Repository: sickcodes/Docker-OSX Branch: master Commit: aa05a2c9a06a Files: 46 Total size: 434.5 KB Directory structure: gitextract_e88t8r5q/ ├── .github/ │ ├── FUNDING.yml │ ├── ISSUE_TEMPLATE/ │ │ ├── issue-running-docker-osx.md │ │ └── open-an-issue.md │ └── workflows/ │ └── docker-build.yml ├── .gitmodules ├── CHANGELOG.md ├── CREDITS.md ├── Dockerfile ├── Dockerfile.auto ├── Dockerfile.naked ├── Dockerfile.naked-auto ├── FAQ.md ├── LICENSE ├── README.md ├── custom/ │ ├── README.md │ ├── config-custom.plist │ ├── config-legacy.plist │ ├── config-nopicker-custom.plist │ ├── config-nopicker-legacy.plist │ ├── generate-specific-bootdisk.sh │ ├── generate-unique-machine-values.sh │ └── opencore-image-ng.sh ├── docker-compose.yml ├── fetch-macOS.py ├── glibc-linux4-2.33-4-x86_64.pkg.tar.zst ├── helm/ │ ├── Chart.yaml │ ├── Dockerfile │ ├── INSTALL-QEMU-AND-GPU-IOMMU.md │ ├── README.md │ ├── artifacthub-repo.yml │ ├── docker-osx-0.2.0.tgz │ ├── helm-chart-generate.sh │ ├── index.yaml │ ├── templates/ │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── data-pvc.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ └── values.yaml ├── rankmirrors ├── scripts/ │ └── apply_appleid_kernelpatch.py ├── tests/ │ ├── boot-images.sh │ └── test.sh └── vnc-version/ ├── Dockerfile └── Dockerfile.nakedvnc ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/FUNDING.yml ================================================ # These are supported funding model platforms github: sickcodes ================================================ FILE: .github/ISSUE_TEMPLATE/issue-running-docker-osx.md ================================================ --- name: Issue Running Docker-OSX about: OS related issued, please help us identify the issue by posting the output of this title: '' labels: '' assignees: '' --- # OS related issued, please help us identify the issue by posting the output of this uname -a \ ; echo "${DISPLAY}" \ ; echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs \ ; grep NAME /etc/os-release \ ; df -h . \ ; qemu-system-x86_64 --version \ ; libvirtd --version \ ; free -mh \ ; nproc \ ; egrep -c '(svm|vmx)' /proc/cpuinfo \ ; ls -lha /dev/kvm \ ; ls -lha /tmp/.X11-unix/ \ ; ps aux | grep dockerd \ ; docker ps | grep osx \ ; grep "docker\|kvm\|virt" /etc/group ================================================ FILE: .github/ISSUE_TEMPLATE/open-an-issue.md ================================================ --- name: Open an Issue about: About anything! title: '' labels: '' assignees: '' --- ================================================ FILE: .github/workflows/docker-build.yml ================================================ name: Push Docker Image to Docker Hub on: push: branches: - master jobs: push_to_docker_hub: name: Push Docker Image to Docker Hub runs-on: ubuntu-latest steps: - name: Checkout code id: checkout_code uses: actions/checkout@v3 - name: Login to Docker Hub id: login_docker_hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER_NAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Echo Docker Hub Username run: echo ${{ secrets.DOCKER_HUB_USER_NAME }} - name: Echo GitHub SHA run: echo $GITHUB_SHA - name: Build Docker image id: build_image run: | docker build "$GITHUB_WORKSPACE" -t sickcodes/docker-osx:master --label dockerfile-path="Dockerfile" - name: Label Master Docker Image as Latest id: label_image run: | docker tag sickcodes/docker-osx:master sickcodes/docker-osx:latest - name: Push Docker image master id: push_master run: docker push sickcodes/docker-osx:master - name: Push Docker image latest id: push_latest run: docker push sickcodes/docker-osx:latest - name: Logout from Docker Hub run: docker logout - name: End run: echo "Docker image pushed to Docker Hub successfully" ================================================ FILE: .gitmodules ================================================ [submodule "osx-serial-generator"] path = osx-serial-generator url = https://github.com/sickcodes/osx-serial-generator.git ================================================ FILE: CHANGELOG.md ================================================ |Version|Date|Notes| |---|---|---| | |2021-09-09|Add Monterey| | |2021-08-27|Add iPhone passthrough OTA!| |6.0|2021-08-25|Added naked-auto. Keep kernel at 5.13, even tho it's just for supermin.| |5.0|2021-07-25|Retire glibc patch. Retire file command patch. Add bootmenu=on.| | |2021-07-08|Add CPUID_FLAGS to edit the CPUID flags on the fly.| |4.4|2021-05-06|Prepare nakedvnc for hub.docker.com. Add `ENV BOOT_ARGS=` to supply additon boot arguments, for example, `vmx,rdtscp`. Add `ENV CPU=Penryn` to allow changes to the CPU emulation, for example, `Skylake-Client`, or see [more examples here](https://manpages.ubuntu.com/manpages/disco/man7/qemu-cpu-models.7.html).| | |2021-05-04|Disable arbitrary chown warning| | |2021-04-27|Fixed missing sudo| | |2021-04-18|Add LIBGUESTFS debug & trace commands, exit on fail when creating bootdisks. Silence touch errors.| |4.3|2021-03-24|Enable interactive QEMU again. Remove envsubst since we are already using bash... Add set -x flag| |4.2|2021-03-24|Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add `IMAGE_FORMAT=qcow2` to allow `IMAGE_FORMAT=raw` too.| | |2021-03-19|Use RAM=3 as the default RAM allocation. Add instructions to clear buff/cache.| | |2021-03-17|Add RAM=max and RAM=half to dynamically select ram at runtime (DEFAULT).| | |2021-03-06|Change envs to require --envs. Automatically enable --envs if --output-env is used. Same for plists, bootdisks. Fix help ugliness and sanity of generate serial scripts. Fix bootdisk not getting written to persistent file when using NOPICKER=true. NOPICKER=true is overridden by a custom plist now anyway. Remove useless case statements. Allow -e HEADLESS=true as human readable alternative to -e DISPLAY=:99.| |4.1|2021-03-04|Add `-e MASTER_PLIST_URL` to all images to allow using your own remote plist.| | |2021-03-03|Add `WIDTH` and `HEIGHT` to set the x and y resolutions, use in conjuction with serial numbers.| | |2021-03-02|Add ADDITIONAL_PORTS, for example `-e ADDITIONAL_PORTS='hostfwd=tcp::23-:23,'`| |4.0|2021-02-27|Add big-sur support. Use `sickcodes/docker-osx:big-sur` or build using `--build-arg VERSION=11`| | |2021-02-26|Change `-e NOPICKER=true` to simply do `sed -i '/^.*InstallMedia.*/d' Launch.sh` and `export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2`.| |3.2|2021-02-25|Add a script to generate unique machine serial numbers. Add a script to generate a bootdisk from given serial numbers. Add Linux for libguestfs which allows the docker container to make QEMU bootdisks with specific serial numbers.| | |2021-02-21|Add NOPICKER environment variable to ALL images.| |3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.| | |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.| | |2021-02-07|Add MAC_ADDRESS environment variable.| | |2021-02-03|Employ wget --no-verbose to avoid buffer overload in hub.docker.com.| | |2021-02-03|Reduce build size.| | |2021-01-27|Add OSX_COMMANDS to allow runtime commands on :auto image.| | |2021-01-26|Removed most pointless VOLUME build commands.| |3.0|2021-01-23|Add fast mode boot straight to shell. And -v $PWD/disk.img:/image for all Dockerfiles| | |2021-01-22|Add additional helm chart instructions and files.| | |2021-01-15|Fix helm initial disk creation process and add installation instructions.| | |2021-01-14|Add Helm Chart for Kubernetes support.| | |2021-01-08|Use IMAGE_PATH as a variable during envsubst for the full path of mac_hdd_ng.img. In preparation for full auto.| | |2021-01-07|Fix sounds errors and sshd missing on latest build.| |2.7|2021-01-05|Add rankmirrors. Remove gibMacOS. Replace iptables with iptables-nft. Remove libguestfs.| | |2020-12-17|Remove unnecessary WORKDIR commands.| | |2020-12-16|Reduce image size by cloning OSX-KVM to only 1 depth level. Simplify mkdir && chown to mkdir -m| | |2020-10-06|Add the ability to skip the boot screen with ./Launch-nopicker.sh| | |2020-10-05|Add vim/vi and nano to the container.| |2.6|2020-09-26|Increase version.| | |2020-09-25|Add some WORKDIR fixes.| | |2020-09-24|Clear pacman cache after use to reduce disk size significantly. Add various shell expansions to inline variables. Add set -eu to Launch.sh. Add a shebang to Launch.sh. Add tcg acceleration as a fallback to kvm. Remove need for display **(This change is reverted later)**. Chown /dev/kvm and /dev/snd. Remove --privileged by specifying required passthroughs. Add audio driver arguments to satisfy QEMU **(USB SoundCard recommended)**. Tidy Launch.sh to reduce image by 2.5GB (from 6GB). | |2.5|2020-09-20|Critical changes to TigerVNC due to upstream overhaul in TigerVNC.| | |2020-09-20|Replace ebtables with iptables-nft.| | |2020-08-29|Increase default OSX to 10.15.6 and add SCREEN_SHARE_PORT=5900 ENV variable.| | |2020-08-23|Add OSX Screen Sharing port forwarding.| | |2020-08-23|Clear /tmp/.X99-lock before starting the VNC version.| | |2020-07-02|Refresh the docker-compose file.| | |2020-06-22|Add some mirrors to the container.| | |2020-06-22|Add more force updates to pacman.| | |2020-06-18|Significantly reduce image layer count by concatenating groups of commands.| | |2020-06-18|Use the mainline image as the base image for the VNC version.| |2.0|2020-06-15|Change default OSX version from 10.14.6 to 10.15.5. Add SSH port forwarding inside the container thru to the guest. Increase default arbitrary disk size to 200G. Force update pacman to prevent old mirror links. Add custom Launch.sh script. Add customizable RAM, SMP, CORES, EXTRA and INTERNAL_SSH_PORT| | |2020-06-14|Remove yay| | |2020-06-10|Add an OR for attemping to kill non-existent VNC lock files.| | |2020-06-09|Instruct gibMacOS to download recovery disk only.| | |2020-06-09|Remove VNC lockfile from killed containers preventing a restart.| | |2020-06-08|Add docker-compose.yml| | |2020-06-07|Add VNC version inside the vnc folder.| | |2020-06-05|Remove systemctl enable libvirtd.service/virtlogd.service since Docker doesn't have systemd| | |2020-06-04|Removed svm\|vmx via /proc/cpuinfo check which fails on hub.docker.com| |1.0|2020-06-04|Initial Release| ================================================ FILE: CREDITS.md ================================================ # Credits The most important part of the project. You. ## Upstream Acknowledgements: This project uses OSX-KVM from https://github.com/kholia/OSX-KVM and fully appreciates the work done by [@Kholia](https://github.com/Kholia) and all the contributors who are listed: [https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md](https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md) This project also uses KVM-OpenCore from https://github.com/Leoyzen/KVM-Opencore and fully appreciates the work done by [@Leoyzen](https://github.com/Leoyzen). We use a special fork by [Nicholas Sherlock](https://www.nicksherlock.com/) of KVM-Opencore https://github.com/thenickdude/KVM-Opencore and thank Nick for his awesome upstream work! This project now uses the fantastic OpenCore bootloader from the community OpenCore project: https://github.com/acidanthera/OpenCorePkg. You can join their [Subreddit here](https://www.reddit.com/r/hackintosh/)! ## These credits refer to the legendary contributors to this repository: [@GreeFine](https://github.com/GreeFine) - Readme Typo #9 [@parasquid](https://github.com/parasquid) - Docker compose file [@matusnovak](https://github.com/matusnovak) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31 [@m1k1o](https://github.com/m1k1o) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31 [@qcasey](https://github.com/qcasey) - Removed unnecessary yay in Remove yay dependancy #40 [@tlierdotfr](https://github.com/tlierdotfr) - Reduce number of layers in Dockerfile [@Julioevm](https://github.com/Julioevm) - Update docker-compose.yml #57 [@jviotti](https://github.com/jviotti) - Auto-boot thru ShowPicker [@IAmBenMitchell]([https://github.com/MrBenFTW](https://github.com/iambenmitchell)) - Updated macOS version 10.15.5 -> 10.15.6, Enabled screen sharing port forwarding, Removed the need to remove 1gb from the partition. [@hoantp](https://github.com/hoantp) - Initialized TigerVNC 1.11.0 fix [@jimdigriz](https://github.com/jimdigriz) - Epic fixes: image size, shellisms, fallback2kvm, unprivileged mode https://github.com/sickcodes/Docker-OSX/pull/82 [@NickZhouNan](https://github.com/NickZhouNan) - Bug fix with changed WORKDIR [@MrBenFTW](https://github.com/MrBenFTW) - Added IP forwarding hot tips, useful for boosting bridged networking in remote environments. [@mikob](https://github.com/mikob) - Added important warning for Xcode users to reserve 60GB++ - Made instructions more clear for those needing Xcode #94 [@AdamMomen](https://github.com/AdamMomen) - Fixed automatic boot vnc-version container instructions for better usablility [@PeterDaveHello](https://github.com/PeterDaveHello) - Simplify .ssh directory setup process in Dockerfile #111 [@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce image size by setting git clone depth #110 [@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce Dockerfile instructions and Docker image layers #112 [@weskerfoot](https://github.com/weskerfoot) Docs updates: usb passthrough, headless mode, disk space reduction guide #113 [@PeterDaveHello](https://github.com/PeterDaveHello) - Improve Dockerfile #121 [@cephasara](https://github.com/cephasara) - Add helm chart #124 [@cephasara](https://github.com/cephasara) - Fix helm initial disk creation process and add installation instructions #125 [@cephasara](https://github.com/cephasara) - Add gpu passthrough support as well as dynamic OpenCore chainloader regeneration #132 [@cephasara](https://github.com/cephasara) - Fix helm installation failure and cleanup values organization #134 [@prometheas](https://github.com/prometheas) - docs: fix broken multi-line docker command #140 [@MrBenFTW](https://github.com/MrBenFTW) - Tempfix for arch #150 [@edsonboldrini](https://github.com/edsonboldrini) - Update README.md #161 [@TheHackerCoding](https://github.com/TheHackerCoding) - Typo in README.md #194 [@panos](https://github.com/panos) - Improved README #212 [@ggjulio](https://github.com/ggjulio) - Restarting an "auto" container #216 [@panos](https://github.com/panos) - Improved README #212 [@panos](https://github.com/panos) - Made further improvements to the README #219 [@kaoudis](https://github.com/kaoudis) README / troubleshooting docs improvements #235 [@a10kiloham](https://github.com/a10kiloham) - Dockerfile for :naked