "Large image is being copied between layers, please wait a minute..." \
; ./enable-ssh.sh \
; [[ -e ~/.ssh/id_docker_osx ]] || { \
/usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \
&& chmod 600 ~/.ssh/id_docker_osx \
; } \
; /bin/bash -c ./Launch.sh \
& echo "Booting Docker-OSX in the background. Please wait..." \
; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \
echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \
; sleep 1 \
; done \
; grep id_docker_osx ~/.ssh/config || { \
tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \
; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \
; tee -a ~/.ssh/config <<< ' Port 10022' \
; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \
; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \
; } \
&& ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}"
================================================
FILE: FAQ.md
================================================
# Frequently Asked Questions
These questions come up regularly, so here are the answers.
## Basics
### Is this legal?
The [macOS software license](https://www.apple.com/legal/sla/) allows running (some versions of) macOS in a virtual machine only on Apple hardware. The [Apple Security Bounty terms and conditions](https://security.apple.com/terms-and-conditions/) make an exception to that (and essentially anything in the macOS software license) under some specific circumstances.
Therefore, yes, there is a legal use for Docker-OSX. If your use doesn't fall under the license or the security bounty terms, then you are/will be violating the macOS software license. **Note that this is not provided as legal advice, and you should consult with your own counsel for legal guidance.**
You may also be interested in this [deeper dive into the subject](https://sick.codes/is-hackintosh-osx-kvm-or-docker-osx-legal/).
### What does Docker-OSX do?
Docker-OSX is an approach to setting up and launching a macOS virtual machine (VM) under [docker](https://en.wikipedia.org/wiki/Docker_(software)). The [Dockerfile](Dockerfile) is essentially a docker image building script that:
1. validates a few things about the environment
2. installs VM software (qemu) and creates a virtual disk within the docker container
3. generates a serial number and firmware to make the VM look (enough) like Mac hardware
4. downloads a macOS installer disk image
5. generates a shell script to start the VM
The default configuration is intended to create an ephemeral but repeatably bootable macOS that can be probed for security research.
### Why docker?
Docker provides a straightforward way to package a flexible turnkey solution to setting up a macOS VM. It is not the only way to do so, nor is it necessarily the best approach to setting up a long-lived, persistent macOS VM. You may prefer to study the [Dockerfile](Dockerfile) and/or [OSX-KVM](https://github.com/kholia/OSX-KVM) to prepare a VM to run under [proxmox](https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment) or [libvirt](https://en.wikipedia.org/wiki/Libvirt).
## Can I...
### ...run BlueBubbles/AirMessage/Beeper on it?
Yes. Make sure you [make serial numbers persist across reboots](README.md#making-serial-numbers-persist-across-reboots) after generating a unique serial number for yourself; don't use the default serial number. There is, of course, no guarantee that Apple won't block/disable your account, or inflict other consequences. See also the [legal considerations](#is-this-legal).
### ...develop iPhone apps on it?
Yes. You will probably find Xcode's UI frustratingly slow, but yes. Compiling apps (e.g. React Native) from the command line is likely to be less frustrating. There is, of course, no guarantee that Apple won't block/disable your account, remove you from the Apple Developer program, or inflict other consequences. See also the [legal considerations](#is-this-legal).
### ...connect my iPhone or other USB device to it?
Yes, at least if your host OS is Linux. See [instructions](README.md#vfio-iphone-usb-passthrough-vfio). It may or may not be possible if your host OS is Windows.
### ...run CI/CD processes with it?
Maybe, but there are several reasons not to:
1. There are [legal considerations](#is-this-legal).
2. Nested virtualization is generally unavailable on cloud-hosted CI/CD and therefore Docker-OSX doesn't run.
3. You are almost always better off using your own macOS runners (on virtual or actual Mac hardware) rather than trying to make the square peg of Docker-OSX fit the round hole of macOS-specific CI/CD.
You absolutely can install runners on the macOS VM itself (which does not get around the legal considerations mentioned above), but [Docker-OSX may not be the best approach](#why-docker).
### ...run on Linux but with Wayland?
Yes, but your Wayland server must support X11 connections (or you can [use VNC instead](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only)).
### ...run on Windows?
Yes, as long as you have a new enough version of Windows 11 and have WSL2 set up. See [this section of the README](README.md#id-like-to-run-docker-osx-on-windows) for details. No, it will not work under Windows 10. Not even if you have WSL2 set up.
### ...run on macOS?
If you have a Mac with Apple Silicon you are better served by [UTM](https://apps.apple.com/us/app/utm-virtual-machines/id1538878817?mt=12).
If you have an Intel Mac you can install and run docker (either [Docker Desktop](https://www.docker.com/products/docker-desktop/) or [colima](https://github.com/abiosoft/colima)). In either case, docker will be running under a Linux VM, which complicates things. You are likely to encounter one or more of the [common errors](#common-errors) below. Consider using qemu directly with HVF acceleration (e.g. with [libvirt](https://libvirt.org/macos.html)) instead.
### ...run on cloud services?
Cloud providers typically run their various services within virtual machines running on top of their actual hardware. These VMs typically are not set up to provide nested virtualization, which means KVM is unavailable so Docker-OSX will not work. This is _especially and specifically_ the case on CI/CD runners such as GitHub Actions, Azure DevOps Pipelines, CircleCI, GitLab CI/CD, etc. (however, see [running CI/CD](#run-cicd-processes-with-it)). Some cloud providers offer services that do allow virtualization, such as [Amazon's EC2 Bare Metal Instances](https://aws.amazon.com/about-aws/whats-new/2018/05/announcing-general-availability-of-amazon-ec2-bare-metal-instances/), but often at a significant premium.
In short, probably not.
## Common Errors
### Docker Errors
If you get an error like `docker: command not found` then you don't have docker installed and none of this works. Try [Docker Desktop](https://www.docker.com/products/docker-desktop/) on Windows or your distribution's normal package manager on Linux.
If you get an error like `docker: Got permission denied while trying to connect to the Docker daemon` or `docker: unknown server OS: .` the mostly likely explanation is that your user isn't in the `docker` Unix group. You'll need to add yourself to the `docker` group, log out, and log back in.
If you get an error like `Cannot connect to the Docker daemon at unix://var/run/docker.sock. Is the docker daemon running?` then `dockerd` isn't running. On most Linux distributions you should be able to start it with `sudo systemctl enable docker --now`.
### GTK Initialization Failed
This is an X11 error and means that the arguments to qemu are telling it to connect to an X11 display that it either can't connect to at all or doesn't have permission to connect to. In the latter case, this can usually be fixed by running `xhost +` on the host running the X11 server.
In many cases, however, it is preferable to tell qemu to listen for a VNC connection instead of trying to connect to X11; see [this section of the README](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only) for instructions.
### KVM Error
If you get an error like `error gathering device information while adding custom device "/dev/kvm": no such file or directory` that means KVM is not available/working on the Linux kernel on which you are running docker. This could be because you are attempting to run somewhere that doesn't support nested virtualization (see [above](#can-i-run-this-on)), or because your BIOS does not have virtualization extensions turned on, or because your CPU is too old to support virtualization extensions, or your Linux kernel does not have KVM support loaded/enabled. Fixing KVM issues is well beyond the scope of this document, but you can [start here](https://www.linux-kvm.org/page/FAQ).
### ALSA Error
You might get an error like this:
```
(qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `dac'
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'
```
Docker-OSX defaults to telling qemu to use ALSA for audio output. Your host system may be using PulseAudio instead (see [PulseAudio](README.md#pulseaudio)), but you may not need audio output at all. You can pass `-e AUDIO_DRIVER="id=none,driver=none"` to disable audio output.
### No Disk to Install On
If you have launched the installer but don't see a disk to install macOS on, it probably means you skipped the step where you run Disk Utility to format the virtual disk. See the [README](README.md#additional-boot-instructions-for-when-you-are-creating-your-container).
### Slow Installation
This is not unique to virtual hardware. The macOS installation process gives apparently random and dependably incorrect time estimates, and can often appear to have completely frozen. Just be patient. It could take hours, maybe even more than a day.
### Installer After Completing Install
If you wind up in the installer again after you've installed macOS it means you booted from the installer disk instead of the disk you installed macOS on. Reboot and make sure you choose the correct disk to boot.
## Next Steps
Congratulations, you got a macOS VM up and running! Now what?
# Fixing Apple ID Login Issues in macOS Virtual Machines
## Problem Overview
When running macOS in a virtual machine, you may encounter problems logging into Apple services including:
- Apple ID
- iMessage
- iCloud
- App Store
This happens because Apple's services can detect that macOS is running in a virtual environment and block access. The solution is to apply a kernel patch that hides the VM presence from Apple's detection mechanism.
NOTE as per forum post: Unfortunately, this would very possibly break qemu-guest-agent, which is necessary for the host getting VM status or taking hot snapshot while the VM is running. This is because qemu-guest-agent also checks the hv_vmm_present flag, but only works if it is true (=1).
Use at your own risk. Hope it would help.
## Solution: Kernel Patching
This guide provides three methods to apply the necessary kernel patch. All methods implement the same fix originally described in [this forum post](https://forum.proxmox.com/threads/anyone-can-make-bluetooth-work-on-sonoma.153301/#post-697832).
### Prerequisites
Before proceeding with any method:
- Make sure you can access your EFI partition
- Locate your OpenCore `config.plist` file (typically in the `EFI/OC` folder)
- Back up your current `config.plist` before making changes
## Method 1: Using the Utility Script (Simplest Approach)
This is the fastest and easiest way to apply the patch.
1. Mount your EFI partition using Clover Configurator or another EFI mounting tool
2. Download the patch script:
```bash
curl -o apply_appleid_kernelpatch.py https://raw.githubusercontent.com/sickcodes/Docker-OSX/scripts/apply_appleid_kernelpatch.py
```
3. Run the script with your `config.plist` file path:
```bash
python3 apply_appleid_kernelpatch.py /path/to/config.plist
```
**Pro Tip**: You can drag and drop the `config.plist` file into your terminal after typing `python3 apply_appleid_kernelpatch.py` for an easy path insertion.