image with VNC support #245 [@a10kiloham](https://github.com/a10kiloham) - Adding Bluebubbles as an example use case #250 [@aronzvi](https://github.com/aronzvi) - Fixed Failed to boot OSX with GENERATE_UNIQUE #244 [@tinjaw](https://github.com/tinjaw) - Fixed Type #258 [@m-zheng](https://github.com/m-zheng) - Update README.md #260 [@johnjhacking](https://github.com/johnjhacking) - Change call function to Popen #288 [@allansrc](https://github.com/allansrc) - Update Doc detail for run on WLS #318 [@mcandre](https://github.com/mcandre) - fix typo #334 [@cybik](https://github.com/cybik) Spice fix #337 [@Silfalion](https://github.com/Silfalion) - [https://github.com/Silfalion/Iphone_docker_osx_passthrough](https://github.com/Silfalion/Iphone_docker_osx_passthrough) [@chirag350](https://github.com/chirag350) use LABEL instead of MAINTAINER since MAINTAINER is deprecated #352 [@Buthrakaur](https://github.com/Buthrakaur) readme - improve instructions for running on windows #361 [@TheHackerCoding](https://github.com/TheHackerCoding) Typo in README #367 [@cameronsteele](https://github.com/cameronsteele) fix Big Sur build example #378 [@eggplants](https://github.com/eggplants) Fix command to launch sickcodes/docker-osx:auto #366 [@martinmullins](https://github.com/martinmullins) Notes for mounting an NFS folder from a linux host #392 [@kimjammer](https://github.com/kimjammer) Readme - Added instructions for using WSLg's built in X11 server #395 [@jk2K](https://github.com/jk2K) fix: support dynamic change of Base image #408 [@MikeCoder96](https://github.com/MikeCoder96) Update README.md with WSL how to #412 [@aslafy-z](https://github.com/aslafy-z) chore(docs): update helm requirements list style #420 [@kimjammer](https://github.com/kimjammer) Update Windows Installation section #422 [@Mhartig](https://github.com/Mhartig) - Worked out issue `Enter a number (default=1): error: invalid number: y` [@felipestt](https://github.com/felipestt) Use more CPU Cores/SMP' broken #440 [@routmoute](https://github.com/routmoute) README: add PulseAudio with WSLg #442 [@dulatello08](https://github.com/dulatello08) Update README.md #452 [@Anthropohedron](https://github.com/Anthropohedron) Added FAQ.md ================================================ FILE: Dockerfile ================================================ #!/usr/bin/docker # ____ __ ____ ______ __ # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes # Version: 6.0 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes # # All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm # OpenCore support go to https://github.com/Leoyzen/KVM-Opencore # and https://github.com/thenickdude/KVM-Opencore/ # # This Dockerfile automates the installation of Docker-OSX # It will build a 200GB container. You can change the size using build arguments. # This Dockerfile builds on top of the work done by Dhiru Kholia, and many others. # # Build: # # docker build -t docker-osx . # docker build -t docker-osx --build-arg VERSION=10.15.5 --build-arg SIZE=200G . # docker build -t docker-osx-sonoma --build-arg BRANCH=sonoma --build-arg SHORTNAME=sonoma . # # Basic Run: # # docker run --device /dev/kvm --device /dev/snd -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest # # Run with SSH: # # docker run --device /dev/kvm --device /dev/snd -e RAM=6 -p 50922:10022 -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest # # ssh fullname@localhost -p 50922 # # Optargs: # # -v $PWD/disk.img:/image # -e SIZE=200G # -e VERSION=10.15.6 # -e RAM=5 # -e SMP=4 # -e CORES=4 # -e EXTRA= # -e INTERNAL_SSH_PORT=10022 # -e MAC_ADDRESS= # # Extra QEMU args: # # docker run ... -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8" ... # # you will also need to pass the device to the container FROM archlinux:base-devel LABEL maintainer='https://twitter.com/sickcodes ' SHELL ["/bin/bash", "-c"] # change disk size here or add during build, e.g. --build-arg VERSION=10.14.5 --build-arg SIZE=50G ARG SIZE=200G ARG PARALLEL_DOWNLOADS=30 # OPTIONAL: Arch Linux server mirrors for super fast builds # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ ${PARALLEL_DOWNLOADS:=30}/g /etc/pacman.conf ARG RANKMIRRORS ARG MIRROR_COUNTRY=US ARG MIRROR_COUNT=10 RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys RUN pacman -Sy archlinux-keyring --noconfirm \ && rm -rf /etc/pacman.d/gnupg \ && pacman-key --init \ && pacman-key --populate archlinux RUN if [[ "${RANKMIRRORS}" ]]; then \ { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ | sed -e 's/^#Server/Server/' -e '/^#/d' \ | head -n "$((${MIRROR_COUNT:-10}+1))" \ | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ && cat /etc/pacman.d/mirrorlist \ ; fi RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' # This fails on hub.docker.com, useful for debugging in cloud # RUN [[ $(egrep -c '(svm|vmx)' /proc/cpuinfo) -gt 0 ]] || { echo KVM not possible on this host && exit 1; } # RUN tee -a /etc/pacman.conf <<< '[community-testing]' \ # && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist' RUN pacman -Syu git zip vim nano alsa-utils openssh --noconfirm \ && ln -s /bin/vim /bin/vi \ && useradd arch -p arch \ && tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \ && mkdir -p /home/arch \ && chown arch:arch /home/arch # allow ssh to container RUN mkdir -p -m 700 /root/.ssh WORKDIR /root/.ssh RUN touch authorized_keys \ && chmod 644 authorized_keys WORKDIR /etc/ssh RUN tee -a sshd_config <<< 'AllowTcpForwarding yes' \ && tee -a sshd_config <<< 'PermitTunnel yes' \ && tee -a sshd_config <<< 'X11Forwarding yes' \ && tee -a sshd_config <<< 'PasswordAuthentication yes' \ && tee -a sshd_config <<< 'PermitRootLogin yes' \ && tee -a sshd_config <<< 'PubkeyAuthentication yes' \ && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_rsa_key' \ && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ecdsa_key' \ && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ed25519_key' USER arch # download OSX-KVM for the submodules RUN git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git /home/arch/OSX-KVM # enable ssh # docker exec .... ./enable-ssh.sh USER arch WORKDIR /home/arch/OSX-KVM RUN touch enable-ssh.sh \ && chmod +x ./enable-ssh.sh \ && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_rsa_key ]] || \' \ && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \ && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \ && tee -a enable-ssh.sh <<< 'sudo /usr/bin/ssh-keygen -A' \ && tee -a enable-ssh.sh <<< 'nohup sudo /usr/bin/sshd -D &' # QEMU CONFIGURATOR # set optional ram at runtime -e RAM=16 # set optional cores at runtime -e SMP=4 -e CORES=2 # add any additional commands in QEMU cli format -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8" # default env vars, RUNTIME ONLY, not for editing in build time. # RUN yes | sudo pacman -Syu qemu libvirt dnsmasq virt-manager bridge-utils edk2-ovmf netctl libvirt-dbus --overwrite --noconfirm RUN yes | sudo pacman -Syu bc qemu-desktop libvirt dnsmasq virt-manager bridge-utils openresolv jack2 ebtables edk2-ovmf netctl libvirt-dbus wget scrot --overwrite --noconfirm \ && yes | sudo pacman -Scc WORKDIR /home/arch/OSX-KVM # fix invalid signature on old libguestfs ARG SIGLEVEL=Never RUN sudo tee -a /etc/pacman.conf <<< "SigLevel = ${SIGLEVEL}" \ && sudo tee -a /etc/pacman.conf <<< 'RemoteFileSigLevel = Optional' \ && sudo sed -i -e 's/^\#RemoteFileSigLevel/RemoteFileSigLevel/g' /etc/pacman.conf ARG LINUX=true # required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly # reminder this is what makes :naked image larger than expected RUN if [[ "${LINUX}" == true ]]; then \ sudo pacman -Syu linux linux-headers archlinux-keyring guestfs-tools mkinitcpio pcre pcre2 --noconfirm \ && libguestfs-test-tool \ && rm -rf /var/tmp/.guestfs-* \ && yes | sudo pacman -Scc \ ; fi # optional --build-arg to change branches for testing ARG BRANCH=master ARG REPO='https://github.com/sickcodes/Docker-OSX.git' RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH:=master}" "${REPO:=https://github.com/sickcodes/Docker-OSX.git}" RUN touch Launch.sh \ && chmod +x ./Launch.sh \ && tee -a Launch.sh <<< '#!/bin/bash' \ && tee -a Launch.sh <<< 'set -eux' \ && tee -a Launch.sh <<< 'sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true' \ && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ && tee -a Launch.sh <<< '[[ "${RAM}" = max ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 1000000"))"' \ && tee -a Launch.sh <<< '[[ "${RAM}" = half ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 2000000"))"' \ && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-4}000 \' \ && tee -a Launch.sh <<< '-cpu ${CPU:-Penryn},${CPUID_FLAGS:-vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,}${BOOT_ARGS} \' \ && tee -a Launch.sh <<< '-machine q35,${KVM-"accel=kvm:tcg"} \' \ && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \ && tee -a Launch.sh <<< '-device qemu-xhci,id=xhci \' \ && tee -a Launch.sh <<< '-device usb-kbd,bus=xhci.0 -device usb-tablet,bus=xhci.0 \' \ && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \ && tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \ && tee -a Launch.sh <<< '-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \' \ && tee -a Launch.sh <<< '-smbios type=2 \' \ && tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \ && tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \ && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2} \' \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \ && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=${BASESYSTEM_FORMAT:-qcow2} \' \ && tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.4,drive=MacHDD \' \ && tee -a Launch.sh <<< '-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \' \ && tee -a Launch.sh <<< '-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \' \ && tee -a Launch.sh <<< '-monitor stdio \' \ && tee -a Launch.sh <<< '-boot menu=on \' \ && tee -a Launch.sh <<< '-vga vmware \' \ && tee -a Launch.sh <<< '${EXTRA:-}' # docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh # This is now a legacy command. # You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk ### LEGACY CODE RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \ && chmod +x ./Launch-nopicker.sh \ && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh ### USER arch ENV USER=arch # These are hardcoded serials for non-iMessage related research # Overwritten by using GENERATE_UNIQUE=true # Upstream removed nopicker, so we are adding it back in, at build time # Once again, this is just for the Docker build so there is a default nopicker image there # libguestfs verbose ENV LIBGUESTFS_DEBUG=1 ENV LIBGUESTFS_TRACE=1 ARG STOCK_DEVICE_MODEL=iMacPro1,1 ARG STOCK_SERIAL=C02TM2ZBHX87 ARG STOCK_BOARD_SERIAL=C02717306J9JG361M ARG STOCK_UUID=007076A6-F2A2-4461-BBE5-BAD019F8025A ARG STOCK_MAC_ADDRESS=00:0A:27:00:00:00 ARG STOCK_WIDTH=1920 ARG STOCK_HEIGHT=1080 ARG STOCK_MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist ARG STOCK_MASTER_PLIST_URL_NOPICKER=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist ARG STOCK_BOOTDISK=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 ARG STOCK_BOOTDISK_NOPICKER=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2 RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${STOCK_MASTER_PLIST_URL}" \ --model "${STOCK_DEVICE_MODEL}" \ --serial "${STOCK_SERIAL}" \ --board-serial "${STOCK_BOARD_SERIAL}" \ --uuid "${STOCK_UUID}" \ --mac-address "${STOCK_MAC_ADDRESS}" \ --width "${STOCK_WIDTH}" \ --height "${STOCK_HEIGHT}" \ --output-bootdisk "${STOCK_BOOTDISK}" || exit 1 \ ; rm -rf /var/tmp/.guestfs-* RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${STOCK_MASTER_PLIST_URL_NOPICKER}" \ --model "${STOCK_DEVICE_MODEL}" \ --serial "${STOCK_SERIAL}" \ --board-serial "${STOCK_BOARD_SERIAL}" \ --uuid "${STOCK_UUID}" \ --mac-address "${STOCK_MAC_ADDRESS}" \ --width "${STOCK_WIDTH}" \ --height "${STOCK_HEIGHT}" \ --output-bootdisk "${STOCK_BOOTDISK_NOPICKER}" || exit 1 \ ; rm -rf /var/tmp/.guestfs-* ### symlink the old directory as upstream has renamed a directory. Symlinking purely for backwards compatability! RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true #### #### SPECIAL RUNTIME ARGUMENTS BELOW # env -e ADDITIONAL_PORTS with a comma # for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23, ENV ADDITIONAL_PORTS= # since the Makefile uses raw, and raw uses the full disk amount # we want to use a compressed qcow2 # ENV BASESYSTEM_FORMAT=raw ENV BASESYSTEM_FORMAT=qcow2 # add additional QEMU boot arguments ENV BOOT_ARGS= ENV BOOTDISK= # edit the CPU that is being emulated ENV CPU=Penryn ENV CPUID_FLAGS='vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,' ENV DISPLAY=:0.0 # Deprecated ENV ENV=/env # Boolean for generating a bootdisk with new random serials. ENV GENERATE_UNIQUE=false # Boolean for generating a bootdisk with specific serials. ENV GENERATE_SPECIFIC=false ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img ENV IMAGE_FORMAT=qcow2 ENV KVM='accel=kvm:tcg' ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" # ENV NETWORKING=e1000-82545em ENV NETWORKING=vmxnet3 # boolean for skipping the disk selection menu at in the boot process ENV NOPICKER=false # dynamic RAM options for runtime ENV RAM=4 # ENV RAM=max # ENV RAM=half # The x and y coordinates for resolution. # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. ENV WIDTH=1920 ENV HEIGHT=1080 VOLUME ["/tmp/.X11-unix"] # check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image # NOPICKER is used to skip the disk selection screen # GENERATE_UNIQUE is used to generate serial numbers on boot. # /env is a file that you can generate and save using -v source.sh:/env # the env file is a file that you can carry to the next container which will supply the serials numbers. # GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using: # -e DEVICE_MODEL="iMacPro1,1" \ # -e SERIAL="C02TW0WAHX87" \ # -e BOARD_SERIAL="C027251024NJG36UE" \ # -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ # -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ # the output will be /bootdisk. # /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk. # if you don't set any of the above: # the default serial numbers are already contained in ./OpenCore/OpenCore.qcow2 # And the default serial numbers # DMCA compliant download process # If BaseSystem.img does not exist, download ${SHORTNAME} # shortname default is below ENV SHORTNAME=sequoia ENV BASESYSTEM_IMAGE=BaseSystem.img CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ && make \ && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ && rm ./BaseSystem.dmg \ ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; [[ "${NOPICKER}" == true ]] && { \ sed -i '/^.*InstallMedia.*/d' Launch.sh \ && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ ; } \ || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --count 1 \ --tsv ./serial.tsv \ --bootdisks \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ --output-env "${ENV:=/env}" \ || exit 1 ; } \ ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ source "${ENV:=/env}" 2>/dev/null \ ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --model "${DEVICE_MODEL}" \ --serial "${SERIAL}" \ --board-serial "${BOARD_SERIAL}" \ --uuid "${UUID}" \ --mac-address "${MAC_ADDRESS}" \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ || exit 1 ; } \ ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh # virt-manager mode: eta son # CMD virsh define <(envsubst < Docker-OSX.xml) && virt-manager || virt-manager # CMD virsh define <(envsubst < macOS-libvirt-Catalina.xml) && virt-manager || virt-manager ================================================ FILE: Dockerfile.auto ================================================ #!/usr/bin/docker # ____ __ ____ ______ __ # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :AUTO # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes # Version: 6.0 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes # # This Dockerfile is a pre-installed naked installation of Docker-OSX! # # Default username: user # Default password: alpine # # Take screenshots in the Arch container and display in terminal: scrotcat # readme: # timezone: UTC/GMT # # Future versions will navigate the installation process, inside the Dockerfile. # # # Build: # # docker build -t docker-osx:auto -f Dockerfile.auto . # # Run: # # docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng_auto.img:/image docker-osx-auto:latest # # SSH: # From inside the container: # ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022 # # From outside the container: # ssh localhost user@127.0.0.1 -p 50922 # docker exec -it containerid ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022 FROM sickcodes/docker-osx:latest LABEL maintainer='https://twitter.com/sickcodes ' USER root WORKDIR /root # For taking screenshots of the Xfvb screen, useful during development. ARG SCROT # OPTIONAL: Arch Linux server mirrors for super fast builds # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf ARG RANKMIRRORS ARG MIRROR_COUNTRY=US ARG MIRROR_COUNT=10 RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys RUN pacman -Sy archlinux-keyring --noconfirm \ && rm -rf /etc/pacman.d/gnupg \ && pacman-key --init \ && pacman-key --populate archlinux RUN if [[ "${RANKMIRRORS}" ]]; then \ { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ | sed -e 's/^#Server/Server/' -e '/^#/d' \ | head -n "$((${MIRROR_COUNT:-10}+1))" \ | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ && cat /etc/pacman.d/mirrorlist \ ; fi RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \ && if [[ "${SCROT}" ]]; then \ pacman -Syu scrot base-devel --noconfirm \ && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ && cd imcat \ && make \ && sudo cp imcat /usr/bin/imcat \ && touch /usr/bin/scrotcat \ && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ && chmod +x /usr/bin/scrotcat \ ; else \ touch /usr/bin/scrotcat \ && echo echo >> /usr/bin/scrotcat \ && chmod +x /usr/bin/scrotcat \ ; fi \ ; yes | pacman -Scc RUN pacman -S sshpass --noconfirm \ && yes | pacman -Scc USER arch ENV USER arch WORKDIR /home/arch/OSX-KVM RUN mkdir -p ~/.ssh \ && touch ~/.ssh/authorized_keys \ && touch ~/.ssh/config \ && chmod 700 ~/.ssh \ && chmod 600 ~/.ssh/config \ && chmod 600 ~/.ssh/authorized_keys \ && tee -a ~/.ssh/config <<< 'Host *' \ && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' ARG COMPLETE=true # use the COMPLETE arg, for a complete image, ready to boot. # otherwise use your own image: -v "$PWD/disk.img":/image ARG WGET_OPTIONS= # ARG WGET_OPTIONS='--no-verbose' # Feel free to take a copy of this image and then host it internally ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto.img' # ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' RUN if [[ "${COMPLETE}" ]]; then \ echo "Downloading 20GB image... This step might take a while... Press Ctrl+C if you want to abort." \ ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ ; fi #### # symlink the old directory, for redundancy RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true #### #### SPECIAL RUNTIME ARGUMENTS BELOW ENV ADDITIONAL_PORTS= # add additional QEMU boot arguments ENV BOOT_ARGS= ENV BOOTDISK= # edit the CPU that is beign emulated ENV CPU=Penryn ENV DISPLAY=:99 ENV HEADLESS=false ENV ENV=/env # Boolean for generating a bootdisk with new random serials. ENV GENERATE_UNIQUE=false # Boolean for generating a bootdisk with specific serials. ENV GENERATE_SPECIFIC=false ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img ENV IMAGE_FORMAT=qcow2 ENV KVM='accel=kvm:tcg' # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" # ENV NETWORKING=e1000-82545em ENV NETWORKING=vmxnet3 ENV NOPICKER=true # set the username and password for automatically logging in ENV USERNAME=user ENV PASSWORD=alpine # dynamic RAM options for runtime ENV RAM=3 # ENV RAM=max # ENV RAM=half # The x and y coordinates for resolution. # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. ENV WIDTH=1920 ENV HEIGHT=1080 # libguestfs verbose ENV LIBGUESTFS_DEBUG=1 ENV LIBGUESTFS_TRACE=1 ENV TERMS_OF_USE=i_agree ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" # DMCA compliant download process # If BaseSystem.img does not exist, download ${SHORTNAME} # shortname default is catalina, which means :latest is catalina ENV SHORTNAME=sonoma ENV BASESYSTEM_IMAGE=BaseSystem.img CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ && make \ && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ && rm ./BaseSystem.dmg \ ; echo "${BOILERPLATE}" \ ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ ; echo "Disk is being copied between layers... Please wait a minute..." \ ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; [[ "${NOPICKER}" == true ]] && { \ sed -i '/^.*InstallMedia.*/d' Launch.sh \ && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ ; } \ || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --count 1 \ --tsv ./serial.tsv \ --bootdisks \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ --output-env "${ENV:=/env}" \ || exit 1 ; } \ ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ source "${ENV:=/env}" 2>/dev/null \ ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --model "${DEVICE_MODEL}" \ --serial "${SERIAL}" \ --board-serial "${BOARD_SERIAL}" \ --uuid "${UUID}" \ --mac-address "${MAC_ADDRESS}" \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ || exit 1 ; } \ ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ nohup Xvfb :99 -screen 0 1920x1080x16 \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ ; } \ ; stat "${IMAGE_PATH}" \ ; echo "Large image is being copied between layers, please wait a minute..." \ ; ./enable-ssh.sh \ ; [[ -e ~/.ssh/id_docker_osx ]] || { \ /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \ && chmod 600 ~/.ssh/id_docker_osx \ ; } \ ; /bin/bash -c ./Launch.sh \ & echo "Booting Docker-OSX in the background. Please wait..." \ ; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \ echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \ ; sleep 1 \ ; done \ ; grep id_docker_osx ~/.ssh/config || { \ tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \ ; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \ ; tee -a ~/.ssh/config <<< ' Port 10022' \ ; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \ ; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ ; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \ ; } \ && echo 'Default username: user' \ && echo 'Default password: alpine' \ && echo 'Change it immediately using the command: passwd' \ && ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}" # username: user # password: alpine # screenshot: docker exec -it containerid scrotcat # readme: https://github.com/sickcodes/Docker-OSX # timezone: UTC/GMT # Future case option when supplying IMAGE_PATH: # Zstandard*) zstd -d /image && export IMAGE_PATH=/image;; \ ================================================ FILE: Dockerfile.naked ================================================ #!/usr/bin/docker # ____ __ ____ ______ __ # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes # Version: 6.0 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes # # This image won't run unless you supply a disk image using: # -v ${PWD}/mac_hdd_ng.img:/image # # Take screenshots in the Arch container and display in terminal: scrotcat # # Build: # # docker build -t docker-osx:naked -f Dockerfile.naked . # # Run headless: # # docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image docker-osx:naked # # Run with display: # # docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image -e "DISPLAY=${DISPLAY:-:0.0}" -v /tmp/.X11-unix:/tmp/.X11-unix docker-osx:naked # FROM sickcodes/docker-osx:latest LABEL maintainer='https://twitter.com/sickcodes ' USER root WORKDIR /root RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img # OPTIONAL: Arch Linux server mirrors for super fast builds # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf ARG RANKMIRRORS ARG MIRROR_COUNTRY=US ARG MIRROR_COUNT=10 RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys RUN pacman -Sy archlinux-keyring --noconfirm \ && rm -rf /etc/pacman.d/gnupg \ && pacman-key --init \ && pacman-key --populate archlinux RUN if [[ "${RANKMIRRORS}" ]]; then \ { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ | sed -e 's/^#Server/Server/' -e '/^#/d' \ | head -n "$((${MIRROR_COUNT:-10}+1))" \ | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ && cat /etc/pacman.d/mirrorlist \ ; fi RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' # For taking screenshots of the Xfvb screen, useful during development. ARG SCROT RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \ && if [[ "${SCROT}" ]]; then \ pacman -Syu scrot base-devel --noconfirm \ && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ && cd imcat \ && make \ && sudo cp imcat /usr/bin/imcat \ && touch /usr/bin/scrotcat \ && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ && chmod +x /usr/bin/scrotcat \ ; else \ touch /usr/bin/scrotcat \ && echo echo >> /usr/bin/scrotcat \ && chmod +x /usr/bin/scrotcat \ ; fi \ ; yes | pacman -Scc USER arch ENV USER arch WORKDIR /home/arch/OSX-KVM RUN mkdir -p ~/.ssh \ && touch ~/.ssh/authorized_keys \ && touch ~/.ssh/config \ && chmod 700 ~/.ssh \ && chmod 600 ~/.ssh/config \ && chmod 600 ~/.ssh/authorized_keys \ && tee -a ~/.ssh/config <<< 'Host *' \ && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' #### # symlink the old directory, for redundancy RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true #### #### SPECIAL RUNTIME ARGUMENTS BELOW ENV ADDITIONAL_PORTS= # add additional QEMU boot arguments ENV BOOT_ARGS= ENV BOOTDISK= # edit the CPU that is beign emulated ENV CPU=Penryn ENV DISPLAY=:99 ENV HEADLESS=false ENV ENV=/env # Boolean for generating a bootdisk with new random serials. ENV GENERATE_UNIQUE=false # Boolean for generating a bootdisk with specific serials. ENV GENERATE_SPECIFIC=false ENV IMAGE_PATH=/image ENV IMAGE_FORMAT=qcow2 ENV KVM='accel=kvm:tcg' # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" # ENV NETWORKING=e1000-82545em ENV NETWORKING=vmxnet3 ENV NOPICKER=true # dynamic RAM options for runtime ENV RAM=3 # ENV RAM=max # ENV RAM=half # The x and y coordinates for resolution. # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. ENV WIDTH=1920 ENV HEIGHT=1080 # libguestfs verbose ENV LIBGUESTFS_DEBUG=1 ENV LIBGUESTFS_TRACE=1 # DMCA compliant download process # If BaseSystem.img does not exist, download ${SHORTNAME} # shortname default is catalina, which means :latest is catalina ENV SHORTNAME=sonoma ENV BASESYSTEM_IMAGE=BaseSystem.img CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ && make \ && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ && rm ./BaseSystem.dmg \ ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ nohup Xvfb :99 -screen 0 1920x1080x16 \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ ; } \ ; [[ "${NOPICKER}" == true ]] && { \ sed -i '/^.*InstallMedia.*/d' Launch.sh \ && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ ; } \ || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --count 1 \ --tsv ./serial.tsv \ --bootdisks \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ --output-env "${ENV:=/env}" \ || exit 1 ; } \ ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ source "${ENV:=/env}" 2>/dev/null \ ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --model "${DEVICE_MODEL}" \ --serial "${SERIAL}" \ --board-serial "${BOARD_SERIAL}" \ --uuid "${UUID}" \ --mac-address "${MAC_ADDRESS}" \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ || exit 1 ; } \ ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh ================================================ FILE: Dockerfile.naked-auto ================================================ #!