**Note**: If you encounter a "permission denied" error, run the command with `sudo`:
```bash
sudo python3 apply_appleid_kernelpatch.py /path/to/config.plist
```
## Method 2: Using OCAT (OpenCore Auxiliary Tools) GUI
If you prefer a graphical approach:
1. Open OCAT and load your `config.plist`
2. Navigate to the **Kernel** section
3. Go to the **Patch** subsection
4. Add two new patch entries with the following details:
### Patch 1
| Setting | Value |
|---------|-------|
| **Identifier** | `kernel` |
| **Base** | *(leave empty)* |
| **Count** | `1` |
| **Find (Hex)** | `68696265726E61746568696472656164790068696265726E617465636F756E7400` |
| **Limit** | `0` |
| **Mask** | *(leave empty)* |
| **Replace (Hex)** | `68696265726E61746568696472656164790068765F766D6D5F70726573656E7400` |
| **Skip** | `0` |
| **Arch** | `x86_64` |
| **MinKernel** | `20.4.0` |
| **MaxKernel** | *(leave empty)* |
| **Enabled** | `True` |
| **Comment** | `Sonoma VM BT Enabler - PART 1 of 2 - Patch kern.hv_vmm_present=0` |
### Patch 2
| Setting | Value |
|---------|-------|
| **Identifier** | `kernel` |
| **Base** | *(leave empty)* |
| **Count** | `1` |
| **Find (Hex)** | `626F6F742073657373696F6E20555549440068765F766D6D5F70726573656E7400` |
| **Limit** | `0` |
| **Mask** | *(leave empty)* |
| **Replace (Hex)** | `626F6F742073657373696F6E20555549440068696265726E617465636F756E7400` |
| **Skip** | `0` |
| **Arch** | `x86_64` |
| **MinKernel** | `22.0.0` |
| **MaxKernel** | *(leave empty)* |
| **Enabled** | `True` |
| **Comment** | `Sonoma VM BT Enabler - PART 2 of 2 - Patch kern.hv_vmm_present=0` |
5. Save the configuration
6. Reboot your VM
## Method 3: Direct `config.plist` Editing
For users who prefer to manually edit the configuration file:
1. Mount your EFI partition
2. Locate and open your `config.plist` file in a text editor
3. Find the `<key>Kernel</key>` → `<dict>` → `<key>Patch</key>` → `<array>` section
4. Add these two `<dict>` entries within the `<array>`:
```xml
<dict>
<key>Arch</key>
<string>x86_64</string>
<key>Base</key>
<string></string>
<key>Comment</key>
<string>Sonoma VM BT Enabler - PART 1 of 2 - Patch kern.hv_vmm_present=0</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>aGliZXJuYXRlaGlkcmVhZHkAaGliZXJuYXRlY291bnQA</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data></data>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string>20.4.0</string>
<key>Replace</key>
<data>aGliZXJuYXRlaGlkcmVhZHkAaHZfdm1tX3ByZXNlbnQA</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
</dict>
<dict>
<key>Arch</key>
<string>x86_64</string>
<key>Base</key>
<string></string>
<key>Comment</key>
<string>Sonoma VM BT Enabler - PART 2 of 2 - Patch kern.hv_vmm_present=0</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>Ym9vdCBzZXNzaW9uIFVVSUQAaHZfdm1tX3ByZXNlbnQA</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data></data>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string>22.0.0</string>
<key>Replace</key>
<data>Ym9vdCBzZXNzaW9uIFVVSUQAaGliZXJuYXRlY291bnQA</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
</dict>
```
5. Save the file
6. Reboot your VM
## Important Notes
- The `MinKernel` values (`20.4.0` and `22.0.0`) may need adjustment depending on your specific macOS version (Monterey, Ventura, Sonoma, etc.)
- If you encounter issues, consult the [OpenCore documentation](https://dortania.github.io/docs/) for appropriate values for your setup
- Always back up your configuration before making changes
- After applying the patch and rebooting, try signing into Apple services again
## What This Patch Does
This patch tricks macOS into believing it's running on physical hardware by redirecting the `hv_vmm_present` kernel variable, which normally indicates VM presence. After applying the patch, Apple services should function normally within your virtual environment.
### Slow UI
The macOS UI expects and relies on GPU acceleration, and there is (currently) no way to provide GPU acceleration in the virtual hardware. See [osx-optimizer](https://github.com/sickcodes/osx-optimizer) for macOS configuration to speed things up.
### Extract the Virtual Disk
With the container stopped, `sudo find /var/lib/docker -size +10G -name mac_hdd_ng.img` to find the disk image then copy it where you want it.
### Disk Space
Is your host machine's disk, specifically `/var` (because of `/var/lib/docker`), getting full? [Fix it](README.md#increase-disk-space-by-moving-varlibdocker-to-external-drive-block-storage-nfs-or-any-other-location-conceivable).
### Increase RAM or CPUs/cores
The `RAM`, `SMP`, and `CORES` options are all docker environment variables, which means it uses whatever you provide any time you start a container.
================================================
FILE: LICENSE
================================================
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/licenses/why-not-lgpl.html>.
================================================
FILE: README.md
================================================
# Docker-OSX · [Follow @sickcodes on Twitter](https://twitter.com/sickcodes)
Run Mac OS X in Docker with near-native performance! X11 Forwarding! iMessage security research! iPhone USB working! macOS in a Docker container!
Conduct Security Research on macOS using both Linux & Windows!
# Docker-OSX now has a Discord server & Telegram!
The Discord is active on #docker-osx and anyone is welcome to come and ask questions, ideas, etc.
<p align="center">
<a href="https://hub.docker.com/r/sickcodes/docker-osx"><img src="https://dockeri.co/image/sickcodes/docker-osx"/></a><a href="https://discord.gg/sickchat"><a href="https://discord.gg/sickchat" target="_blank"><img src="https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/discord-logo.svg"></a></a>
</p>
### Click to join the Discord server [https://discord.gg/sickchat](https://discord.gg/sickchat)
### Click to join the Telegram server [https://t.me/sickcodeschat](https://t.me/sickcodeschat)
Or reach out via Linkedin if it's private: [https://www.linkedin.com/in/sickcodes](https://www.linkedin.com/in/sickcodes)
Or via [https://sick.codes/contact/](https://sick.codes/contact/)
## Author
This project is maintained by [Sick.Codes](https://sick.codes/). [(Twitter)](https://twitter.com/sickcodes)
Additional credits can be found here: https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md
Additionally, comprehensive list of all contributors can be found here: https://github.com/sickcodes/Docker-OSX/graphs/contributors
Big thanks to [@kholia](https://twitter.com/kholia) for maintaining the upstream project, which Docker-OSX is built on top of: [OSX-KVM](https://github.com/kholia/OSX-KVM).
Also special thanks to [@thenickdude](https://github.com/thenickdude) who maintains the valuable fork [KVM-OpenCore](https://github.com/thenickdude/KVM-Opencore), which was started by [@Leoyzen](https://github.com/Leoyzen/)!
Extra special thanks to the OpenCore team over at: https://github.com/acidanthera/OpenCorePkg. Their well-maintained bootloader provides much of the great functionality that Docker-OSX users enjoy :)
If you like this project, consider contributing here or upstream!
## Quick Start Docker-OSX
Video setup tutorial is also available here: https://www.youtube.com/watch?v=wLezYl77Ll8
**Windows users:** [click here to see the notes below](#id-like-to-run-docker-osx-on-windows)!
<p align="center">
<a href="https://www.youtube.com/watch?v=wLezYl77Ll8" target="_blank"><img src="https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/Youtube-Screenshot-Docker-OSX-Setup.png"></a>
</p>
First time here? try [initial setup](#initial-setup), otherwise try the instructions below to use either Catalina or Big Sur.
## Any questions, ideas, or just want to hang out?
# [https://discord.gg/sickchat](https://discord.gg/sickchat)
Release names and their version:
### Catalina (10.15) [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e SHORTNAME=catalina \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
### Big Sur (11) [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e SHORTNAME=big-sur \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
### Monterey (12) [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
-e SHORTNAME=monterey \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
### Ventura (13) [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
-e SHORTNAME=ventura \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
### Sonoma (14) [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
-e CPU='Haswell-noTSX' \
-e CPUID_FLAGS='kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on' \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom-sonoma.plist' \
-e SHORTNAME=sonoma \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
### Sequoia (15) [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
-e CPU='Haswell-noTSX' \
-e CPUID_FLAGS='kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on' \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom-sonoma.plist' \
-e SHORTNAME=sequoia \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
### Tahoe (16) [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
-e CPU='Haswell-noTSX' \
-e CPUID_FLAGS='kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on' \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom-sonoma.plist' \
-e SHORTNAME=tahoe \
sickcodes/docker-osx:latest
```
# docker build -t docker-osx .
<!-- #### Run Catalina Pre-Installed [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
# 40GB disk space required: 20GB original image 20GB your container.
docker pull sickcodes/docker-osx:auto
# boot directly into a real OS X shell with a visual display [NOT HEADLESS]
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
sickcodes/docker-osx:auto
# username is user
# password is alpine
``` -->
### Older Systems
### High Sierra [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e SHORTNAME=high-sierra \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
### Mojave [](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e SHORTNAME=mojave \
sickcodes/docker-osx:latest
# docker build -t docker-osx .
```
#### Download the image manually and use it in Docker
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
This is a particularly good way for downloading the container, in case Docker's CDN (or your connection) happens to be slow.
```bash
wget https://images2.sick.codes/mac_hdd_ng_auto.img
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v "${PWD}/mac_hdd_ng_auto.img:/image" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
-e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/custom/config-nopicker-custom.plist \
-e SHORTNAME=catalina \
sickcodes/docker-osx:naked
```
<!-- #### Use your own image and manually and automatically log into a shell
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Enable SSH in network sharing inside the guest first. Change `-e "USERNAME=user"` and `-e "PASSWORD=password"` to your credentials. The container will add itself to `~/.ssh/authorized_keys`
Since you can't see the screen, use the PLIST with nopicker, for example:
```bash
# Catalina
# wget https://images2.sick.codes/mac_hdd_ng_auto.img
# Monterey
wget https://images.sick.codes/mac_hdd_ng_auto_monterey.img
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v "${PWD}/mac_hdd_ng_auto_monterey.img:/image" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e "USERNAME=user" \
-e "PASSWORD=alpine" \
-e GENERATE_UNIQUE=true \
-e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/custom/config-nopicker-custom.plist \
-e SHORTNAME=monterey \
sickcodes/docker-osx:naked-auto
``` -->
# Share directories, sharing files, shared folder, mount folder
The easiest and most secure way is `sshfs`
```bash
# on Linux/Windows
mkdir ~/mnt/osx
sshfs user@localhost: -p 50922 ~/mnt/osx
# wait a few seconds, and ~/mnt/osx will have full rootfs mounted over ssh, and in userspace
# automated: sshpass -p <password> sshfs user@localhost:/ -p 50922 ~/mnt/osx
```
# (VFIO) iPhone USB passthrough (VFIO)
If you have a laptop see the next usbfluxd section.
If you have a desktop PC, you can use [@Silfalion](https://github.com/Silfalion)'s instructions: [https://github.com/Silfalion/Iphone_docker_osx_passthrough](https://github.com/Silfalion/Iphone_docker_osx_passthrough)
# (USBFLUXD) iPhone USB -> Network style passthrough OSX-KVM Docker-OSX
Video setup tutorial for usbfluxd is also available here: https://www.youtube.com/watch?v=kTk5fGjK_PM
<p align="center">
<a href="https://www.youtube.com/watch?v=kTk5fGjK_PM" target="_blank"><img alt="iPhone USB passthrough on macOS virtual machine Linux & Windows" src="https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/Youtube-USBFLUXD-Screenshot-Docker-OSX.png"></a>
</p>
This method WORKS on laptop, PC, anything!
Thank you [@nikias](https://github.com/nikias) for [usbfluxd](https://github.com/corellium/usbfluxd) via [https://github.com/corellium](https://github.com/corellium)!
**This is done inside Linux.**
Open 3 terminals on Linux
Connecting your device over USB on Linux allows you to expose `usbmuxd` on port `5000` using [https://github.com/corellium/usbfluxd](https://github.com/corellium/usbfluxd) to another system on the same network.
Ensure `usbmuxd`, `socat` and `usbfluxd` are installed.
`sudo pacman -S libusbmuxd usbmuxd avahi socat`
Available on the AUR: [https://aur.archlinux.org/packages/usbfluxd/](https://aur.archlinux.org/packages/usbfluxd/)
`yay usbfluxd`
Plug in your iPhone or iPad.
Terminal 1
```bash
sudo systemctl start usbmuxd
sudo avahi-daemon
```
Terminal 2:
```bash
# on host
sudo systemctl restart usbmuxd
sudo socat tcp-listen:5000,fork unix-connect:/var/run/usbmuxd
```
Terminal 3:
```bash
sudo usbfluxd -f -n
```
### Connect to a host running usbfluxd
**This is done inside macOS.**
Install homebrew.
`172.17.0.1` is usually the Docker bridge IP, which is your PC, but you can use any IP from `ip addr`...
macOS Terminal:
```zsh
# on the guest
brew install make automake autoconf libtool pkg-config gcc libimobiledevice usbmuxd
git clone https://github.com/corellium/usbfluxd.git
cd usbfluxd
./autogen.sh
make
sudo make install
```
Accept the USB over TCP connection, and appear as local:
(you may need to change `172.17.0.1` to the IP address of the host. e.g. check `ip addr`)
```bash
# on the guest
sudo launchctl start usbmuxd
export PATH=/usr/local/sbin:${PATH}
sudo usbfluxd -f -r 172.17.0.1:5000
```
Close apps such as Xcode and reopen them and your device should appear!
*If you need to start again on Linux, wipe the current usbfluxd, usbmuxd, and socat:*
```bash
sudo killall usbfluxd
sudo systemctl restart usbmuxd
sudo killall socat
```
## Make container FASTER using [https://github.com/sickcodes/osx-optimizer](https://github.com/sickcodes/osx-optimizer)
SEE commands in [https://github.com/sickcodes/osx-optimizer](https://github.com/sickcodes/osx-optimizer)!
- Skip the GUI login screen (at your own risk!)
- Disable spotlight indexing on macOS to heavily speed up Virtual Instances.
- Disable heavy login screen wallpaper
- Disable updates (at your own risk!)
## Increase disk space by moving /var/lib/docker to external drive, block storage, NFS, or any other location conceivable.
Move /var/lib/docker, following the tutorial below
- Cheap large physical disk storage instead using your server's disk, or SSD.
- Block Storage, NFS, etc.
Tutorial here: https://sick.codes/how-to-run-docker-from-block-storage/
Only follow the above tutorial if you are happy with wiping all your current Docker images/layers.
Safe mode: Disable docker temporarily so you can move the Docker folder temporarily.
- Do NOT do this until you have moved your image out already [https://github.com/dulatello08/Docker-OSX/#quick-start-your-own-image-naked-container-image](https://github.com/dulatello08/Docker-OSX/#quick-start-your-own-image-naked-container-image)
```bash
killall dockerd
systemctl disable --now docker
systemctl disable --now docker.socket
systemctl stop docker
systemctl stop docker.socket
```
Now, that Docker daemon is off, move /var/lib/docker somewhere
Then, symbolicly link /var/lib/docker somewhere:
```bash
mv /var/lib/docker /run/media/user/some_drive/docker
ln -s /run/media/user/some_drive/docker /var/lib/docker
# now check if /var/lib/docker is working still
ls /var/lib/docker
```
If you see folders, then it worked. You can restart Docker, or just reboot if you want to be sure.
## Important notices:
**2021-11-14** - Added High Sierra, Mojave
Pick one of these while **building**, irrelevant when using docker pull:
```
--build-arg SHORTNAME=high-sierra
--build-arg SHORTNAME=mojave
--build-arg SHORTNAME=catalina
--build-arg SHORTNAME=big-sur
--build-arg SHORTNAME=monterey
--build-arg SHORTNAME=ventura
--build-arg SHORTNAME=sonoma
```
## Technical details
There are currently multiple images, each with different use cases (explained [below](#container-images)):
- High Sierra (10.13)
- Mojave (10.14)
- Catalina (10.15)
- Big Sur (11)
- Monterey (12)
- Ventura (13)
- Sonoma (14)
- Auto (pre-made Catalina)
- Naked (use your own .img)
- Naked-Auto (user your own .img and SSH in)
High Sierra:
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Mojave:
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Catalina:
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Big-Sur:
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Monterey make your own image:
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Ventura make your own image:
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Sonoma make your own image:
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Pre-made **Catalina** system by [Sick.Codes](https://sick.codes): username: `user`, password: `alpine`
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Naked: Bring-your-own-image setup (use any of the above first):
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
Naked Auto: same as above but with `-e USERNAME` & `-e PASSWORD` and `-e OSX_COMMANDS="put your commands here"`
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
## Capabilities
- use iPhone OSX KVM on Linux using [usbfluxd](https://github.com/corellium/usbfluxd)!
- macOS Monterey VM on Linux!
- Folder sharing-
- USB passthrough (hotplug too)
- SSH enabled (`localhost:50922`)
- VNC enabled (`localhost:8888`) if using ./vnc version
- iMessage security research via [serial number generator!](https://github.com/sickcodes/osx-serial-generator)
- X11 forwarding is enabled
- runs on top of QEMU + KVM
- supports Big Sur, custom images, Xvfb headless mode
- you can clone your container with `docker commit`
### Requirements
- 20GB+++ disk space for bare minimum installation (50GB if using Xcode)
- virtualization should be enabled in your BIOS settings
- a x86_64 kvm-capable host
- at least 50 GBs for `:auto` (half for the base image, half for your runtime image
### TODO
- documentation for security researchers
- gpu acceleration
- support for virt-manager
## Docker
Images built on top of the contents of this repository are also available on **Docker Hub** for convenience: https://hub.docker.com/r/sickcodes/docker-osx
A comprehensive list of the available Docker images and their intended purpose can be found in the [Instructions](#instructions).
## Kubernetes
Docker-OSX supports Kubernetes.
Kubernetes Helm Chart & Documentation can be found under the [helm directory](helm/README.md).
Thanks [cephasara](https://github.com/cephasara) for contributing this major contribution.
[](https://artifacthub.io/packages/search?repo=docker-osx)
## Support
### Small questions & issues
Feel free to open an [issue](https://github.com/sickcodes/Docker-OSX/issues/new/choose), should you come across minor issues with running Docker-OSX or have any questions.
#### Resolved issues
Before you open an issue, however, please check the [closed issues](https://github.com/sickcodes/Docker-OSX/issues?q=is%3Aissue+is%3Aclosed) and confirm that you're using the latest version of this repository — your issues may have already been resolved! You might also see your answer in our questions and answers section [below](#more-questions-and-answers).
### Feature requests and updates
Follow [@sickcodes](https://twitter.com/sickcodes)!
### Professional support
For more sophisticated endeavours, we offer the following support services:
- Enterprise support, business support, or casual support.
- Custom images, custom scripts, consulting (per hour available!)
- One-on-one conversations with you or your development team.
In case you're interested, contact [@sickcodes on Twitter](https://twitter.com/sickcodes) or click [here](https://sick.codes/contact).
## License/Contributing
Docker-OSX is licensed under the [GPL v3+](LICENSE). Contributions are welcomed and immensely appreciated. You are in fact permitted to use Docker-OSX as a tool to create proprietary software.
### Other cool Docker/QEMU based projects
- [Run Android in a Docker Container with Dock Droid](https://github.com/sickcodes/dock-droid)
- [Run Android fully native on the host!](https://github.com/sickcodes/droid-native)
- [Run iOS 12 in a Docker container with Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [https://github.com/sickcodes/Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS)
- [Run iMessage relayer in Docker with Bluebubbles.app](https://bluebubbles.app/) - [Getting started wiki](https://github.com/BlueBubblesApp/BlueBubbles-Server/wiki/Running-via-Docker)
## Disclaimer
If you are serious about Apple Security, and possibly finding 6-figure bug bounties within the Apple Bug Bounty Program, then you're in the right place! Further notes: [Is Hackintosh, OSX-KVM, or Docker-OSX legal?](https://sick.codes/is-hackintosh-osx-kvm-or-docker-osx-legal/)
Product names, logos, brands and other trademarks referred to within this project are the property of their respective trademark holders. These trademark holders are not affiliated with our repository in any capacity. They do not sponsor or endorse this project in any way.
# Instructions
## Container images
### Already set up or just looking to make a container quickly? Check out our [quick start](#quick-start-docker-osx) or see a bunch more use cases under our [container creation examples](#container-creation-examples) section.
There are several different Docker-OSX images available that are suitable for different purposes.
- `sickcodes/docker-osx:latest` - [I just want to try it out.](#quick-start-docker-osx)
- `sickcodes/docker-osx:latest` - [I want to use Docker-OSX to develop/secure apps in Xcode (sign into Xcode, Transporter)](#quick-start-your-own-image-naked-container-image)
- `sickcodes/docker-osx:naked` - [I want to use Docker-OSX for CI/CD-related purposes (sign into Xcode, Transporter)](#building-a-headless-container-from-a-custom-image)
Create your personal image using `:latest` or `big-sur`. Then, pull the image out the image. Afterwards, you will be able to duplicate that image and import it to the `:naked` container, in order to revert the container to a previous state repeatedly.
- `sickcodes/docker-osx:auto` - [I'm only interested in using the command line (useful for compiling software or using Homebrew headlessly).](#prebuilt-image-with-arbitrary-command-line-arguments)
- `sickcodes/docker-osx:naked` - [I need iMessage/iCloud for security research.](#generating-serial-numbers)
- `sickcodes/docker-osx:big-sur` - [I want to run Big Sur.](#quick-start-docker-osx)
- `sickcodes/docker-osx:monterey` - [I want to run Monterey.](#quick-start-docker-osx)
- `sickcodes/docker-osx:ventura` - [I want to run Ventura.](#quick-start-docker-osx)
- `sickcodes/docker-osx:sonoma` - [I want to run Sonoma.](#quick-start-docker-osx)
- `sickcodes/docker-osx:high-sierra` - I want to run High Sierra.
- `sickcodes/docker-osx:mojave` - I want to run Mojave.
## Initial setup
Before you do anything else, you will need to turn on hardware virtualization in your BIOS. Precisely how will depend on your particular machine (and BIOS), but it should be straightforward.
Then, you'll need QEMU and some other dependencies on your host:
```bash
# ARCH
sudo pacman -S qemu libvirt dnsmasq virt-manager bridge-utils flex bison iptables-nft edk2-ovmf
# UBUNTU DEBIAN
sudo apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager libguestfs-tools
# CENTOS RHEL FEDORA
sudo yum install libvirt qemu-kvm
```
Then, enable libvirt and load the KVM kernel module:
```bash
sudo systemctl enable --now libvirtd
sudo systemctl enable --now virtlogd
echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs
sudo modprobe kvm
```
### I'd like to run Docker-OSX on Windows
Running Docker-OSX on Windows is possible using WSL2 (Windows 11 + Windows Subsystem for Linux).
You must have Windows 11 installed with build 22000+ (21H2 or higher).
First, install WSL on your computer by running this command in an administrator powershell. For more info, look [here](https://docs.microsoft.com/en-us/windows/wsl/install).
This will install Ubuntu by default.