/usr/bin/docker # ____ __ ____ ______ __ # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED-AUTO # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes # Version: 6.0 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes # # This Dockerfile needs you to supply a pre-installed installation of Docker-OSX! # # Visit https://github.com/sickcodes/Docker-OSX for info FROM sickcodes/docker-osx:latest LABEL maintainer='https://twitter.com/sickcodes ' USER root WORKDIR /root RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img # For taking screenshots of the Xfvb screen, useful during development. ARG SCROT # OPTIONAL: Arch Linux server mirrors for super fast builds # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf ARG RANKMIRRORS ARG MIRROR_COUNTRY=US ARG MIRROR_COUNT=10 RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys RUN pacman -Sy archlinux-keyring --noconfirm \ && rm -rf /etc/pacman.d/gnupg \ && pacman-key --init \ && pacman-key --populate archlinux RUN if [[ "${RANKMIRRORS}" ]]; then \ { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ | sed -e 's/^#Server/Server/' -e '/^#/d' \ | head -n "$((${MIRROR_COUNT:-10}+1))" \ | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ && cat /etc/pacman.d/mirrorlist \ ; fi RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' # For taking screenshots of the Xfvb screen, useful during development. ARG SCROT RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \ && if [[ "${SCROT}" ]]; then \ pacman -Syu scrot base-devel --noconfirm \ && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ && cd imcat \ && make \ && sudo cp imcat /usr/bin/imcat \ && touch /usr/bin/scrotcat \ && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ && chmod +x /usr/bin/scrotcat \ ; else \ touch /usr/bin/scrotcat \ && echo echo >> /usr/bin/scrotcat \ && chmod +x /usr/bin/scrotcat \ ; fi \ ; yes | pacman -Scc RUN pacman -S sshpass --noconfirm \ && yes | pacman -Scc USER arch ENV USER arch WORKDIR /home/arch/OSX-KVM RUN mkdir -p ~/.ssh \ && touch ~/.ssh/authorized_keys \ && touch ~/.ssh/config \ && chmod 700 ~/.ssh \ && chmod 600 ~/.ssh/config \ && chmod 600 ~/.ssh/authorized_keys \ && tee -a ~/.ssh/config <<< 'Host *' \ && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' ARG COMPLETE= # use the COMPLETE arg, for a complete image, ready to boot. # otherwise use your own image: -v "$PWD/disk.img":/image ARG WGET_OPTIONS= # ARG WGET_OPTIONS='--no-verbose' # Feel free to take a copy of this image and then host it internally ARG IMAGE_URL= # ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' RUN if [[ "${COMPLETE}" ]]; then \ echo "Downloading your image... This step might take a while... Press Ctrl+C if you want to abort." \ ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ ; fi #### # symlink the old directory, for redundancy RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true #### #### SPECIAL RUNTIME ARGUMENTS BELOW ENV ADDITIONAL_PORTS= # add additional QEMU boot arguments ENV BOOT_ARGS= ENV BOOTDISK= # edit the CPU that is beign emulated ENV CPU=Penryn ENV DISPLAY=:99 ENV HEADLESS=false ENV ENV=/env # Boolean for generating a bootdisk with new random serials. ENV GENERATE_UNIQUE=false # Boolean for generating a bootdisk with specific serials. ENV GENERATE_SPECIFIC=false ENV IMAGE_PATH=/image ENV IMAGE_FORMAT=qcow2 ENV KVM='accel=kvm:tcg' # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" # ENV NETWORKING=e1000-82545em ENV NETWORKING=vmxnet3 ENV NOPICKER=true # set the username and password for automatically logging in ENV USERNAME=user ENV PASSWORD=alpine # dynamic RAM options for runtime ENV RAM=3 # ENV RAM=max # ENV RAM=half # The x and y coordinates for resolution. # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. ENV WIDTH=1920 ENV HEIGHT=1080 # libguestfs verbose ENV LIBGUESTFS_DEBUG=1 ENV LIBGUESTFS_TRACE=1 ENV TERMS_OF_USE=i_agree ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" # DMCA compliant download process # If BaseSystem.img does not exist, download ${SHORTNAME} # shortname default is catalina, which means :latest is catalina ENV SHORTNAME=sonoma ENV BASESYSTEM_IMAGE=BaseSystem.img CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ && make \ && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ && rm ./BaseSystem.dmg \ ; echo "${BOILERPLATE}" \ ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ ; echo "Disk is being copied between layers... Please wait a minute..." \ ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; [[ "${NOPICKER}" == true ]] && { \ sed -i '/^.*InstallMedia.*/d' Launch.sh \ && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ ; } \ || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --count 1 \ --tsv ./serial.tsv \ --bootdisks \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ --output-env "${ENV:=/env}" \ || exit 1 ; } \ ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ source "${ENV:=/env}" 2>/dev/null \ ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --model "${DEVICE_MODEL}" \ --serial "${SERIAL}" \ --board-serial "${BOARD_SERIAL}" \ --uuid "${UUID}" \ --mac-address "${MAC_ADDRESS}" \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ || exit 1 ; } \ ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ nohup Xvfb :99 -screen 0 1920x1080x16 \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ ; } \ ; stat "${IMAGE_PATH}" \ ; echo "Large image is being copied between layers, please wait a minute..." \ ; ./enable-ssh.sh \ ; [[ -e ~/.ssh/id_docker_osx ]] || { \ /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \ && chmod 600 ~/.ssh/id_docker_osx \ ; } \ ; /bin/bash -c ./Launch.sh \ & echo "Booting Docker-OSX in the background. Please wait..." \ ; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \ echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \ ; sleep 1 \ ; done \ ; grep id_docker_osx ~/.ssh/config || { \ tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \ ; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \ ; tee -a ~/.ssh/config <<< ' Port 10022' \ ; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \ ; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ ; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \ ; } \ && ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}" ================================================ FILE: FAQ.md ================================================ # Frequently Asked Questions These questions come up regularly, so here are the answers. ## Basics ### Is this legal? The [macOS software license](https://www.apple.com/legal/sla/) allows running (some versions of) macOS in a virtual machine only on Apple hardware. The [Apple Security Bounty terms and conditions](https://security.apple.com/terms-and-conditions/) make an exception to that (and essentially anything in the macOS software license) under some specific circumstances. Therefore, yes, there is a legal use for Docker-OSX. If your use doesn't fall under the license or the security bounty terms, then you are/will be violating the macOS software license. **Note that this is not provided as legal advice, and you should consult with your own counsel for legal guidance.** You may also be interested in this [deeper dive into the subject](https://sick.codes/is-hackintosh-osx-kvm-or-docker-osx-legal/). ### What does Docker-OSX do? Docker-OSX is an approach to setting up and launching a macOS virtual machine (VM) under [docker](https://en.wikipedia.org/wiki/Docker_(software)). The [Dockerfile](Dockerfile) is essentially a docker image building script that: 1. validates a few things about the environment 2. installs VM software (qemu) and creates a virtual disk within the docker container 3. generates a serial number and firmware to make the VM look (enough) like Mac hardware 4. downloads a macOS installer disk image 5. generates a shell script to start the VM The default configuration is intended to create an ephemeral but repeatably bootable macOS that can be probed for security research. ### Why docker? Docker provides a straightforward way to package a flexible turnkey solution to setting up a macOS VM. It is not the only way to do so, nor is it necessarily the best approach to setting up a long-lived, persistent macOS VM. You may prefer to study the [Dockerfile](Dockerfile) and/or [OSX-KVM](https://github.com/kholia/OSX-KVM) to prepare a VM to run under [proxmox](https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment) or [libvirt](https://en.wikipedia.org/wiki/Libvirt). ## Can I... ### ...run BlueBubbles/AirMessage/Beeper on it? Yes. Make sure you [make serial numbers persist across reboots](README.md#making-serial-numbers-persist-across-reboots) after generating a unique serial number for yourself; don't use the default serial number. There is, of course, no guarantee that Apple won't block/disable your account, or inflict other consequences. See also the [legal considerations](#is-this-legal). ### ...develop iPhone apps on it? Yes. You will probably find Xcode's UI frustratingly slow, but yes. Compiling apps (e.g. React Native) from the command line is likely to be less frustrating. There is, of course, no guarantee that Apple won't block/disable your account, remove you from the Apple Developer program, or inflict other consequences. See also the [legal considerations](#is-this-legal). ### ...connect my iPhone or other USB device to it? Yes, at least if your host OS is Linux. See [instructions](README.md#vfio-iphone-usb-passthrough-vfio). It may or may not be possible if your host OS is Windows. ### ...run CI/CD processes with it? Maybe, but there are several reasons not to: 1. There are [legal considerations](#is-this-legal). 2. Nested virtualization is generally unavailable on cloud-hosted CI/CD and therefore Docker-OSX doesn't run. 3. You are almost always better off using your own macOS runners (on virtual or actual Mac hardware) rather than trying to make the square peg of Docker-OSX fit the round hole of macOS-specific CI/CD. You absolutely can install runners on the macOS VM itself (which does not get around the legal considerations mentioned above), but [Docker-OSX may not be the best approach](#why-docker). ### ...run on Linux but with Wayland? Yes, but your Wayland server must support X11 connections (or you can [use VNC instead](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only)). ### ...run on Windows? Yes, as long as you have a new enough version of Windows 11 and have WSL2 set up. See [this section of the README](README.md#id-like-to-run-docker-osx-on-windows) for details. No, it will not work under Windows 10. Not even if you have WSL2 set up. ### ...run on macOS? If you have a Mac with Apple Silicon you are better served by [UTM](https://apps.apple.com/us/app/utm-virtual-machines/id1538878817?mt=12). If you have an Intel Mac you can install and run docker (either [Docker Desktop](https://www.docker.com/products/docker-desktop/) or [colima](https://github.com/abiosoft/colima)). In either case, docker will be running under a Linux VM, which complicates things. You are likely to encounter one or more of the [common errors](#common-errors) below. Consider using qemu directly with HVF acceleration (e.g. with [libvirt](https://libvirt.org/macos.html)) instead. ### ...run on cloud services? Cloud providers typically run their various services within virtual machines running on top of their actual hardware. These VMs typically are not set up to provide nested virtualization, which means KVM is unavailable so Docker-OSX will not work. This is _especially and specifically_ the case on CI/CD runners such as GitHub Actions, Azure DevOps Pipelines, CircleCI, GitLab CI/CD, etc. (however, see [running CI/CD](#run-cicd-processes-with-it)). Some cloud providers offer services that do allow virtualization, such as [Amazon's EC2 Bare Metal Instances](https://aws.amazon.com/about-aws/whats-new/2018/05/announcing-general-availability-of-amazon-ec2-bare-metal-instances/), but often at a significant premium. In short, probably not. ## Common Errors ### Docker Errors If you get an error like `docker: command not found` then you don't have docker installed and none of this works. Try [Docker Desktop](https://www.docker.com/products/docker-desktop/) on Windows or your distribution's normal package manager on Linux. If you get an error like `docker: Got permission denied while trying to connect to the Docker daemon` or `docker: unknown server OS: .` the mostly likely explanation is that your user isn't in the `docker` Unix group. You'll need to add yourself to the `docker` group, log out, and log back in. If you get an error like `Cannot connect to the Docker daemon at unix://var/run/docker.sock. Is the docker daemon running?` then `dockerd` isn't running. On most Linux distributions you should be able to start it with `sudo systemctl enable docker --now`. ### GTK Initialization Failed This is an X11 error and means that the arguments to qemu are telling it to connect to an X11 display that it either can't connect to at all or doesn't have permission to connect to. In the latter case, this can usually be fixed by running `xhost +` on the host running the X11 server. In many cases, however, it is preferable to tell qemu to listen for a VNC connection instead of trying to connect to X11; see [this section of the README](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only) for instructions. ### KVM Error If you get an error like `error gathering device information while adding custom device "/dev/kvm": no such file or directory` that means KVM is not available/working on the Linux kernel on which you are running docker. This could be because you are attempting to run somewhere that doesn't support nested virtualization (see [above](#can-i-run-this-on)), or because your BIOS does not have virtualization extensions turned on, or because your CPU is too old to support virtualization extensions, or your Linux kernel does not have KVM support loaded/enabled. Fixing KVM issues is well beyond the scope of this document, but you can [start here](https://www.linux-kvm.org/page/FAQ). ### ALSA Error You might get an error like this: ``` (qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize DAC alsa: Failed to open `default': alsa: Reason: No such file or directory ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize DAC alsa: Failed to open `default': alsa: Reason: No such file or directory audio: Failed to create voice `dac' ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize ADC alsa: Failed to open `default': alsa: Reason: No such file or directory ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize ADC alsa: Failed to open `default': alsa: Reason: No such file or directory audio: Failed to create voice `adc' ``` Docker-OSX defaults to telling qemu to use ALSA for audio output. Your host system may be using PulseAudio instead (see [PulseAudio](README.md#pulseaudio)), but you may not need audio output at all. You can pass `-e AUDIO_DRIVER="id=none,driver=none"` to disable audio output. ### No Disk to Install On If you have launched the installer but don't see a disk to install macOS on, it probably means you skipped the step where you run Disk Utility to format the virtual disk. See the [README](README.md#additional-boot-instructions-for-when-you-are-creating-your-container). ### Slow Installation This is not unique to virtual hardware. The macOS installation process gives apparently random and dependably incorrect time estimates, and can often appear to have completely frozen. Just be patient. It could take hours, maybe even more than a day. ### Installer After Completing Install If you wind up in the installer again after you've installed macOS it means you booted from the installer disk instead of the disk you installed macOS on. Reboot and make sure you choose the correct disk to boot. ## Next Steps Congratulations, you got a macOS VM up and running! Now what? # Fixing Apple ID Login Issues in macOS Virtual Machines ## Problem Overview When running macOS in a virtual machine, you may encounter problems logging into Apple services including: - Apple ID - iMessage - iCloud - App Store This happens because Apple's services can detect that macOS is running in a virtual environment and block access. The solution is to apply a kernel patch that hides the VM presence from Apple's detection mechanism. NOTE as per forum post: Unfortunately, this would very possibly break qemu-guest-agent, which is necessary for the host getting VM status or taking hot snapshot while the VM is running. This is because qemu-guest-agent also checks the hv_vmm_present flag, but only works if it is true (=1). Use at your own risk. Hope it would help. ## Solution: Kernel Patching This guide provides three methods to apply the necessary kernel patch. All methods implement the same fix originally described in [this forum post](https://forum.proxmox.com/threads/anyone-can-make-bluetooth-work-on-sonoma.153301/#post-697832). ### Prerequisites Before proceeding with any method: - Make sure you can access your EFI partition - Locate your OpenCore `config.plist` file (typically in the `EFI/OC` folder) - Back up your current `config.plist` before making changes ## Method 1: Using the Utility Script (Simplest Approach) This is the fastest and easiest way to apply the patch. 