```
wsl --install
```
You can confirm WSL2 is enabled using `wsl -l -v` in PowerShell. To see other distributions that are available, use `wsl -l -o`.
If you have previously installed WSL1, upgrade to WSL 2. Check [this link to upgrade from WSL1 to WSL2](https://docs.microsoft.com/en-us/windows/wsl/install#upgrade-version-from-wsl-1-to-wsl-2).
After WSL installation, go to `C:/Users/<Your_Name>/.wslconfig` and add `nestedVirtualization=true` to the end of the file (If the file doesn't exist, create it). For more information about the `.wslconfig` file check [this link](https://docs.microsoft.com/en-us/windows/wsl/wsl-config#wslconfig). Verify that you have selected "Show Hidden Files" and "Show File Extensions" in File Explorer options.
The result should be like this:
```
[wsl2]
nestedVirtualization=true
```
Go into your WSL distro (Run `wsl` in powershell) and check if KVM is enabled by using the `kvm-ok` command. The output should look like this:
```
INFO: /dev/kvm exists
KVM acceleration can be used
```
Use the command `sudo apt -y install bridge-utils cpu-checker libvirt-clients libvirt-daemon qemu qemu-kvm` to install it if it isn't.
Now download and install [Docker for Windows](https://docs.docker.com/desktop/windows/install/) if it is not already installed.
After installation, go into Settings and check these 2 boxes:
```
General -> "Use the WSL2 based engine";
Resources -> WSL Integration -> "Enable integration with my default WSL distro",
```
Ensure `x11-apps` is installed. Use the command `sudo apt install x11-apps -y` to install it if it isn't.
Finally, there are 3 ways to get video output:
- WSLg: This is the simplest and easiest option to use. There may be some issues such as the keyboard not being fully passed through or seeing a second mouse on the desktop - [Issue on WSLg](https://github.com/microsoft/wslg/issues/376) - but this option is recommended.
To use WSLg's built-in X-11 server, change these two lines in the docker run command to point Docker-OSX to WSLg.
```
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /mnt/wslg/.X11-unix:/tmp/.X11-unix \
```
Or try:
```
-e "DISPLAY=${DISPLAY:-:0}" \
-v /mnt/wslg/.X11-unix:/tmp/.X11-unix \
```
For Ubuntu 20.x on Windows, see [https://github.com/sickcodes/Docker-OSX/discussions/458](https://github.com/sickcodes/Docker-OSX/discussions/458)
- VNC: See the [VNC section](#building-a-headless-container-which-allows-insecure-vnc-on-localhost-for-local-use-only) for more information. You could also add -vnc argument to qemu. Connect to your mac VM via a VNC Client. [Here is a how to](https://wiki.archlinux.org/title/QEMU#VNC)
- Desktop Environment: This will give you a full desktop linux experience but it will use a bit more of the computer's resources. Here is an example guide, but there are other guides that help set up a desktop environment. [DE Example](https://www.makeuseof.com/tag/linux-desktop-windows-subsystem/)
## Additional boot instructions for when you are [creating your container](#container-creation-examples)
- Boot the macOS Base System (Press Enter)
- Click `Disk Utility`
- Erase the BIGGEST disk (around 200gb default), DO NOT MODIFY THE SMALLER DISKS.
-- if you can't click `erase`, you may need to reduce the disk size by 1kb
- (optional) Create a partition using the unused space to house the OS and your files if you want to limit the capacity. (For Xcode 12 partition at least 60gb.)
- Click `Reinstall macOS`
- The system may require multiple reboots during installation
## Troubleshooting
### Routine checks
This is a great place to start if you are having trouble getting going, especially if you're not that familiar with Docker just yet.
Just looking to make a container quickly? Check out our [container creation examples](#container-creation-examples) section.
More specific/advanced troubleshooting questions and answers may be found in [More Questions and Answers](#more-questions-and-answers). You should also check out the [closed issues](https://github.com/sickcodes/Docker-OSX/issues?q=is%3Aissue+is%3Aclosed). Someone else might have gotten a question like yours answered already even if you can't find it in this document!
#### Confirm that your CPU supports virtualization
See [initial setup](#initial-setup).
#### Docker Unknown Server OS error
```console
docker: unknown server OS: .
See 'docker run --help'.
```
This means your docker daemon is not running.
`pgrep dockerd` should return nothing
Therefore, you have a few choices.
`sudo dockerd` for foreground Docker usage. I use this.
Or
`sudo systemctl --start dockerd` to start dockerd this now.
Or
`sudo systemctl --enable --now dockerd` for start dockerd on every reboot, and now.
#### Use more CPU Cores/SMP
Examples:
`-e EXTRA='-smp 6,sockets=3,cores=2'`
`-e EXTRA='-smp 8,sockets=4,cores=2'`
`-e EXTRA='-smp 16,sockets=8,cores=2'`
Note, unlike memory, CPU usage is shared. so you can allocate all of your CPU's to the container.
### Confirm your user is part of the Docker group, KVM group, libvirt group
#### Add yourself to the Docker group
If you use `sudo dockerd` or dockerd is controlled by systemd/systemctl, then you must be in the Docker group.
If you are not in the Docker group:
```bash
sudo usermod -aG docker "${USER}"
```
and also add yourself to the kvm and libvirt groups if needed:
```bash
sudo usermod -aG libvirt "${USER}"
sudo usermod -aG kvm "${USER}"
```
See also: [initial setup](#initial-setup).
#### Is the docker daemon enabled?
```bash
# run ad hoc
sudo dockerd
# or daemonize it
sudo nohup dockerd &
# enable it in systemd (it will persist across reboots this way)
sudo systemctl enable --now docker
# or just start it as your user with systemd instead of enabling it
systemctl start docker
```
## More Questions and Answers
Big thank you to our contributors who have worked out almost every conceivable issue so far!
[https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md](https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md)
### Start the same container later (persistent disk)
Created a container with `docker run` and want to reuse the underlying image again later?
NB: see [container creation examples](#container-creation-examples) first for how to get to the point where this is applicable.
This is for when you want to run the SAME container again later. You may need to use `docker commit` to save your container before you can reuse it. Check if your container is persisted with `docker ps --all`.
If you don't run this you will have a new image every time.
```bash
# look at your recent containers and copy the CONTAINER ID
docker ps --all
# docker start the container ID
docker start -ai abc123xyz567
# if you have many containers, you can try automate it with filters like this
# docker ps --all --filter "ancestor=sickcodes/docker-osx"
# for locally tagged/built containers
# docker ps --all --filter "ancestor=docker-osx"
```
You can also pull the `.img` file out of the container, which is stored in `/var/lib/docker`, and supply it as a runtime argument to the `:naked` Docker image.
See also: [here](https://github.com/sickcodes/Docker-OSX/issues/197).
### I have used Docker-OSX before and want to restart a container that starts automatically
Containers that use `sickcodes/docker-osx:auto` can be stopped while being started.
```bash
# find last container
docker ps -a
# docker start old container with -i for interactive, -a for attach STDIN/STDOUT
docker start -ai -i <Replace this with your ID>
```
### LibGTK errors "connection refused"
You may see one or more libgtk-related errors if you do not have everything set up for hardware virtualisation yet. If you have not yet done so, check out the [initial setup](#initial-setup) section and the [routine checks](#routine-checks) section as you may have missed a setup step or may not have all the needed Docker dependencies ready to go.
See also: [here](https://github.com/sickcodes/Docker-OSX/issues/174).
#### Permissions denied error
If you have not yet set up xhost, try the following:
```bash
echo $DISPLAY
# ARCH
sudo pacman -S xorg-xhost
# UBUNTU DEBIAN
sudo apt install x11-xserver-utils
# CENTOS RHEL FEDORA
sudo yum install xorg-x11-server-utils
# then run
xhost +
```
### RAM over-allocation
You cannot allocate more RAM than your machine has. The default is 3 Gigabytes: `-e RAM=3`.
If you are trying to allocate more RAM to the container than you currently have available, you may see an error like the following: `cannot set up guest memory 'pc.ram': Cannot allocate memory`. See also: [here](https://github.com/sickcodes/Docker-OSX/issues/188), [here](https://github.com/sickcodes/Docker-OSX/pull/189).
For example (below) the `buff/cache` already contains 20 Gigabytes of allocated RAM:
```console
[user@hostname ~]$ free -mh
total used free shared buff/cache available
Mem: 30Gi 3.5Gi 7.0Gi 728Mi 20Gi 26Gi
Swap: 11Gi 0B 11Gi
```
Clear the buffer and the cache:
```bash
sudo tee /proc/sys/vm/drop_caches <<< 3
```
Now check the RAM again:
```console
[user@hostname ~]$ free -mh
total used free shared buff/cache available
Mem: 30Gi 3.3Gi 26Gi 697Mi 1.5Gi 26Gi
Swap: 11Gi 0B 11Gi
```
### PulseAudio
#### Use PulseAudio for sound
Note: [AppleALC](https://github.com/acidanthera/AppleALC), [`alcid`](https://dortania.github.io/OpenCore-Post-Install/universal/audio.html) and [VoodooHDA-OC](https://github.com/chris1111/VoodooHDA-OC) do not have [codec support](https://osy.gitbook.io/hac-mini-guide/details/hda-fix#hda-codec). However, [IORegistryExplorer](https://github.com/vulgo/IORegistryExplorer) does show the controller component working.
```bash
docker run \
--device /dev/kvm \
-e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \
-v "/run/user/$(id -u)/pulse/native:/tmp/pulseaudio.socket" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
sickcodes/docker-osx
```
#### PulseAudio debugging
```bash
docker run \
--device /dev/kvm \
-e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \
-v "/run/user/$(id -u)/pulse/native:/tmp/pulseaudio.socket" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e PULSE_SERVER=unix:/tmp/pulseaudio.socket \
sickcodes/docker-osx pactl list
```
#### PulseAudio with WSLg
```bash
docker run \
--device /dev/kvm \
-e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \
-v /mnt/wslg/runtime-dir/pulse/native:/tmp/pulseaudio.socket \
-v /mnt/wslg/.X11-unix:/tmp/.X11-unix \
sickcodes/docker-osx
```
### Forward additional ports (nginx hosting example)
It's possible to forward additional ports depending on your needs. In this example, we'll use Mac OSX to host nginx:
```
host:10023 <-> 10023:container:10023 <-> 80:guest
```
On the host machine, run:
```bash
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-e ADDITIONAL_PORTS='hostfwd=tcp::10023-:80,' \
-p 10023:10023 \
sickcodes/docker-osx:auto
```
In a Terminal session running the container, run:
```bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
brew install nginx
sudo sed -i -e 's/8080/80/' /usr/local/etc/nginx/nginx.confcd
# sudo nginx -s stop
sudo nginx
```
**nginx should now be reachable on port 10023.**
Additionally, you can string multiple statements together, for example:
```bash
-e ADDITIONAL_PORTS='hostfwd=tcp::10023-:80,hostfwd=tcp::10043-:443,'
-p 10023:10023 \
-p 10043:10043 \
```
### Bridged networking
You might not need to do anything with the default setup to enable internet connectivity from inside the container. Additionally, `curl` may work even if `ping` doesn't.
See discussion [here](https://github.com/sickcodes/Docker-OSX/issues/177) and [here](https://github.com/sickcodes/Docker-OSX/issues/72) and [here](https://github.com/sickcodes/Docker-OSX/issues/88).
### Enable IPv4 forwarding for bridged network connections for remote installations
This is not required for LOCAL installations.
Additionally note it may [cause the host to leak your IP, even if you're using a VPN in the container](https://sick.codes/cve-2020-15590/).
However, if you're trying to connect to an instance of Docker-OSX remotely (e.g. an instance of Docker-OSX hosted in a datacenter), this may improve your performance:
```bash
# enable for current session
sudo sysctl -w net.ipv4.ip_forward=1
# OR
# sudo tee /proc/sys/net/ipv4/ip_forward <<< 1
# enable permanently
sudo touch /etc/sysctl.conf
sudo tee -a /etc/sysctl.conf <<EOF
net.ipv4.ip_forward = 1
EOF
# or edit manually with the editor of your choice
nano /etc/sysctl.conf || vi /etc/sysctl.conf || vim /etc/sysctl.conf
# now reboot
```
## Share folder with Docker-OSX QEMU macOS
Sharing a folder with guest is quite simple.
Your folder, will go to /mnt/hostshare inside the Arch container which is then passed over QEMU.
Then mount using `sudo -S mount_9p hostshare` from inside the mac.
For example,
```bash
FOLDER=~/somefolder
```
```bash
-v "${FOLDER}:/mnt/hostshare" \
-e EXTRA="-virtfs local,path=/mnt/hostshare,mount_tag=hostshare,security_model=passthrough,id=hostshare" \
```
Full example:
```bash
# stat mac_hdd_ng.img
SHARE=~/somefolder
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v "${PWD}/mac_hdd_ng.img:/home/arch/OSX-KVM/mac_hdd_ng.img" \
-v "${SHARE}:/mnt/hostshare" \
-e EXTRA="-virtfs local,path=/mnt/hostshare,mount_tag=hostshare,security_model=passthrough,id=hostshare" \
sickcodes/docker-osx:latest
# !!! Open Terminal inside macOS and run the following command to mount the virtual file system
# sudo -S mount_9p hostshare
```
### Share Linux NFS Drive into macOS
To share a folder using NFS, setup a folder for on the host machine, for example, `/srv/nfs/share` and then append to `/etc/exports`:
```bash
/srv/nfs/share 127.0.0.1/0(insecure,rw,all_squash,anonuid=1000,anongid=985,no_subtree_check)
```
You may need to reload exports now, which will begin sharing that directory.
```bash
# reload shared folders
sudo exportfs -arv
```
[Source & Explanation](https://serverfault.com/questions/716350/mount-nfs-volume-on-ubuntu-linux-server-from-macos-client)
Give permissions on the shared folder for the `anonuid` and `anongid`, where `anonuid` and `anongid` matches that of your linux user; `id -u`
`id -u ; id -g` will print `userid:groupid`
```
chown 1000:985 /srv/nfs/share
chmod u+rwx /srv/nfs/share
```
Start the Docker-OSX container with the additional flag `--network host`
Create and mount the nfs folder from the mac terminal:
```
mkdir -p ~/mnt
sudo mount_nfs -o locallocks 10.0.2.2:/srv/nfs/share ~/mnt
```
### Share USB Drive into macOS over QEMU
## Mount USB Drive (Hotplug/Hot Plug USB)
Start your container.
Pick a port, for example, `7700`.
`lsusb` to get `vid:pid`
On Linux:
`sudo usbredirserver -p 7700 1e3d:2096`
Now, in the Docker window hit Enter to see the `(qemu)` console.
You can add/remove the disk using commands like this, even once the machine is started:
`chardev-add socket,id=usbredirchardev1,port=7700,host=172.17.0.1`
`device_add usb-redir,chardev=usbredirchardev1,id=usbredirdev1,debug=4`
## Mount USB Drive inside macOS at boot Docker OSX
```bash
PORT=7700
IP_ADDRESS=172.17.0.1
-e EXTRA="-chardev socket,id=usbredirchardev1,port=${PORT},host=${IP_ADDRESS} -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1,debug=4" \`
```
### Fedora: enable internet connectivity with a bridged network
Fedora's default firewall settings may prevent Docker's network interface from reaching the internet. In order to resolve this, you will need to whitelist the interface in your firewall:
```bash
# Set the docker0 bridge to the trusted zone
sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0
sudo firewall-cmd --reload
```
### Nested Hardware Virtualization
Check if your machine has hardware virtualization enabled:
```bash
sudo tee /sys/module/kvm/parameters/ignore_msrs <<< 1
egrep -c '(svm|vmx)' /proc/cpuinfo
```
### Virtual network adapters
#### Fast internet connectivity
`-e NETWORKING=vmxnet3`
#### Slow internet connectivity
`-e NETWORKING=e1000-82545em`
### CI/CD Related Improvements
#### Tips for reducing the size of the image
- Start the container as usual, and remove unnecessary files. A useful way
to do this is to use `du -sh *` starting from the `/` directory, and find
large directories where files can be removed. E.g. unnecessary cached files,
Xcode platforms, etc.
- Once you are satisfied with the amount of free space, enable trim with `sudo trimforce enable`, and reboot.
- Zero out the empty space on the disk with `dd if=/dev/zero of=./empty && rm -f empty`
- Shut down the VM and copy out the qcow image with `docker cp stoppedcontainer:/home/arch/OSX-KVM/mac_hdd_ng.img .`
- Run `qemu-img check -r all mac_hdd_ng.img` to fix any errors.
- Run `qemu-img convert -O qcow2 mac_hdd_ng.img deduped.img` and check for errors again
- **OPTIONAL:** Run `qemu-img convert -c -O qcow2 deduped.img compressed.img` to further compress the image. This may reduce the runtime speed though, but it should reduce the size by roughly 25%.
- Check for errors again, and build a fresh docker image. E.g. with this Dockerfile
```
FROM sickcodes/docker-osx
USER arch
COPY --chown=arch ./deduped.img /home/arch/OSX-KVM/mac_hdd_ng.img
```
### Run Docker-OSX headlessly with Telnet
First make sure [autoboot is enabled](#autoboot-into-osx-after-youve-installed-everything)
Next, you will want to set up SSH to be automatically started.
```bash
sudo systemsetup -setremotelogin on
```
Make sure to commit the new docker image and save it, or rebuild as described in the [section on reducing disk space](#how-to-reduce-the-size-of-the-image).
Then run it with these arguments.
```bash
# Run with the -nographic flag, and enable a telnet interface
docker run \
--device /dev/kvm \
-p 50922:10022 \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e EXTRA="-monitor telnet::45454,server,nowait -nographic -serial null" \
mycustomimage
```
### What mirrors are appropriate to use to build Docker-OSX locally?
If you are building Docker-OSX locally, you'll probably want to use Arch Linux's mirrors.
Mirror locations can be found here (uses two-letter country codes): https://archlinux.org/mirrorlist/all/
```bash
docker build -t docker-osx:latest \
--build-arg RANKMIRRORS=true \
--build-arg MIRROR_COUNTRY=US \
--build-arg MIRROR_COUNT=10 \
--build-arg SHORTNAME=catalina \
--build-arg SIZE=200G .
```
### Custom QEMU Arguments (passthrough devices)
Pass any devices/directories to the Docker container & the QEMU arguments using the handy runtime argument provider option `-e EXTRA=`.
```bash
# example customizations
docker run \
-e RAM=4 \
-e SMP=4 \
-e CORES=4 \
-e EXTRA='-usb -device usb-host,hostbus=1,hostaddr=8' \
-e INTERNAL_SSH_PORT=23 \
-e MAC_ADDRESS="$(xxd -c1 -p -l 6 /dev/urandom | tr '\n' ':' | cut -c1-17)" \
-e AUDIO_DRIVER=alsa \
-e IMAGE_PATH=/image \
-e SCREEN_SHARE_PORT=5900 \
-e DISPLAY=:0 \
-e NETWORKING=vmxnet3 \
--device /dev/kvm \
--device /dev/snd \
-v /tmp/.X11-unix:/tmp/.X11-unix \
docker-osx:latest
```
### Generating serial numbers
Generate serial numbers in `./custom` OR make docker generate them at runtime (see below).
At any time, verify your serial number before logging into iCloud, etc.
```bash
# this is a quick way to check your serial number via cli inside OSX
ioreg -l | grep IOPlatformSerialNumber
# test some commands
sshpass -p 'alpine' ssh user@localhost -p 50922 'ping google.com'
# check your serial number
sshpass -p 'alpine' ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber'
```
#### Getting started with serial numbers
```bash
# ARCH
pacman -S libguestfs
# UBUNTU DEBIAN
apt install libguestfs -y
# RHEL FEDORA CENTOS
yum install libguestfs -y
```
Inside the `./custom` folder you will find `4` scripts.
- `config-nopicker-custom.plist`
- `opencore-image-ng.sh`
These two files are from OSX-KVM.
You don't need to touch these two files.
The config.plist has 5 values replaced with placeholders. [Click here to see those values for no reason.](https://github.com/sickcodes/Docker-OSX/blob/master/custom/config-nopicker-custom.plist#L705)
- `generate-unique-machine-values.sh`
This script will generate serial numbers, with Mac Addresses, plus output to CSV/TSV, plus make a `bootdisk image`.
You can create hundreds, `./custom/generate-unique-machine-values.sh --help`
```bash
./custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk OpenCore.qcow2 \
--output-env source.env.sh
```
Or if you have some specific serial numbers...
- `generate-specific-bootdisk.sh`
```bash
generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk OpenCore-nopicker.qcow2
```
#### This example generates a random set of serial numbers at runtime, headlessly
```bash
# proof of concept only, generates random serial numbers, headlessly, and quits right after.
docker run --rm -it \
--device /dev/kvm \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_UNIQUE=true \
-e DEVICE_MODEL="iMacPro1,1" \
sickcodes/docker-osx:auto
# -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
```
#### This example generates a specific set of serial numbers at runtime
```bash
# run the same as above 17gb auto image, with SSH, with nopicker, and save the bootdisk for later.
# you don't need to save the bootdisk IF you supply specific serial numbers!
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
-e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
sickcodes/docker-osx:auto
```
#### This example generates a specific set of serial numbers at runtime, with your existing image, at 1000x1000 display resolution
```bash
# run an existing image in current directory, with a screen, with SSH, with nopicker.
stat mac_hdd_ng.img # make sure you have an image if you're using :naked
docker run -it \
-v "${PWD}/mac_hdd_ng.img:/image" \
--device /dev/kvm \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
-e WIDTH=1000 \
-e HEIGHT=1000 \
sickcodes/docker-osx:naked
```
If you want to generate serial numbers, either make them at runtime using
` -e GENERATE_UNIQUE=true \`
Or you can generate them inside the `./custom` folder. And then use:
```bash
-e GENERATE_SPECIFIC=true \
-e SERIAL="" \
-e BOARD_SERIAL="" \
-e UUID="" \
-e MAC_ADDRESS="" \
```
#### Making serial numbers persist across reboots
```bash
stat mac_hdd_ng_testing.img
touch ./output.env
# generate fresh random serial numbers, with a screen, using your own image, and save env file with your new serial numbers for later.
docker run -it \
--device /dev/kvm \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_UNIQUE=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-v "${PWD}/output.env:/env" \
-v "${PWD}/mac_hdd_ng_testing.img:/image" \
sickcodes/docker-osx:naked
```
To use iMessage or iCloud you need to change `5` values.