1. Mount your EFI partition using Clover Configurator or another EFI mounting tool 2. Download the patch script: ```bash curl -o apply_appleid_kernelpatch.py https://raw.githubusercontent.com/sickcodes/Docker-OSX/scripts/apply_appleid_kernelpatch.py ``` 3. Run the script with your `config.plist` file path: ```bash python3 apply_appleid_kernelpatch.py /path/to/config.plist ``` **Pro Tip**: You can drag and drop the `config.plist` file into your terminal after typing `python3 apply_appleid_kernelpatch.py` for an easy path insertion. **Note**: If you encounter a "permission denied" error, run the command with `sudo`: ```bash sudo python3 apply_appleid_kernelpatch.py /path/to/config.plist ``` ## Method 2: Using OCAT (OpenCore Auxiliary Tools) GUI If you prefer a graphical approach: 1. Open OCAT and load your `config.plist` 2. Navigate to the **Kernel** section 3. Go to the **Patch** subsection 4. Add two new patch entries with the following details: ### Patch 1 | Setting | Value | |---------|-------| | **Identifier** | `kernel` | | **Base** | *(leave empty)* | | **Count** | `1` | | **Find (Hex)** | `68696265726E61746568696472656164790068696265726E617465636F756E7400` | | **Limit** | `0` | | **Mask** | *(leave empty)* | | **Replace (Hex)** | `68696265726E61746568696472656164790068765F766D6D5F70726573656E7400` | | **Skip** | `0` | | **Arch** | `x86_64` | | **MinKernel** | `20.4.0` | | **MaxKernel** | *(leave empty)* | | **Enabled** | `True` | | **Comment** | `Sonoma VM BT Enabler - PART 1 of 2 - Patch kern.hv_vmm_present=0` | ### Patch 2 | Setting | Value | |---------|-------| | **Identifier** | `kernel` | | **Base** | *(leave empty)* | | **Count** | `1` | | **Find (Hex)** | `626F6F742073657373696F6E20555549440068765F766D6D5F70726573656E7400` | | **Limit** | `0` | | **Mask** | *(leave empty)* | | **Replace (Hex)** | `626F6F742073657373696F6E20555549440068696265726E617465636F756E7400` | | **Skip** | `0` | | **Arch** | `x86_64` | | **MinKernel** | `22.0.0` | | **MaxKernel** | *(leave empty)* | | **Enabled** | `True` | | **Comment** | `Sonoma VM BT Enabler - PART 2 of 2 - Patch kern.hv_vmm_present=0` | 5. Save the configuration 6. Reboot your VM ## Method 3: Direct `config.plist` Editing For users who prefer to manually edit the configuration file: 1. Mount your EFI partition 2. Locate and open your `config.plist` file in a text editor 3. Find the `Kernel` → `` → `Patch` → `` section 4. Add these two `` entries within the ``: ```xml Arch x86_64 Base Comment Sonoma VM BT Enabler - PART 1 of 2 - Patch kern.hv_vmm_present=0 Count 1 Enabled Find aGliZXJuYXRlaGlkcmVhZHkAaGliZXJuYXRlY291bnQA Identifier kernel Limit 0 Mask MaxKernel MinKernel 20.4.0 Replace aGliZXJuYXRlaGlkcmVhZHkAaHZfdm1tX3ByZXNlbnQA ReplaceMask Skip 0 Arch x86_64 Base Comment Sonoma VM BT Enabler - PART 2 of 2 - Patch kern.hv_vmm_present=0 Count 1 Enabled Find Ym9vdCBzZXNzaW9uIFVVSUQAaHZfdm1tX3ByZXNlbnQA Identifier kernel Limit 0 Mask MaxKernel MinKernel 22.0.0 Replace Ym9vdCBzZXNzaW9uIFVVSUQAaGliZXJuYXRlY291bnQA ReplaceMask Skip 0 ``` 5. Save the file 6. Reboot your VM ## Important Notes - The `MinKernel` values (`20.4.0` and `22.0.0`) may need adjustment depending on your specific macOS version (Monterey, Ventura, Sonoma, etc.) - If you encounter issues, consult the [OpenCore documentation](https://dortania.github.io/docs/) for appropriate values for your setup - Always back up your configuration before making changes - After applying the patch and rebooting, try signing into Apple services again ## What This Patch Does This patch tricks macOS into believing it's running on physical hardware by redirecting the `hv_vmm_present` kernel variable, which normally indicates VM presence. After applying the patch, Apple services should function normally within your virtual environment. ### Slow UI The macOS UI expects and relies on GPU acceleration, and there is (currently) no way to provide GPU acceleration in the virtual hardware. See [osx-optimizer](https://github.com/sickcodes/osx-optimizer) for macOS configuration to speed things up. ### Extract the Virtual Disk With the container stopped, `sudo find /var/lib/docker -size +10G -name mac_hdd_ng.img` to find the disk image then copy it where you want it. ### Disk Space Is your host machine's disk, specifically `/var` (because of `/var/lib/docker`), getting full? [Fix it](README.md#increase-disk-space-by-moving-varlibdocker-to-external-drive-block-storage-nfs-or-any-other-location-conceivable). ### Increase RAM or CPUs/cores The `RAM`, `SMP`, and `CORES` options are all docker environment variables, which means it uses whatever you provide any time you start a container. ================================================ FILE: LICENSE ================================================ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . ================================================ FILE: README.md ================================================ # Docker-OSX · [Follow @sickcodes on Twitter](https://twitter.com/sickcodes) ![Running Mac OS X in a Docker container](/running-mac-inside-docker-qemu.png?raw=true "OSX KVM DOCKER") Run Mac OS X in Docker with near-native performance! X11 Forwarding! iMessage security research! iPhone USB working! macOS in a Docker container! Conduct Security Research on macOS using both Linux & Windows! # Docker-OSX now has a Discord server & Telegram! The Discord is active on #docker-osx and anyone is welcome to come and ask questions, ideas, etc.

### Click to join the Discord server [https://discord.gg/sickchat](https://discord.gg/sickchat) ### Click to join the Telegram server [https://t.me/sickcodeschat](https://t.me/sickcodeschat) Or reach out via Linkedin if it's private: [https://www.linkedin.com/in/sickcodes](https://www.linkedin.com/in/sickcodes) Or via [https://sick.codes/contact/](https://sick.codes/contact/) ## Author This project is maintained by [Sick.Codes](https://sick.codes/). [(Twitter)](https://twitter.com/sickcodes) Additional credits can be found here: https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md Additionally, comprehensive list of all contributors can be found here: https://github.com/sickcodes/Docker-OSX/graphs/contributors Big thanks to [@kholia](https://twitter.com/kholia) for maintaining the upstream project, which Docker-OSX is built on top of: [OSX-KVM](https://github.com/kholia/OSX-KVM). Also special thanks to [@thenickdude](https://github.com/thenickdude) who maintains the valuable fork [KVM-OpenCore](https://github.com/thenickdude/KVM-Opencore), which was started by [@Leoyzen](https://github.com/Leoyzen/)! Extra special thanks to the OpenCore team over at: https://github.com/acidanthera/OpenCorePkg. Their well-maintained bootloader provides much of the great functionality that Docker-OSX users enjoy :) If you like this project, consider contributing here or upstream! ## Quick Start Docker-OSX Video setup tutorial is also available here: https://www.youtube.com/watch?v=wLezYl77Ll8 **Windows users:** [click here to see the notes below](#id-like-to-run-docker-osx-on-windows)!

First time here? try [initial setup](#initial-setup), otherwise try the instructions below to use either Catalina or Big Sur. ## Any questions, ideas, or just want to hang out? # [https://discord.gg/sickchat](https://discord.gg/sickchat) Release names and their version: ### Catalina (10.15) [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e SHORTNAME=catalina \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` ### Big Sur (11) [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e SHORTNAME=big-sur \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` ### Monterey (12) [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e GENERATE_UNIQUE=true \ -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \ -e SHORTNAME=monterey \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` ### Ventura (13) [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e GENERATE_UNIQUE=true \ -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \ -e SHORTNAME=ventura \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` ### Sonoma (14) [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e GENERATE_UNIQUE=true \ -e CPU='Haswell-noTSX' \ -e CPUID_FLAGS='kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on' \ -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom-sonoma.plist' \ -e SHORTNAME=sonoma \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` ### Sequoia (15) [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e GENERATE_UNIQUE=true \ -e CPU='Haswell-noTSX' \ -e CPUID_FLAGS='kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on' \ -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom-sonoma.plist' \ -e SHORTNAME=sequoia \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` ### Tahoe (16) [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e GENERATE_UNIQUE=true \ -e CPU='Haswell-noTSX' \ -e CPUID_FLAGS='kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on' \ -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom-sonoma.plist' \ -e SHORTNAME=tahoe \ sickcodes/docker-osx:latest ``` # docker build -t docker-osx . ### Older Systems ### High Sierra [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e SHORTNAME=high-sierra \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` ### Mojave [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e SHORTNAME=mojave \ sickcodes/docker-osx:latest # docker build -t docker-osx . ``` #### Download the image manually and use it in Docker [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked?label=sickcodes%2Fdocker-osx%3Anaked](https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked?label=sickcodes%2Fdocker-osx%3Anaked)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) This is a particularly good way for downloading the container, in case Docker's CDN (or your connection) happens to be slow. ```bash wget https://images2.sick.codes/mac_hdd_ng_auto.img docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -v "${PWD}/mac_hdd_ng_auto.img:/image" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e GENERATE_UNIQUE=true \ -e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/custom/config-nopicker-custom.plist \ -e SHORTNAME=catalina \ sickcodes/docker-osx:naked ``` # Share directories, sharing files, shared folder, mount folder The easiest and most secure way is `sshfs` ```bash # on Linux/Windows mkdir ~/mnt/osx sshfs user@localhost: -p 50922 ~/mnt/osx # wait a few seconds, and ~/mnt/osx will have full rootfs mounted over ssh, and in userspace # automated: sshpass -p sshfs user@localhost:/ -p 50922 ~/mnt/osx ``` # (VFIO) iPhone USB passthrough (VFIO) If you have a laptop see the next usbfluxd section. If you have a desktop PC, you can use [@Silfalion](https://github.com/Silfalion)'s instructions: [https://github.com/Silfalion/Iphone_docker_osx_passthrough](https://github.com/Silfalion/Iphone_docker_osx_passthrough) # (USBFLUXD) iPhone USB -> Network style passthrough OSX-KVM Docker-OSX Video setup tutorial for usbfluxd is also available here: https://www.youtube.com/watch?v=kTk5fGjK_PM

iPhone USB passthrough on macOS virtual machine Linux & Windows