- `SERIAL`
- `BOARD_SERIAL`
- `UUID`
- `MAC_ADDRESS`
_`ROM` is just the lowercased mac address, without `:` between each word._
You can tell the container to generate them for you using `-e GENERATE_UNIQUE=true`
Or tell the container to use specific ones using `-e GENERATE_SPECIFIC=true`
```bash
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
```
### Changing display resolution
The display resolution is controlled by this line:
https://github.com/sickcodes/Docker-OSX/blob/master/custom/config-nopicker-custom.plist#L819
Instead of mounting that disk, Docker-OSX will generate a new `OpenCore.qcow2` by using this one cool trick:
```bash
-e GENERATE_UNIQUE=true \
-e WIDTH=800 \
-e HEIGHT=600 \
```
To use `WIDTH`/`HEIGHT`, you must use with either `-e GENERATE_UNIQUE=true` or `-e GENERATE_SPECIFIC=true`.
It will take around 30 seconds longer to boot because it needs to make a new boot partition using `libguestfs`.
```bash
-e GENERATE_SPECIFIC=true \
-e WIDTH=1920 \
-e HEIGHT=1080 \
-e SERIAL="" \
-e BOARD_SERIAL="" \
-e UUID="" \
-e MAC_ADDRESS="" \
```
#### Change Docker-OSX Resolution Examples
```bash
# using an image in your current directory
stat mac_hdd_ng.img
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v "${PWD}/mac_hdd_ng.img:/image" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
-e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/custom/config-nopicker-custom.plist \
-e WIDTH=1600 \
-e HEIGHT=900 \
sickcodes/docker-osx:naked
```
```bash
# generating random serial numbers, using the DIY installer, along with the screen resolution changes.
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e GENERATE_UNIQUE=true \
-e WIDTH=800 \
-e HEIGHT=600 \
sickcodes/docker-osx:latest
```
Here's a few other resolutions! If your resolution is invalid, it will default to 800x600.
```
-e WIDTH=800 \
-e HEIGHT=600 \
```
```
-e WIDTH=1280 \
-e HEIGHT=768 \
```
```
-e WIDTH=1600 \
-e HEIGHT=900 \
```
```
-e WIDTH=1920 \
-e HEIGHT=1080 \
```
```
-e WIDTH=2560 \
-e HEIGHT=1600 \
```
#### This example shows how to change resolution after the container is created.
First step is to stop the docker daemon
```
sudo systemctl stop docker
```
The second step is to change container config in
```
/var/lib/docker/containers/[container-id]/config.v2.json
```
(Suppose your original WIDTH is 1024 and HEIGHT is 768, you can search 1024 and replace it with the new value. Same for 768.)
The last step is to restart the docker daemon
```
sudo systemctl restart docker
```
### Mounting physical disks in Mac OSX
Pass the disk into the container as a volume and then pass the disk again into QEMU command line extras with.
Use the `config-custom.plist` because you probably want to see the boot menu, otherwise omit the first line:
```bash
DISK_TWO="${PWD}/mount_me.img"
```
```dockerfile
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
-v "${DISK_TWO}:/disktwo" \
-e EXTRA='-device ide-hd,bus=sata.5,drive=DISK-TWO -drive id=DISK-TWO,if=none,file=/disktwo,format=qcow2' \
```
#### Physical disk mounting example
```bash
OSX_IMAGE="${PWD}/mac_hdd_ng_xcode_bigsur.img"
DISK_TWO="${PWD}/mount_me.img"
docker run -it \
--device /dev/kvm \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
-v "${OSX_IMAGE}":/image \
-v "${DISK_TWO}":/disktwo \
-e EXTRA='-device ide-hd,bus=sata.5,drive=DISK-TWO -drive id=DISK-TWO,if=none,file=/disktwo,format=qcow2' \
sickcodes/docker-osx:naked
```
See also: [here](https://github.com/sickcodes/Docker-OSX/issues/222).
#### Extracting the APFS disk on Linux
In Docker-OSX, we are using `qcow2` images.
This means the image grows as you use it, but the guest OS thinks you have 200GB available.
**READ ONLY**
```bash
# mount the qemu image like a real disk
sudo modprobe nbd max_part=8
sudo qemu-nbd --connect=/dev/nbd0 ./image.img
sudo fdisk /dev/nbd0 -l
mkdir -p ./mnt
sudo mount /dev/nbd0p1 ./mnt
# inspect partitions (2 partitions)
sudo fdisk /dev/nbd0 -l
# mount using apfs-linux-rw OR apfs-fuse
mkdir -p ./part
sudo mount /dev/nbd0p2 ./part
sudo apfs-fuse -o allow_other /dev/nbd0p2 ./part
```
When you are finishing looking at your disk, you can unmount the partition, the disk, and remove the loopback device:
```bash
sudo umount ./part
sudo umount ./mnt
sudo qemu-nbd --disconnect /dev/nbd0
sudo rmmod nbd
```
### USB Passthrough
Firstly, QEMU must be started as root.
It is also potentially possible to accomplish USB passthrough by changing the permissions of the device in the container.
See [here](https://www.linuxquestions.org/questions/slackware-14/qemu-usb-permissions-744557/#post3628691).
For example, create a new Dockerfile with the following
```bash
FROM sickcodes/docker-osx
USER arch
RUN sed -i -e s/exec\ qemu/exec\ sudo\ qemu/ ./Launch.sh
COPY --chown=arch ./new_image.img /home/arch/OSX-KVM/mac_hdd_ng.img
```
Where `new_image.img` is the qcow2 image you extracted. Then rebuild with `docker build .`
Next we need to find out the bus and port numbers of the USB device we want to pass through to the VM:
```bash
lsusb -t
/: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/6p, 5000M
/: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/12p, 480M
|__ Port 2: Dev 5, If 0, Class=Human Interface Device, Driver=usbhid, 12M
|__ Port 2: Dev 5, If 1, Class=Chip/SmartCard, Driver=, 12M
|__ Port 3: Dev 2, If 0, Class=Wireless, Driver=, 12M
|__ Port 3: Dev 2, If 1, Class=Wireless, Driver=, 12M
|__ Port 5: Dev 3, If 0, Class=Video, Driver=uvcvideo, 480M
|__ Port 5: Dev 3, If 1, Class=Video, Driver=uvcvideo, 480M
```
In this example, we want to pass through a smartcard device. The device we want is on bus 1 and port 2.
There may also be differences if your device is usb 2.0 (ehci) vs usb 3.0 (xhci).
See [here](https://unix.stackexchange.com/a/452946/101044) for more details.
```bash
# hostbus and hostport correspond to the numbers from lsusb
# runs in privileged mode to enable access to the usb devices.
docker run \
--privileged \
--device /dev/kvm \
-e RAM=4 \
-p 50922:10022 \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e EXTRA="-device virtio-serial-pci -device usb-host,hostbus=1,hostport=2" \
mycustomimage
```
You should see the device show up when you do `system_profiler SPUSBDataType` in the MacOS shell.
Important Note: this will cause the host system to lose access to the USB device while the VM is running!
## Container creation examples
#### Quick Start your own image (naked container image)
This is my favourite container. You can supply an existing disk image as a Docker command line argument.
- Pull images out using `sudo find /var/lib/docker -name mac_hdd_ng.img -size +10G`
- Supply your own local image with the command argument `-v "${PWD}/mac_hdd_ng.img:/image"` and use `sickcodes/docker-osx:naked` when instructing Docker to create your container.
- Naked image is for booting any existing .img file, e.g in the current working directory (`$PWD`)
- By default, this image has a variable called `NOPICKER` which is `"true"`. This skips the disk selection menu. Use `-e NOPICKER=false` or any other string than the word `true` to enter the boot menu.
This lets you use other disks instead of skipping the boot menu, e.g. recovery disk or disk utility.
```bash
docker pull sickcodes/docker-osx:naked
# run your own image + SSH
# change mac_hdd_ng.img
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v "${PWD}/mac_hdd_ng.img:/image" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
sickcodes/docker-osx:naked
# run local copy of the auto image + SSH + Boot menu
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v "${PWD}/mac_hdd_ng_auto.img:/image" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e "NOPICKER=false" \
sickcodes/docker-osx:naked
```
### Building an OSX container with video output
The Quick Start command should work out of the box, provided that you keep the following lines. Works in `auto` & `naked` machines:
```
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
```
#### Prebuilt image with arbitrary command line arguments
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
`-e OSX_COMMANDS` lets you run any commands inside the container
```bash
docker pull sickcodes/docker-osx:auto
# boot to OS X shell + display + specify commands to run inside OS X!
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e "OSX_COMMANDS=/bin/bash -c \"put your commands here\"" \
sickcodes/docker-osx:auto
# Boots in a minute or two!
```
OR if you have an image already and just want to log in and execute arbitrary commands:
```bash
docker pull sickcodes/docker-osx:naked-auto
# boot to OS X shell + display + specify commands to run inside OS X!
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e USERNAME=yourusername \
-e PASSWORD=yourpassword \
-e "OSX_COMMANDS=/bin/bash -c \"put your commands here\"" \
sickcodes/docker-osx:naked-auto
# Boots in a minute or two!
```
### Further examples
There's a myriad of other potential use cases that can work perfectly with Docker-OSX, some of which you'll see below!
### Building a headless OSX container
For a headless container, **remove** the following two lines from your `docker run` command:
```
# -v /tmp/.X11-unix:/tmp/.X11-unix \
# -e "DISPLAY=${DISPLAY:-:0.0}" \
```
#### Building a headless container from a custom image
[](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated)
This is particularly helpful for CI/CD pipelines.
```bash
# run your own image headless + SSH
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-v "${PWD}/mac_hdd_ng.img:/image" \
sickcodes/docker-osx:naked
```
### Building a headless container that allows insecure VNC on localhost (!for local use only!)
**Must change -it to -i to be able to interact with the QEMU console**
**To exit a container using -i you must `docker kill <containerid>`. For example, to kill everything, `docker ps | xargs docker kill`.**
Native QEMU VNC example
```bash
docker run -i \
--device /dev/kvm \
-p 50922:10022 \
-p 5999:5999 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \
sickcodes/docker-osx:big-sur
# type `change vnc password myvncusername` into the docker terminal and set a password
# connect to localhost:5999 using VNC
# qemu 6 seems to require a username for vnc now
```
**NOT TLS/HTTPS Encrypted at all!**
Or `ssh -N root@1.1.1.1 -L 5999:127.0.0.1:5999`, where `1.1.1.1` is your remote server IP.
(Note: if you close port 5999 and use the SSH tunnel, this becomes secure.)
### Building a headless container to run remotely with secure VNC
Add the following line:
`-e EXTRA="-display none -vnc 0.0.0.0:99,password=on"`
In the Docker terminal, press `enter` until you see `(qemu)`.
Type `change vnc password someusername`
Enter a password for your new vnc username^.