This method WORKS on laptop, PC, anything! Thank you [@nikias](https://github.com/nikias) for [usbfluxd](https://github.com/corellium/usbfluxd) via [https://github.com/corellium](https://github.com/corellium)! **This is done inside Linux.** Open 3 terminals on Linux Connecting your device over USB on Linux allows you to expose `usbmuxd` on port `5000` using [https://github.com/corellium/usbfluxd](https://github.com/corellium/usbfluxd) to another system on the same network. Ensure `usbmuxd`, `socat` and `usbfluxd` are installed. `sudo pacman -S libusbmuxd usbmuxd avahi socat` Available on the AUR: [https://aur.archlinux.org/packages/usbfluxd/](https://aur.archlinux.org/packages/usbfluxd/) `yay usbfluxd` Plug in your iPhone or iPad. Terminal 1 ```bash sudo systemctl start usbmuxd sudo avahi-daemon ``` Terminal 2: ```bash # on host sudo systemctl restart usbmuxd sudo socat tcp-listen:5000,fork unix-connect:/var/run/usbmuxd ``` Terminal 3: ```bash sudo usbfluxd -f -n ``` ### Connect to a host running usbfluxd **This is done inside macOS.** Install homebrew. `172.17.0.1` is usually the Docker bridge IP, which is your PC, but you can use any IP from `ip addr`... macOS Terminal: ```zsh # on the guest brew install make automake autoconf libtool pkg-config gcc libimobiledevice usbmuxd git clone https://github.com/corellium/usbfluxd.git cd usbfluxd ./autogen.sh make sudo make install ``` Accept the USB over TCP connection, and appear as local: (you may need to change `172.17.0.1` to the IP address of the host. e.g. check `ip addr`) ```bash # on the guest sudo launchctl start usbmuxd export PATH=/usr/local/sbin:${PATH} sudo usbfluxd -f -r 172.17.0.1:5000 ``` Close apps such as Xcode and reopen them and your device should appear! *If you need to start again on Linux, wipe the current usbfluxd, usbmuxd, and socat:* ```bash sudo killall usbfluxd sudo systemctl restart usbmuxd sudo killall socat ``` ## Make container FASTER using [https://github.com/sickcodes/osx-optimizer](https://github.com/sickcodes/osx-optimizer) SEE commands in [https://github.com/sickcodes/osx-optimizer](https://github.com/sickcodes/osx-optimizer)! - Skip the GUI login screen (at your own risk!) - Disable spotlight indexing on macOS to heavily speed up Virtual Instances. - Disable heavy login screen wallpaper - Disable updates (at your own risk!) ## Increase disk space by moving /var/lib/docker to external drive, block storage, NFS, or any other location conceivable. Move /var/lib/docker, following the tutorial below - Cheap large physical disk storage instead using your server's disk, or SSD. - Block Storage, NFS, etc. Tutorial here: https://sick.codes/how-to-run-docker-from-block-storage/ Only follow the above tutorial if you are happy with wiping all your current Docker images/layers. Safe mode: Disable docker temporarily so you can move the Docker folder temporarily. - Do NOT do this until you have moved your image out already [https://github.com/dulatello08/Docker-OSX/#quick-start-your-own-image-naked-container-image](https://github.com/dulatello08/Docker-OSX/#quick-start-your-own-image-naked-container-image) ```bash killall dockerd systemctl disable --now docker systemctl disable --now docker.socket systemctl stop docker systemctl stop docker.socket ``` Now, that Docker daemon is off, move /var/lib/docker somewhere Then, symbolicly link /var/lib/docker somewhere: ```bash mv /var/lib/docker /run/media/user/some_drive/docker ln -s /run/media/user/some_drive/docker /var/lib/docker # now check if /var/lib/docker is working still ls /var/lib/docker ``` If you see folders, then it worked. You can restart Docker, or just reboot if you want to be sure. ## Important notices: **2021-11-14** - Added High Sierra, Mojave Pick one of these while **building**, irrelevant when using docker pull: ``` --build-arg SHORTNAME=high-sierra --build-arg SHORTNAME=mojave --build-arg SHORTNAME=catalina --build-arg SHORTNAME=big-sur --build-arg SHORTNAME=monterey --build-arg SHORTNAME=ventura --build-arg SHORTNAME=sonoma ``` ## Technical details There are currently multiple images, each with different use cases (explained [below](#container-images)): - High Sierra (10.13) - Mojave (10.14) - Catalina (10.15) - Big Sur (11) - Monterey (12) - Ventura (13) - Sonoma (14) - Auto (pre-made Catalina) - Naked (use your own .img) - Naked-Auto (user your own .img and SSH in) High Sierra: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/high-sierra?label=sickcodes%2Fdocker-osx%3Ahigh-sierra](https://img.shields.io/docker/image-size/sickcodes/docker-osx/high-sierra?label=sickcodes%2Fdocker-osx%3Ahigh-sierra)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Mojave: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/mojave?label=sickcodes%2Fdocker-osx%3Amojave](https://img.shields.io/docker/image-size/sickcodes/docker-osx/mojave?label=sickcodes%2Fdocker-osx%3Amojave)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Catalina: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest](https://img.shields.io/docker/image-size/sickcodes/docker-osx/latest?label=sickcodes%2Fdocker-osx%3Alatest)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Big-Sur: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/big-sur?label=sickcodes%2Fdocker-osx%3Abig-sur](https://img.shields.io/docker/image-size/sickcodes/docker-osx/big-sur?label=sickcodes%2Fdocker-osx%3Abig-sur)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Monterey make your own image: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/monterey?label=sickcodes%2Fdocker-osx%3Amonterey](https://img.shields.io/docker/image-size/sickcodes/docker-osx/monterey?label=sickcodes%2Fdocker-osx%3Amonterey)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Ventura make your own image: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/ventura?label=sickcodes%2Fdocker-osx%3Aventura](https://img.shields.io/docker/image-size/sickcodes/docker-osx/ventura?label=sickcodes%2Fdocker-osx%3Aventura)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Sonoma make your own image: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/sonoma?label=sickcodes%2Fdocker-osx%3Asonoma](https://img.shields.io/docker/image-size/sickcodes/docker-osx/sonoma?label=sickcodes%2Fdocker-osx%3Asonoma)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Pre-made **Catalina** system by [Sick.Codes](https://sick.codes): username: `user`, password: `alpine` [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/auto?label=sickcodes%2Fdocker-osx%3Aauto](https://img.shields.io/docker/image-size/sickcodes/docker-osx/auto?label=sickcodes%2Fdocker-osx%3Aauto)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Naked: Bring-your-own-image setup (use any of the above first): [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked?label=sickcodes%2Fdocker-osx%3Anaked](https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked?label=sickcodes%2Fdocker-osx%3Anaked)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) Naked Auto: same as above but with `-e USERNAME` & `-e PASSWORD` and `-e OSX_COMMANDS="put your commands here"` [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked-auto?label=sickcodes%2Fdocker-osx%3Anaked-auto](https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked-auto?label=sickcodes%2Fdocker-osx%3Anaked-auto)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ## Capabilities - use iPhone OSX KVM on Linux using [usbfluxd](https://github.com/corellium/usbfluxd)! - macOS Monterey VM on Linux! - Folder sharing- - USB passthrough (hotplug too) - SSH enabled (`localhost:50922`) - VNC enabled (`localhost:8888`) if using ./vnc version - iMessage security research via [serial number generator!](https://github.com/sickcodes/osx-serial-generator) - X11 forwarding is enabled - runs on top of QEMU + KVM - supports Big Sur, custom images, Xvfb headless mode - you can clone your container with `docker commit` ### Requirements - 20GB+++ disk space for bare minimum installation (50GB if using Xcode) - virtualization should be enabled in your BIOS settings - a x86_64 kvm-capable host - at least 50 GBs for `:auto` (half for the base image, half for your runtime image ### TODO - documentation for security researchers - gpu acceleration - support for virt-manager ## Docker Images built on top of the contents of this repository are also available on **Docker Hub** for convenience: https://hub.docker.com/r/sickcodes/docker-osx A comprehensive list of the available Docker images and their intended purpose can be found in the [Instructions](#instructions). ## Kubernetes Docker-OSX supports Kubernetes. Kubernetes Helm Chart & Documentation can be found under the [helm directory](helm/README.md). Thanks [cephasara](https://github.com/cephasara) for contributing this major contribution. [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx) ## Support ### Small questions & issues Feel free to open an [issue](https://github.com/sickcodes/Docker-OSX/issues/new/choose), should you come across minor issues with running Docker-OSX or have any questions. #### Resolved issues Before you open an issue, however, please check the [closed issues](https://github.com/sickcodes/Docker-OSX/issues?q=is%3Aissue+is%3Aclosed) and confirm that you're using the latest version of this repository — your issues may have already been resolved! You might also see your answer in our questions and answers section [below](#more-questions-and-answers). ### Feature requests and updates Follow [@sickcodes](https://twitter.com/sickcodes)! ### Professional support For more sophisticated endeavours, we offer the following support services: - Enterprise support, business support, or casual support. - Custom images, custom scripts, consulting (per hour available!) - One-on-one conversations with you or your development team. In case you're interested, contact [@sickcodes on Twitter](https://twitter.com/sickcodes) or click [here](https://sick.codes/contact). ## License/Contributing Docker-OSX is licensed under the [GPL v3+](LICENSE). Contributions are welcomed and immensely appreciated. You are in fact permitted to use Docker-OSX as a tool to create proprietary software. ### Other cool Docker/QEMU based projects - [Run Android in a Docker Container with Dock Droid](https://github.com/sickcodes/dock-droid) - [Run Android fully native on the host!](https://github.com/sickcodes/droid-native) - [Run iOS 12 in a Docker container with Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [https://github.com/sickcodes/Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [Run iMessage relayer in Docker with Bluebubbles.app](https://bluebubbles.app/) - [Getting started wiki](https://github.com/BlueBubblesApp/BlueBubbles-Server/wiki/Running-via-Docker) ## Disclaimer If you are serious about Apple Security, and possibly finding 6-figure bug bounties within the Apple Bug Bounty Program, then you're in the right place! Further notes: [Is Hackintosh, OSX-KVM, or Docker-OSX legal?](https://sick.codes/is-hackintosh-osx-kvm-or-docker-osx-legal/) Product names, logos, brands and other trademarks referred to within this project are the property of their respective trademark holders. These trademark holders are not affiliated with our repository in any capacity. They do not sponsor or endorse this project in any way. # Instructions ## Container images ### Already set up or just looking to make a container quickly? Check out our [quick start](#quick-start-docker-osx) or see a bunch more use cases under our [container creation examples](#container-creation-examples) section. There are several different Docker-OSX images available that are suitable for different purposes. - `sickcodes/docker-osx:latest` - [I just want to try it out.](#quick-start-docker-osx) - `sickcodes/docker-osx:latest` - [I want to use Docker-OSX to develop/secure apps in Xcode (sign into Xcode, Transporter)](#quick-start-your-own-image-naked-container-image) - `sickcodes/docker-osx:naked` - [I want to use Docker-OSX for CI/CD-related purposes (sign into Xcode, Transporter)](#building-a-headless-container-from-a-custom-image) Create your personal image using `:latest` or `big-sur`. Then, pull the image out the image. Afterwards, you will be able to duplicate that image and import it to the `:naked` container, in order to revert the container to a previous state repeatedly. - `sickcodes/docker-osx:auto` - [I'm only interested in using the command line (useful for compiling software or using Homebrew headlessly).](#prebuilt-image-with-arbitrary-command-line-arguments) - `sickcodes/docker-osx:naked` - [I need iMessage/iCloud for security research.](#generating-serial-numbers) - `sickcodes/docker-osx:big-sur` - [I want to run Big Sur.](#quick-start-docker-osx) - `sickcodes/docker-osx:monterey` - [I want to run Monterey.](#quick-start-docker-osx) - `sickcodes/docker-osx:ventura` - [I want to run Ventura.](#quick-start-docker-osx) - `sickcodes/docker-osx:sonoma` - [I want to run Sonoma.](#quick-start-docker-osx) - `sickcodes/docker-osx:high-sierra` - I want to run High Sierra. - `sickcodes/docker-osx:mojave` - I want to run Mojave. ## Initial setup Before you do anything else, you will need to turn on hardware virtualization in your BIOS. Precisely how will depend on your particular machine (and BIOS), but it should be straightforward. Then, you'll need QEMU and some other dependencies on your host: ```bash # ARCH sudo pacman -S qemu libvirt dnsmasq virt-manager bridge-utils flex bison iptables-nft edk2-ovmf # UBUNTU DEBIAN sudo apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager libguestfs-tools # CENTOS RHEL FEDORA sudo yum install libvirt qemu-kvm ``` Then, enable libvirt and load the KVM kernel module: ```bash sudo systemctl enable --now libvirtd sudo systemctl enable --now virtlogd echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs sudo modprobe kvm ``` ### I'd like to run Docker-OSX on Windows Running Docker-OSX on Windows is possible using WSL2 (Windows 11 + Windows Subsystem for Linux). You must have Windows 11 installed with build 22000+ (21H2 or higher). First, install WSL on your computer by running this command in an administrator powershell. For more info, look [here](https://docs.microsoft.com/en-us/windows/wsl/install). This will install Ubuntu by default. ``` wsl --install ``` You can confirm WSL2 is enabled using `wsl -l -v` in PowerShell. To see other distributions that are available, use `wsl -l -o`. If you have previously installed WSL1, upgrade to WSL 2. Check [this link to upgrade from WSL1 to WSL2](https://docs.microsoft.com/en-us/windows/wsl/install#upgrade-version-from-wsl-1-to-wsl-2). After WSL installation, go to `C:/Users//.wslconfig` and add `nestedVirtualization=true` to the end of the file (If the file doesn't exist, create it). For more information about the `.wslconfig` file check [this link](https://docs.microsoft.com/en-us/windows/wsl/wsl-config#wslconfig). Verify that you have selected "Show Hidden Files" and "Show File Extensions" in File Explorer options. The result should be like this: ``` [wsl2] nestedVirtualization=true ``` Go into your WSL distro (Run `wsl` in powershell) and check if KVM is enabled by using the `kvm-ok` command. The output should look like this: ``` INFO: /dev/kvm exists KVM acceleration can be used ``` Use the command `sudo apt -y install bridge-utils cpu-checker libvirt-clients libvirt-daemon qemu qemu-kvm` to install it if it isn't. Now download and install [Docker for Windows](https://docs.docker.com/desktop/windows/install/) if it is not already installed. After installation, go into Settings and check these 2 boxes: ``` General -> "Use the WSL2 based engine"; Resources -> WSL Integration -> "Enable integration with my default WSL distro", ``` Ensure `x11-apps` is installed. Use the command `sudo apt install x11-apps -y` to install it if it isn't. Finally, there are 3 ways to get video output: - WSLg: This is the simplest and easiest option to use. There may be some issues such as the keyboard not being fully passed through or seeing a second mouse on the desktop - [Issue on WSLg](https://github.com/microsoft/wslg/issues/376) - but this option is recommended. To use WSLg's built-in X-11 server, change these two lines in the docker run command to point Docker-OSX to WSLg. ``` -e "DISPLAY=${DISPLAY:-:0.0}" \ -v /mnt/wslg/.X11-unix:/tmp/.X11-unix \ ``` Or try: ``` -e "DISPLAY=${DISPLAY:-:0}" \ -v /mnt/wslg/.X11-unix:/tmp/.X11-unix \ ``` For Ubuntu 20.x on