You also need the container IP: `docker inspect <containerid> | jq -r '.[0].NetworkSettings.IPAddress'`
Or `ip n` will usually show the container IP first.
Now VNC connects using the Docker container IP, for example `172.17.0.2:5999`
Remote VNC over SSH: `ssh -N root@1.1.1.1 -L 5999:172.17.0.2:5999`, where `1.1.1.1` is your remote server IP and `172.17.0.2` is your LAN container IP.
Now you can direct connect VNC to any container built with this command!
### I'd like to use SPICE instead of VNC
Optionally, you can enable the SPICE protocol, which allows use of `remote-viewer` to access your OSX container rather than VNC.
Note: `-disable-ticketing` will allow unauthenticated access to the VM. See the [spice manual](https://www.spice-space.org/spice-user-manual.html) for help setting up authenticated access ("Ticketing").
```bash
docker run \
--device /dev/kvm \
-p 3001:3001 \
-p 50922:10022 \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-e EXTRA="-monitor telnet::45454,server,nowait -nographic -serial null -spice disable-ticketing,port=3001" \
mycustomimage
```
Then simply do `remote-viewer spice://localhost:3001` and add `--spice-debug` for debugging.
#### Creating images based on an already configured and set up container
```bash
# You can create an image of an already configured and setup container.
# This allows you to effectively duplicate a system.
# To do this, run the following commands
# make note of your container id
docker ps --all
docker commit containerid newImageName
# To run this image do the following
docker run \
--device /dev/kvm \
--device /dev/snd \
-v /tmp/.X11-unix:/tmp/.X11-unix \
newImageName
```
```bash
docker pull sickcodes/docker-osx:auto
# boot directly into a real OS X shell with no display (Xvfb) [HEADLESS]
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
sickcodes/docker-osx:auto
# username is user
# password is alpine
# Wait 2-3 minutes until you drop into the shell.
```
#### Run the original version of Docker-OSX
```bash
docker pull sickcodes/docker-osx:latest
docker run -it \
--device /dev/kvm \
--device /dev/snd \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
sickcodes/docker-osx:latest
# press CTRL + G if your mouse gets stuck
# scroll down to troubleshooting if you have problems
# need more RAM and SSH on localhost -p 50922?
```
#### Run but enable SSH in OS X (Original Version)!
```bash
docker run -it \
--device /dev/kvm \
--device /dev/snd \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
sickcodes/docker-osx:latest
# turn on SSH after you've installed OS X in the "Sharing" settings.
ssh user@localhost -p 50922
```
#### Autoboot into OS X after you've installed everything
Add the extra option `-e NOPICKER=true`.
Old machines:
```bash
# find your containerID
docker ps
# move the no picker script on top of the Launch script
# NEW CONTAINERS
docker exec containerID mv ./Launch-nopicker.sh ./Launch.sh
# VNC-VERSION-CONTAINER
docker exec containerID mv ./Launch-nopicker.sh ./Launch_custom.sh
# LEGACY CONTAINERS
docker exec containerID bash -c "grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh
chmod +x ./Launch-nopicker.sh
sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh
"
```
### The big-sur image starts slowly after installation. Is this expected?
Automatic updates are still on in the container's settings. You may wish to turn them off. [We have future plans for development around this.](https://github.com/sickcodes/Docker-OSX/issues/227)
### What is `${DISPLAY:-:0.0}`?
`$DISPLAY` is the shell variable that refers to your X11 display server.
`${DISPLAY}` is the same, but allows you to join variables like this:
- e.g. `${DISPLAY}_${DISPLAY}` would print `:0.0_:0.0`
- e.g. `$DISPLAY_$DISPLAY` would print `:0.0`
...because `$DISPLAY_` is not `$DISPLAY`
`${variable:-fallback}` allows you to set a "fallback" variable to be substituted if `$variable` is not set.
You can also use `${variable:=fallback}` to set that variable (in your current terminal).
In Docker-OSX, we assume, `:0.0` is your default `$DISPLAY` variable.
You can see what yours is
```bash
echo $DISPLAY
```
That way, `${DISPLAY:-:0.0}` will use whatever variable your X11 server has set for you, else `:0.0`
### What is `-v /tmp/.X11-unix:/tmp/.X11-unix`?
`-v` is a Docker command-line option that lets you pass a volume to the container.
The directory that we are letting the Docker container use is a X server display socket.
`/tmp/.X11-unix`
If we let the Docker container use the same display socket as our own environment, then any applications you run inside the Docker container will show up on your screen too! [https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html](https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html)
### ALSA errors on startup or container creation
You may when initialising or booting into a container see errors from the `(qemu)` console of the following form:
`ALSA lib blahblahblah: (function name) returned error: no such file or directory`. These are more or less expected. As long as you are able to boot into the container and everything is working, no reason to worry about these.
See also: [here](https://github.com/sickcodes/Docker-OSX/issues/174).
================================================
FILE: custom/README.md
================================================
# OSX Serial Generator
This folder has been moved to its own repository :)
This is a temporary copy for hardlinks.
See [https://github.com/sickcodes/osx-serial-generator](https://github.com/sickcodes/osx-serial-generator)
================================================
FILE: custom/config-custom.plist
================================================
<!-- This file is modified by @sickcodes from https://github.com/kholia/OSX-KVM/tree/master/OpenCore-Catalina -->
<!-- The modifications are placeholders for: {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, {{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}} -->
<!-- All credit for this file https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ACPI</key>
<dict>
<key>Add</key>
<array>
<dict>
<key>Comment</key>
<string>My custom DSDT</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>DSDT.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>My custom SSDT</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-1.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-ALS0.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-AWAC-DISABLE.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-BRG0.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-EC-USBX.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Fake EC and USBX Power</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-EC.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-EHCx-DISABLE.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-IMEI.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>CPU AGPM Plugin=1</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-PLUG.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-PMC.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-PNLF.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-PNLFCFL.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-RTC0-RANGE.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-RTC0.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-SBUS-MCHC.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Read the comment in dsl sample</string>
<key>Enabled</key>
<false/>
<key>Path</key>
<string>SSDT-UNC.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>add DTGP method</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-DTGP.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>USB 2.0 Injection</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-EHCI.aml</string>
</dict>
</array>
<key>Delete</key>
<array>
<dict>
<key>All</key>
<false/>
<key>Comment</key>
<string>Delete CpuPm</string>
<key>Enabled</key>
<false/>
<key>OemTableId</key>
<data>Q3B1UG0AAAA=</data>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data>U1NEVA==</data>
</dict>
<dict>
<key>All</key>
<false/>
<key>Comment</key>
<string>Delete Cpu0Ist</string>
<key>Enabled</key>
<false/>
<key>OemTableId</key>
<data>Q3B1MElzdAA=</data>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data>U1NEVA==</data>
</dict>
</array>
<key>Patch</key>
<array>
<dict>
<key>Base</key>
<string></string>
<key>BaseSkip</key>
<integer>0</integer>
<key>Comment</key>
<string>Replace one byte sequence with another</string>
<key>Count</key>
<integer>0</integer>
<key>Enabled</key>
<false/>
<key>Find</key>
<data>ESIzRA==</data>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data></data>
<key>OemTableId</key>
<data></data>
<key>Replace</key>
<data>RDMiEQ==</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data></data>
</dict>
<dict>
<key>Base</key>
<string>\_SB.PCI0.LPCB.HPET</string>
<key>BaseSkip</key>
<integer>0</integer>
<key>Comment</key>
<string>HPET _CRS to XCRS</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<false/>
<key>Find</key>
<data>X0NSUw==</data>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data></data>
<key>OemTableId</key>
<data></data>
<key>Replace</key>
<data>WENSUw==</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data></data>
</dict>
</array>
<key>Quirks</key>
<dict>
<key>FadtEnableReset</key>
<false/>
<key>NormalizeHeaders</key>
<false/>
<key>RebaseRegions</key>
<false/>
<key>ResetHwSig</key>
<false/>
<key>ResetLogoStatus</key>
<true/>
<key>SyncTableIds</key>
<false/>
</dict>
</dict>
<key>Booter</key>
<dict>
<key>MmioWhitelist</key>
<array/>
<key>Quirks</key>
<dict>
<key>AllowRelocationBlock</key>
<false/>
<key>AvoidRuntimeDefrag</key>
<true/>
<key>DevirtualiseMmio</key>
<false/>
<key>DisableSingleUser</key>
<false/>
<key>DisableVariableWrite</key>
<false/>
<key>DiscardHibernateMap</key>
<false/>
<key>EnableSafeModeSlide</key>
<true/>
<key>EnableWriteUnprotector</key>
<true/>
<key>ForceBooterSignature</key>
<false/>
<key>ForceExitBootServices</key>
<false/>
<key>ProtectMemoryRegions</key>
<false/>
<key>ProtectSecureBoot</key>
<false/>
<key>ProtectUefiServices</key>
<false/>
<key>ProvideCustomSlide</key>
<true/>
<key>ProvideMaxSlide</key>
<integer>0</integer>
<key>RebuildAppleMemoryMap</key>
<false/>
<key>SetupVirtualMap</key>
<false/>
<key>SignalAppleOS</key>
<false/>
<key>SyncRuntimePermissions</key>
<false/>
</dict>
</dict>
<key>DeviceProperties</key>
<dict>
<key>Add</key>
<dict>
<key>PciRoot(0x1)/Pci(0x1F,0x0)</key>
<dict>
<key>compatible</key>
<string>pci8086,2916</string>
<key>device-id</key>
<data>
FikA
</data>
<key>name</key>
<string>pci8086,2916</string>
</dict>
</dict>
<key>Delete</key>
<dict/>
</dict>
<key>Kernel</key>
<dict>
<key>Add</key>
<array>
<dict>
<key>Arch</key>
<string>Any</string>
<key>BundlePath</key>
<string>Lilu.kext</string>
<key>Comment</key>
<string>Patch engine</string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string>Contents/MacOS/Lilu</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string>8.0.0</string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dic
gitextract_e88t8r5q/
├── .github/
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE/
│ │ ├── issue-running-docker-osx.md
│ │ └── open-an-issue.md
│ └── workflows/
│ └── docker-build.yml
├── .gitmodules
├── CHANGELOG.md
├── CREDITS.md
├── Dockerfile
├── Dockerfile.auto
├── Dockerfile.naked
├── Dockerfile.naked-auto
├── FAQ.md
├── LICENSE
├── README.md
├── custom/
│ ├── README.md
│ ├── config-custom.plist
│ ├── config-legacy.plist
│ ├── config-nopicker-custom.plist
│ ├── config-nopicker-legacy.plist
│ ├── generate-specific-bootdisk.sh
│ ├── generate-unique-machine-values.sh
│ └── opencore-image-ng.sh
├── docker-compose.yml
├── fetch-macOS.py
├── glibc-linux4-2.33-4-x86_64.pkg.tar.zst
├── helm/
│ ├── Chart.yaml
│ ├── Dockerfile
│ ├── INSTALL-QEMU-AND-GPU-IOMMU.md
│ ├── README.md
│ ├── artifacthub-repo.yml
│ ├── docker-osx-0.2.0.tgz
│ ├── helm-chart-generate.sh
│ ├── index.yaml
│ ├── templates/
│ │ ├── _helpers.tpl
│ │ ├── configmap.yaml
│ │ ├── data-pvc.yaml
│ │ ├── deployment.yaml
│ │ ├── ingress.yaml
│ │ └── service.yaml
│ └── values.yaml
├── rankmirrors
├── scripts/
│ └── apply_appleid_kernelpatch.py
├── tests/
│ ├── boot-images.sh
│ └── test.sh
└── vnc-version/
├── Dockerfile
└── Dockerfile.nakedvnc
SYMBOL INDEX (16 symbols across 2 files) FILE: fetch-macOS.py function readPlist (line 58) | def readPlist(self,filepath): function get_default_catalog (line 77) | def get_default_catalog(): class ReplicationError (line 84) | class ReplicationError(Exception): function cmd_exists (line 89) | def cmd_exists(cmd): function replicate_url (line 94) | def replicate_url(full_url, function parse_server_metadata (line 138) | def parse_server_metadata(filename): function get_server_metadata (line 167) | def get_server_metadata(catalog, product_key, workdir, ignore_cache=False): function parse_dist (line 183) | def parse_dist(filename): function download_and_parse_sucatalog (line 226) | def download_and_parse_sucatalog(sucatalog, workdir, ignore_cache=False): function find_mac_os_installers (line 252) | def find_mac_os_installers(catalog): function os_installer_product_info (line 269) | def os_installer_product_info(catalog, workdir, ignore_cache=False): function replicate_product (line 305) | def replicate_product(catalog, product_id, workdir, ignore_cache=False, ... function find_installer_app (line 330) | def find_installer_app(mountpoint): function determine_version (line 339) | def determine_version(version, product_info): function main (line 393) | def main(): FILE: scripts/apply_appleid_kernelpatch.py function add_kernel_patches (line 7) | def add_kernel_patches(config_path):
Condensed preview — 46 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (480K chars).