Windows, see [https://github.com/sickcodes/Docker-OSX/discussions/458](https://github.com/sickcodes/Docker-OSX/discussions/458) - VNC: See the [VNC section](#building-a-headless-container-which-allows-insecure-vnc-on-localhost-for-local-use-only) for more information. You could also add -vnc argument to qemu. Connect to your mac VM via a VNC Client. [Here is a how to](https://wiki.archlinux.org/title/QEMU#VNC) - Desktop Environment: This will give you a full desktop linux experience but it will use a bit more of the computer's resources. Here is an example guide, but there are other guides that help set up a desktop environment. [DE Example](https://www.makeuseof.com/tag/linux-desktop-windows-subsystem/) ## Additional boot instructions for when you are [creating your container](#container-creation-examples) - Boot the macOS Base System (Press Enter) - Click `Disk Utility` - Erase the BIGGEST disk (around 200gb default), DO NOT MODIFY THE SMALLER DISKS. -- if you can't click `erase`, you may need to reduce the disk size by 1kb - (optional) Create a partition using the unused space to house the OS and your files if you want to limit the capacity. (For Xcode 12 partition at least 60gb.) - Click `Reinstall macOS` - The system may require multiple reboots during installation ## Troubleshooting ### Routine checks This is a great place to start if you are having trouble getting going, especially if you're not that familiar with Docker just yet. Just looking to make a container quickly? Check out our [container creation examples](#container-creation-examples) section. More specific/advanced troubleshooting questions and answers may be found in [More Questions and Answers](#more-questions-and-answers). You should also check out the [closed issues](https://github.com/sickcodes/Docker-OSX/issues?q=is%3Aissue+is%3Aclosed). Someone else might have gotten a question like yours answered already even if you can't find it in this document! #### Confirm that your CPU supports virtualization See [initial setup](#initial-setup). #### Docker Unknown Server OS error ```console docker: unknown server OS: . See 'docker run --help'. ``` This means your docker daemon is not running. `pgrep dockerd` should return nothing Therefore, you have a few choices. `sudo dockerd` for foreground Docker usage. I use this. Or `sudo systemctl --start dockerd` to start dockerd this now. Or `sudo systemctl --enable --now dockerd` for start dockerd on every reboot, and now. #### Use more CPU Cores/SMP Examples: `-e EXTRA='-smp 6,sockets=3,cores=2'` `-e EXTRA='-smp 8,sockets=4,cores=2'` `-e EXTRA='-smp 16,sockets=8,cores=2'` Note, unlike memory, CPU usage is shared. so you can allocate all of your CPU's to the container. ### Confirm your user is part of the Docker group, KVM group, libvirt group #### Add yourself to the Docker group If you use `sudo dockerd` or dockerd is controlled by systemd/systemctl, then you must be in the Docker group. If you are not in the Docker group: ```bash sudo usermod -aG docker "${USER}" ``` and also add yourself to the kvm and libvirt groups if needed: ```bash sudo usermod -aG libvirt "${USER}" sudo usermod -aG kvm "${USER}" ``` See also: [initial setup](#initial-setup). #### Is the docker daemon enabled? ```bash # run ad hoc sudo dockerd # or daemonize it sudo nohup dockerd & # enable it in systemd (it will persist across reboots this way) sudo systemctl enable --now docker # or just start it as your user with systemd instead of enabling it systemctl start docker ``` ## More Questions and Answers Big thank you to our contributors who have worked out almost every conceivable issue so far! [https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md](https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md) ### Start the same container later (persistent disk) Created a container with `docker run` and want to reuse the underlying image again later? NB: see [container creation examples](#container-creation-examples) first for how to get to the point where this is applicable. This is for when you want to run the SAME container again later. You may need to use `docker commit` to save your container before you can reuse it. Check if your container is persisted with `docker ps --all`. If you don't run this you will have a new image every time. ```bash # look at your recent containers and copy the CONTAINER ID docker ps --all # docker start the container ID docker start -ai abc123xyz567 # if you have many containers, you can try automate it with filters like this # docker ps --all --filter "ancestor=sickcodes/docker-osx" # for locally tagged/built containers # docker ps --all --filter "ancestor=docker-osx" ``` You can also pull the `.img` file out of the container, which is stored in `/var/lib/docker`, and supply it as a runtime argument to the `:naked` Docker image. See also: [here](https://github.com/sickcodes/Docker-OSX/issues/197). ### I have used Docker-OSX before and want to restart a container that starts automatically Containers that use `sickcodes/docker-osx:auto` can be stopped while being started. ```bash # find last container docker ps -a # docker start old container with -i for interactive, -a for attach STDIN/STDOUT docker start -ai -i ``` ### LibGTK errors "connection refused" You may see one or more libgtk-related errors if you do not have everything set up for hardware virtualisation yet. If you have not yet done so, check out the [initial setup](#initial-setup) section and the [routine checks](#routine-checks) section as you may have missed a setup step or may not have all the needed Docker dependencies ready to go. See also: [here](https://github.com/sickcodes/Docker-OSX/issues/174). #### Permissions denied error If you have not yet set up xhost, try the following: ```bash echo $DISPLAY # ARCH sudo pacman -S xorg-xhost # UBUNTU DEBIAN sudo apt install x11-xserver-utils # CENTOS RHEL FEDORA sudo yum install xorg-x11-server-utils # then run xhost + ``` ### RAM over-allocation You cannot allocate more RAM than your machine has. The default is 3 Gigabytes: `-e RAM=3`. If you are trying to allocate more RAM to the container than you currently have available, you may see an error like the following: `cannot set up guest memory 'pc.ram': Cannot allocate memory`. See also: [here](https://github.com/sickcodes/Docker-OSX/issues/188), [here](https://github.com/sickcodes/Docker-OSX/pull/189). For example (below) the `buff/cache` already contains 20 Gigabytes of allocated RAM: ```console [user@hostname ~]$ free -mh total used free shared buff/cache available Mem: 30Gi 3.5Gi 7.0Gi 728Mi 20Gi 26Gi Swap: 11Gi 0B 11Gi ``` Clear the buffer and the cache: ```bash sudo tee /proc/sys/vm/drop_caches <<< 3 ``` Now check the RAM again: ```console [user@hostname ~]$ free -mh total used free shared buff/cache available Mem: 30Gi 3.3Gi 26Gi 697Mi 1.5Gi 26Gi Swap: 11Gi 0B 11Gi ``` ### PulseAudio #### Use PulseAudio for sound Note: [AppleALC](https://github.com/acidanthera/AppleALC), [`alcid`](https://dortania.github.io/OpenCore-Post-Install/universal/audio.html) and [VoodooHDA-OC](https://github.com/chris1111/VoodooHDA-OC) do not have [codec support](https://osy.gitbook.io/hac-mini-guide/details/hda-fix#hda-codec). However, [IORegistryExplorer](https://github.com/vulgo/IORegistryExplorer) does show the controller component working. ```bash docker run \ --device /dev/kvm \ -e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \ -v "/run/user/$(id -u)/pulse/native:/tmp/pulseaudio.socket" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ sickcodes/docker-osx ``` #### PulseAudio debugging ```bash docker run \ --device /dev/kvm \ -e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \ -v "/run/user/$(id -u)/pulse/native:/tmp/pulseaudio.socket" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e PULSE_SERVER=unix:/tmp/pulseaudio.socket \ sickcodes/docker-osx pactl list ``` #### PulseAudio with WSLg ```bash docker run \ --device /dev/kvm \ -e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \ -v /mnt/wslg/runtime-dir/pulse/native:/tmp/pulseaudio.socket \ -v /mnt/wslg/.X11-unix:/tmp/.X11-unix \ sickcodes/docker-osx ``` ### Forward additional ports (nginx hosting example) It's possible to forward additional ports depending on your needs. In this example, we'll use Mac OSX to host nginx: ``` host:10023 <-> 10023:container:10023 <-> 80:guest ``` On the host machine, run: ```bash docker run -it \ --device /dev/kvm \ -p 50922:10022 \ -e ADDITIONAL_PORTS='hostfwd=tcp::10023-:80,' \ -p 10023:10023 \ sickcodes/docker-osx:auto ``` In a Terminal session running the container, run: ```bash /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" brew install nginx sudo sed -i -e 's/8080/80/' /usr/local/etc/nginx/nginx.confcd # sudo nginx -s stop sudo nginx ``` **nginx should now be reachable on port 10023.** Additionally, you can string multiple statements together, for example: ```bash -e ADDITIONAL_PORTS='hostfwd=tcp::10023-:80,hostfwd=tcp::10043-:443,' -p 10023:10023 \ -p 10043:10043 \ ``` ### Bridged networking You might not need to do anything with the default setup to enable internet connectivity from inside the container. Additionally, `curl` may work even if `ping` doesn't. See discussion [here](https://github.com/sickcodes/Docker-OSX/issues/177) and [here](https://github.com/sickcodes/Docker-OSX/issues/72) and [here](https://github.com/sickcodes/Docker-OSX/issues/88). ### Enable IPv4 forwarding for bridged network connections for remote installations This is not required for LOCAL installations. Additionally note it may [cause the host to leak your IP, even if you're using a VPN in the container](https://sick.codes/cve-2020-15590/). However, if you're trying to connect to an instance of Docker-OSX remotely (e.g. an instance of Docker-OSX hosted in a datacenter), this may improve your performance: ```bash # enable for current session sudo sysctl -w net.ipv4.ip_forward=1 # OR # sudo tee /proc/sys/net/ipv4/ip_forward <<< 1 # enable permanently sudo touch /etc/sysctl.conf sudo tee -a /etc/sysctl.conf <`. For example, to kill everything, `docker ps | xargs docker kill`.** Native QEMU VNC example ```bash docker run -i \ --device /dev/kvm \ -p 50922:10022 \ -p 5999:5999 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \ sickcodes/docker-osx:big-sur # type `change vnc password myvncusername` into the docker terminal and set a password # connect to localhost:5999 using VNC # qemu 6 seems to require a username for vnc now ``` **NOT TLS/HTTPS Encrypted at all!** Or `ssh -N root@1.1.1.1 -L 5999:127.0.0.1:5999`, where `1.1.1.1` is your remote server IP. (Note: if you close port 5999 and use the SSH tunnel, this becomes secure.) ### Building a headless container to run remotely with secure VNC Add the following line: `-e EXTRA="-display none -vnc 0.0.0.0:99,password=on"` In the Docker terminal, press `enter` until you see `(qemu)`. Type `change vnc password someusername` Enter a password for your new vnc username^. You also need the container IP: `docker inspect | jq -r '.[0].NetworkSettings.IPAddress'` Or `ip n` will usually show the container IP first. Now VNC connects using the Docker container IP, for example `172.17.0.2:5999` Remote VNC over SSH: `ssh -N root@1.1.1.1 -L 5999:172.17.0.2:5999`, where `1.1.1.1` is your remote server IP and `172.17.0.2` is your LAN container IP. Now you can direct connect VNC to any container built with this command! ### I'd like to use SPICE instead of VNC Optionally, you can enable the SPICE protocol, which allows use of `remote-viewer` to access your OSX container rather than VNC. Note: `-disable-ticketing` will allow unauthenticated access to the VM. See the [spice manual](https://www.spice-space.org/spice-user-manual.html) for help setting up authenticated access ("Ticketing"). ```bash docker run \ --device /dev/kvm \ -p 3001:3001 \ -p 50922:10022 \ -e "DISPLAY=${DISPLAY:-:0.0}" \ -e EXTRA="-monitor telnet::45454,server,nowait -nographic -serial null -spice disable-ticketing,port=3001" \ mycustomimage ``` Then simply do `remote-viewer spice://localhost:3001` and add `--spice-debug` for debugging. #### Creating images based on an already configured and set up container ```bash # You can create an image of an already configured and setup container. # This allows you to effectively duplicate a system. # To do this, run the following commands # make note of your container id docker ps --all docker commit containerid newImageName # To run this image do the following docker run \ --device /dev/kvm \ --device /dev/snd \ -v /tmp/.X11-unix:/tmp/.X11-unix \ newImageName ``` ```bash docker pull sickcodes/docker-osx:auto # boot directly into a real OS X shell with no display (Xvfb) [HEADLESS] docker run -it \ --device /dev/kvm \ -p 50922:10022 \ sickcodes/docker-osx:auto # username is user # password is alpine # Wait 2-3 minutes until you drop into the shell. ``` #### Run the original version of Docker-OSX ```bash docker pull sickcodes/docker-osx:latest docker run -it \ --device /dev/kvm \ --device /dev/snd \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ sickcodes/docker-osx:latest # press CTRL + G if your mouse gets stuck # scroll down to troubleshooting if you have problems # need more RAM and SSH on localhost -p 50922? ``` #### Run but enable SSH in OS X (Original Version)! ```bash docker run -it \ --device /dev/kvm \ --device /dev/snd \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ sickcodes/docker-osx:latest # turn on SSH after you've installed OS X in the "Sharing" settings. ssh user@localhost -p 50922 ``` #### Autoboot into OS X after you've installed everything Add the extra option `-e NOPICKER=true`. Old machines: ```bash # find your containerID docker ps # move the no picker script on top of the Launch script # NEW CONTAINERS docker exec containerID mv ./Launch-nopicker.sh ./Launch.sh # VNC-VERSION-CONTAINER docker exec containerID mv ./Launch-nopicker.sh ./Launch_custom.sh # LEGACY CONTAINERS docker exec containerID bash -c "grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh chmod +x ./Launch-nopicker.sh sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh " ``` ### The big-sur image starts slowly after installation. Is this expected? Automatic updates are still on in the container's settings. You may wish to turn them off. [We have future plans for development around this.](https://github.com/sickcodes/Docker-OSX/issues/227) ### What is `${DISPLAY:-:0.0}`? `$DISPLAY` is the shell variable that refers to your X11 display server. `${DISPLAY}` is the same, but allows you to join