[
{
"path": ".github/FUNDING.yml",
"chars": 65,
"preview": "# These are supported funding model platforms\n\ngithub: sickcodes\n"
},
{
"path": ".github/ISSUE_TEMPLATE/issue-running-docker-osx.md",
"chars": 645,
"preview": "---\nname: Issue Running Docker-OSX\nabout: OS related issued, please help us identify the issue by posting the output\n o"
},
{
"path": ".github/ISSUE_TEMPLATE/open-an-issue.md",
"chars": 89,
"preview": "---\nname: Open an Issue\nabout: About anything!\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n\n"
},
{
"path": ".github/workflows/docker-build.yml",
"chars": 1399,
"preview": "name: Push Docker Image to Docker Hub\n\non:\n push:\n branches:\n - master\n\njobs:\n push_to_docker_hub:\n name: P"
},
{
"path": ".gitmodules",
"chars": 125,
"preview": "[submodule \"osx-serial-generator\"]\n\tpath = osx-serial-generator\n\turl = https://github.com/sickcodes/osx-serial-generator"
},
{
"path": "CHANGELOG.md",
"chars": 6465,
"preview": "|Version|Date|Notes|\n|---|---|---|\n| |2021-09-09|Add Monterey|\n| |2021-08-27|Add iPhone passthrough OTA!|\n|6.0|2021-"
},
{
"path": "CREDITS.md",
"chars": 6673,
"preview": "# Credits\n\nThe most important part of the project. You.\n\n## Upstream Acknowledgements:\n\nThis project uses OSX-KVM from h"
},
{
"path": "Dockerfile",
"chars": 17968,
"preview": "#!/usr/bin/docker\n# ____ __ ____ ______ __\n# / __ \\____ _____/ /_____ _____/ __ \\/ __"
},
{
"path": "Dockerfile.auto",
"chars": 11995,
"preview": "#!/usr/bin/docker\n# ____ __ ____ ______ __\n# / __ \\____ _____/ /_____ _____/ __ \\/ __"
},
{
"path": "Dockerfile.naked",
"chars": 7898,
"preview": "#!/usr/bin/docker\n# ____ __ ____ ______ __\n# / __ \\____ _____/ /_____ _____/ __ \\/ __"
},
{
"path": "Dockerfile.naked-auto",
"chars": 10947,
"preview": "#!/usr/bin/docker\n# ____ __ ____ ______ __\n# / __ \\____ _____/ /_____ _____/ __ \\/ __"
},
{
"path": "FAQ.md",
"chars": 19440,
"preview": "# Frequently Asked Questions\n\nThese questions come up regularly, so here are the answers.\n\n## Basics\n\n### Is this legal?"
},
{
"path": "LICENSE",
"chars": 35149,
"preview": " GNU GENERAL PUBLIC LICENSE\n Version 3, 29 June 2007\n\n Copyright (C) 2007 Free "
},
{
"path": "README.md",
"chars": 70637,
"preview": "# Docker-OSX · [Follow @sickcodes on Twitter](https://twitter.com/sickcodes)\n\n![Running Mac OS X in a Docker container]("
},
{
"path": "custom/README.md",
"chars": 224,
"preview": "# OSX Serial Generator\n\nThis folder has been moved to its own repository :)\n\nThis is a temporary copy for hardlinks.\n\nSe"
},
{
"path": "custom/config-custom.plist",
"chars": 32266,
"preview": "<!-- This file is modified by @sickcodes from https://github.com/kholia/OSX-KVM/tree/master/OpenCore-Catalina -->\n<!-- T"
},
{
"path": "custom/config-legacy.plist",
"chars": 19845,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "custom/config-nopicker-custom.plist",
"chars": 32267,
"preview": "<!-- This file is modified by @sickcodes from https://github.com/kholia/OSX-KVM/tree/master/OpenCore-Catalina -->\n<!-- T"
},
{
"path": "custom/config-nopicker-legacy.plist",
"chars": 19858,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/P"
},
{
"path": "custom/generate-specific-bootdisk.sh",
"chars": 8501,
"preview": "#!/bin/bash\n# ___ _____ __ ___ _ _ ___ _ \n# / _ \\/ __\\ \\/ / / __|"
},
{
"path": "custom/generate-unique-machine-values.sh",
"chars": 13676,
"preview": "#!/bin/bash\n# ___ _____ __ ___ _ _ ___ _ \n# / _ \\/ __\\ \\/ / / __|"
},
{
"path": "custom/opencore-image-ng.sh",
"chars": 3349,
"preview": "#!/usr/bin/env bash\n\n# https://github.com/kraxel/imagefish\n\n############################################################"
},
{
"path": "docker-compose.yml",
"chars": 491,
"preview": "version: '3.4'\n\nservices:\n osx:\n container_name: docker-osx\n build:\n context: .\n args:\n - SIZE=2"
},
{
"path": "fetch-macOS.py",
"chars": 17593,
"preview": "#!/usr/bin/env python3\n# encoding: utf-8\n#\n# https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.p"
},
{
"path": "helm/Chart.yaml",
"chars": 275,
"preview": "apiVersion: v1\nappVersion: \"0.0.1.0\"\ndescription: \"Containerized OSX! Run OSX in a pod, headlessly, or with Xvfb. Test y"
},
{
"path": "helm/Dockerfile",
"chars": 1950,
"preview": "#!/usr/bin/docker\n#\n# This Dockerfile is to be consumed with the docker_osx helm templates. It consumes the\n# Ubuntu im"
},
{
"path": "helm/INSTALL-QEMU-AND-GPU-IOMMU.md",
"chars": 6594,
"preview": "# Install macOS Docker Virtualization\n## Setup\nThis walks through setting up QEMU virtualization for running macOS in Do"
},
{
"path": "helm/README.md",
"chars": 3437,
"preview": "# docker-osx\n\nDocker-OSX Helm Chart for Kubernetes.\n\nProject page: https://github.com/sickcodes/docker-osx\n\nAvailable no"
},
{
"path": "helm/artifacthub-repo.yml",
"chars": 195,
"preview": "# Artifact Hub repository metadata file\nrepositoryID: 7b2e9eeb-620a-43e8-b2cc-24ca33125bfc\nowners: # (optional, used to "
},
{
"path": "helm/helm-chart-generate.sh",
"chars": 229,
"preview": "#!/usr/bin/env bash\n# Author: sick.codes\n# License: GPLv3+\n# Repo: https://github.com/sickcodes/Docker-OSX/\n# cd ../helm"
},
{
"path": "helm/index.yaml",
"chars": 622,
"preview": "apiVersion: v1\nentries:\n docker-osx:\n - apiVersion: v1\n appVersion: 0.0.1.0\n created: \"2021-02-27T04:15:48.78486"
},
{
"path": "helm/templates/_helpers.tpl",
"chars": 1054,
"preview": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"docker-osx.name\" -}}\n{{- defau"
},
{
"path": "helm/templates/configmap.yaml",
"chars": 43003,
"preview": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: {{ template \"docker-osx.fullname\" . }}-boot-components\ndata:\n config.p"
},
{
"path": "helm/templates/data-pvc.yaml",
"chars": 884,
"preview": "{{- if and .Values.persistence.data.enabled (not .Values.persistence.data.existingClaim) }}\napiVersion: v1\nkind: Persist"
},
{
"path": "helm/templates/deployment.yaml",
"chars": 5067,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ include \"docker-osx.fullname\" . }}\n labels:\n app.kubernete"
},
{
"path": "helm/templates/ingress.yaml",
"chars": 987,
"preview": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"docker-osx.fullname\" . -}}\n{{- $ingressPath := .Values.ingr"
},
{
"path": "helm/templates/service.yaml",
"chars": 960,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ include \"docker-osx.fullname\" . }}\n labels:\n app.kubernetes.io/nam"
},
{
"path": "helm/values.yaml",
"chars": 6864,
"preview": "# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n reposi"
},
{
"path": "rankmirrors",
"chars": 6702,
"preview": "#!/usr/bin/bash\n#\n# rankmirrors - read a list of mirrors from a file and rank them by speed\n# Generated from rankmir"
},
{
"path": "scripts/apply_appleid_kernelpatch.py",
"chars": 3019,
"preview": "#!/usr/bin/env python3\nimport plistlib\nimport base64\nimport os\nimport sys\n\ndef add_kernel_patches(config_path):\n # Ma"
},
{
"path": "tests/boot-images.sh",
"chars": 2025,
"preview": "#!/bin/bash\n# Author: Sick.Codes https://twitter.com/sickcodes\n# Contact: https://github.com/sickcodes, https"
},
{
"path": "tests/test.sh",
"chars": 10315,
"preview": "#!/usr/bin/bash\n# ____ __ ____ ______ __\n# / __ \\____ _____/ /_____ _____/ __ \\/ ___/"
},
{
"path": "vnc-version/Dockerfile",
"chars": 5237,
"preview": "#!/usr/bin/docker\n# ____ __ ____ ______ __\n# / __ \\____ _____/ /_____ _____/ __ \\/ __"
},
{
"path": "vnc-version/Dockerfile.nakedvnc",
"chars": 7898,
"preview": "#!/usr/bin/docker\n# ____ __ ____ ______ __\n# / __ \\____ _____/ /_____ _____/ __ \\/ __"
}
]
// ... and 2 more files (download for full content)
About this extraction
This page contains the full source code of the sickcodes/Docker-OSX GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 46 files (434.5 KB), approximately 134.2k tokens, and a symbol index with 16 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.