variables like this: - e.g. `${DISPLAY}_${DISPLAY}` would print `:0.0_:0.0` - e.g. `$DISPLAY_$DISPLAY` would print `:0.0` ...because `$DISPLAY_` is not `$DISPLAY` `${variable:-fallback}` allows you to set a "fallback" variable to be substituted if `$variable` is not set. You can also use `${variable:=fallback}` to set that variable (in your current terminal). In Docker-OSX, we assume, `:0.0` is your default `$DISPLAY` variable. You can see what yours is ```bash echo $DISPLAY ``` That way, `${DISPLAY:-:0.0}` will use whatever variable your X11 server has set for you, else `:0.0` ### What is `-v /tmp/.X11-unix:/tmp/.X11-unix`? `-v` is a Docker command-line option that lets you pass a volume to the container. The directory that we are letting the Docker container use is a X server display socket. `/tmp/.X11-unix` If we let the Docker container use the same display socket as our own environment, then any applications you run inside the Docker container will show up on your screen too! [https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html](https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html) ### ALSA errors on startup or container creation You may when initialising or booting into a container see errors from the `(qemu)` console of the following form: `ALSA lib blahblahblah: (function name) returned error: no such file or directory`. These are more or less expected. As long as you are able to boot into the container and everything is working, no reason to worry about these. See also: [here](https://github.com/sickcodes/Docker-OSX/issues/174). ================================================ FILE: custom/README.md ================================================ # OSX Serial Generator This folder has been moved to its own repository :) This is a temporary copy for hardlinks. See [https://github.com/sickcodes/osx-serial-generator](https://github.com/sickcodes/osx-serial-generator) ================================================ FILE: custom/config-custom.plist ================================================ ACPI Add Comment My custom DSDT Enabled Path DSDT.aml Comment My custom SSDT Enabled Path SSDT-1.aml Comment Read the comment in dsl sample Enabled Path SSDT-ALS0.aml Comment Read the comment in dsl sample Enabled Path SSDT-AWAC-DISABLE.aml Comment Read the comment in dsl sample Enabled Path SSDT-BRG0.aml Comment Read the comment in dsl sample Enabled Path SSDT-EC-USBX.aml Comment Fake EC and USBX Power Enabled Path SSDT-EC.aml Comment Read the comment in dsl sample Enabled Path SSDT-EHCx-DISABLE.aml Comment Read the comment in dsl sample Enabled Path SSDT-IMEI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Comment Read the comment in dsl sample Enabled Path SSDT-PMC.aml Comment Read the comment in dsl sample Enabled Path SSDT-PNLF.aml Comment Read the comment in dsl sample Enabled Path SSDT-PNLFCFL.aml Comment Read the comment in dsl sample Enabled Path SSDT-RTC0-RANGE.aml Comment Read the comment in dsl sample Enabled Path SSDT-RTC0.aml Comment Read the comment in dsl sample Enabled Path SSDT-SBUS-MCHC.aml Comment Read the comment in dsl sample Enabled Path SSDT-UNC.aml Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Base BaseSkip 0 Comment Replace one byte sequence with another Count 0 Enabled Find ESIzRA== Limit 0 Mask OemTableId Replace RDMiEQ== ReplaceMask Skip 0 TableLength 0 TableSignature Base \_SB.PCI0.LPCB.HPET BaseSkip 0 Comment HPET _CRS to XCRS Count 1 Enabled Find X0NSUw== Limit 0 Mask OemTableId Replace WENSUw== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus SyncTableIds Booter MmioWhitelist Quirks AllowRelocationBlock AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector ForceBooterSignature ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete Kernel Add Arch Any BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch Any BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 10.0.0 PlistPath Contents/Info.plist Arch Any BundlePath AppleALC.kext Comment Audio patches Enabled ExecutablePath Contents/MacOS/AppleALC MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath IntelMausi.kext Comment Intel Ethernet LAN Enabled ExecutablePath Contents/MacOS/IntelMausi MaxKernel MinKernel 13.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath Legacy_USB3.kext Comment XHC ports configuration Enabled ExecutablePath MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Controller MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Keyboard.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Keyboard MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Mouse.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Mouse MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Trackpad.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Trackpad MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooInput.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooInput MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Emulate Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== DummyPowerManagement MaxKernel MinKernel Force Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Enabled ExecutablePath Contents/MacOS/IONetworkingFamily Identifier com.apple.iokit.IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist Patch Arch x86_64 Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= MaxKernel 20.3.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 Arch x86_64 Base Comment algrey - thenickdude - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN (Big Sur 11.3 and newer) Count 1 Enabled Find MdKzAYA9AAAAAAZ1 Identifier kernel Limit 0 Mask ////////AAAAAP// MaxKernel 21.99.99 MinKernel 20.4.0 Replace urxP6nizAJCQkJDr ReplaceMask Skip 0 Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomSMBIOSGuid DisableIoMapper DisableLinkeditJettison DisableRtcChecksum ExtendBTFeatureFlags ExternalDiskIcons ForceSecureBootScheme IncreasePciBarSize LapicKernelPanic LegacyCommpage PanicNoKextDump PowerTimeoutKernelPanic ProvideCurrentCpuInfo SetApfsTrimTimeout -1 ThirdPartyDrives XhciPortLimit Scheme CustomKernel FuzzyMatch KernelArch Auto KernelCache Auto Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HideAuxiliary LauncherOption Disabled LauncherPath Default PickerAttributes 17 PickerAudioAssist PickerMode External PickerVariant Auto PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout 45 Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 SerialInit SysReport Target 3 Entries Security AllowNvramReset AllowSetDefault AllowToggleSip ApECID 0 AuthRestart BlacklistAppleUpdate DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 0 SecureBootModel Disabled Vault Optional Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Flavour OpenShell:UEFIShell:Shell Name UEFI Shell Path OpenShell.efi RealPath TextMode Arguments Auxiliary Comment Memory testing utility Enabled Flavour MemTest Name memtest86 Path memtest86/BOOTX64.efi RealPath TextMode Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Flavour Auto Name Shutdown Path ResetSystem.efi RealPath TextMode NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== UIScale AQ== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 ForceDisplayRotationInEFI 0 SystemAudioVolume Rg== boot-args -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} run-efi-updater No csr-active-config ZwAAAA== prev-lang:kbd ZW4tVVM6MA== run-efi-updater No Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 UIScale DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args ForceDisplayRotationInEFI LegacyEnable LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name fmm-mobileme-token-FMM fmm-mobileme-token-FMM-BridgeHasAccount nvda_drv prev-lang:kbd 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic CustomMemory Generic AdviseFeatures MaxBIOSVersion MLB {{BOARD_SERIAL}} ProcessorType 0 ROM {{ROM}} SpoofVendor SystemMemoryStatus Auto SystemProductName {{DEVICE_MODEL}} SystemSerialNumber {{SERIAL}} SystemUUID {{UUID}} UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UseRawUuidEncoding UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate -1 MinVersion -1 AppleInput AppleEvent Builtin CustomDelays GraphicsInputMirroring KeyInitialDelay 50 KeySubsequentDelay 5 PointerSpeedDiv 1 PointerSpeedMul 1 Audio AudioCodec 0 AudioDevice PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) AudioOut 0 AudioSupport MinimumVolume 20 PlayChime Auto ResetTrafficClass SetupDelay 0 VolumeAmplifier 0 ConnectDrivers Drivers Arguments Comment HFS+ Driver Enabled Path OpenHfsPlus.efi Arguments Comment Enabled Path OpenRuntime.efi Arguments Comment Enabled Path OpenCanopy.efi Arguments Comment Enabled Path AudioDxe.efi Arguments Comment Enabled Path OpenPartitionDxe.efi Arguments Comment Enabled Path OpenUsbKbDxe.efi Arguments Comment Enabled Path UsbMouseDxe.efi Arguments Comment Enabled Path Ps2KeyboardDxe.efi Arguments Comment Enabled Path Ps2MouseDxe.efi Arguments Comment Enabled Path HiiDatabase.efi Arguments Comment Enabled Path NvmExpressDxe.efi Arguments Comment Enabled Path XhciDxe.efi Arguments Comment Enabled Path ExFatDxe.efi Arguments Comment Enabled Path CrScreenshotDxe.efi Arguments Comment Enabled Path ext4_x64.efi Arguments Comment Enabled Path OpenLinuxBoot.efi Input KeyFiltering KeyForgetThreshold 5 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleMode DirectGopRendering ForceResolution GopPassThrough Disabled IgnoreTextInGraphics ProvideConsoleGop ReconnectOnResChange ReplaceTabWithSpace Resolution {{WIDTH}}x{{HEIGHT}}@32 SanitiseClearScreen TextRenderer BuiltinGraphics UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEg2Info AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo UnicodeCollation Quirks ActivateHpetSupport DisableSecurityPolicy EnableVectorAcceleration ExitBootServicesDelay 0 ForceOcWriteFlash ForgeUefiSupport IgnoreInvalidFlexRatio ReleaseUsbOwnership ReloadOptionRoms RequestBootVarRouting TscSyncTimeout 0 UnblockFsConnect ================================================ FILE: custom/config-legacy.plist ================================================ ACPI Add Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment Fake EC and USBX Power Enabled Path SSDT-EC.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Comment _Q11 to XQ11 Count 1 Enabled Find X1ExMQ== Limit 0 Mask OemTableId Replace WFExMQ== ReplaceMask Skip 0 TableLength 0 TableSignature Comment _Q12 to XQ12 Count 1 Enabled Find X1ExMg== Limit 0 Mask OemTableId Replace WFExMg== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus Booter MmioWhitelist Quirks AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete PciRoot(0x0)/Pci(0x1b,0x0) MaximumBootBeepVolume Kernel Add Arch Any BundlePath VoodooHDA.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooHDA MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Emulate Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== Force Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Patch engine Enabled Identifier com.apple.iokit.IONetworkingFamily ExecutablePath Contents/MacOS/IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist Patch Base _cpu_topology_sort Comment algrey - cpu_topology_sort -disable _x86_validate_topology Count 1 Enabled Find 6AAA//8= Identifier kernel Limit 0 Mask /wAA//8= MaxKernel 20.99.99 MinKernel 17.0.0 Replace Dx9EAAA= ReplaceMask Skip 0 Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= MaxKernel 20.99.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomSMBIOSGuid DisableIoMapper DisableLinkeditJettison DisableRtcChecksum DummyPowerManagement ExternalDiskIcons IncreasePciBarSize LapicKernelPanic PanicNoKextDump PowerTimeoutKernelPanic ThirdPartyDrives XhciPortLimit Scheme FuzzyMatch KernelArch x86_64 KernelCache Auto Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HideAuxiliary PickerAttributes 1 PickerAudioAssist PickerMode External PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout 0 Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 SerialInit SysReport Target 3 Entries Security AllowNvramReset AllowSetDefault ApECID 0 AuthRestart BootProtect None DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 0 SecureBootModel Disabled Vault Optional Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Name UEFI Shell Path OpenShell.efi Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Name Shutdown Path ResetSystem.efi NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== UIScale AQ== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 SystemAudioVolume Rg== boot-args -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} run-efi-updater No csr-active-config ZwAAAA== prev-lang:kbd ZW4tVVM6MA== Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 UIScale DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args LegacyEnable LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name nvda_drv prev-lang:kbd 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic Generic AdviseWindows MLB {{BOARD_SERIAL_OLD}} ROM {{ROM}} SpoofVendor SystemProductName {{DEVICE_MODEL}} SystemSerialNumber {{SERIAL_OLD}} SystemUUID {{SYSTEM_UUID_OLD}} UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate 0 MinVersion 0 Audio AudioCodec 0 AudioDevice PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) AudioOut 0 AudioSupport MinimumVolume 20 PlayChime VolumeAmplifier 0 ConnectDrivers Drivers VBoxHfs.efi OpenRuntime.efi OpenCanopy.efi #AudioDxe.efi #OpenUsbKbDxe.efi #UsbMouseDxe.efi #Ps2KeyboardDxe.efi #Ps2MouseDxe.efi #HiiDatabase.efi #NvmExpressDxe.efi #XhciDxe.efi #ExFatDxe.efi #PartitionDxe.efi #CrScreenshotDxe.efi Input KeyFiltering KeyForgetThreshold 5 KeyMergeThreshold 2 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleMode DirectGopRendering IgnoreTextInGraphics ProvideConsoleGop ReconnectOnResChange ReplaceTabWithSpace Resolution 1920x1080@32 SanitiseClearScreen TextRenderer BuiltinGraphics UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEvent AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo UnicodeCollation Quirks ExitBootServicesDelay 0 IgnoreInvalidFlexRatio ReleaseUsbOwnership RequestBootVarRouting TscSyncTimeout 0 UnblockFsConnect ConnectDrivers ================================================ FILE: custom/config-nopicker-custom.plist ================================================ ACPI Add Comment My custom DSDT Enabled Path DSDT.aml Comment My custom SSDT Enabled Path SSDT-1.aml Comment Read the comment in dsl sample Enabled Path SSDT-ALS0.aml Comment Read the comment in dsl sample Enabled Path SSDT-AWAC-DISABLE.aml Comment Read the comment in dsl sample Enabled Path SSDT-BRG0.aml Comment Read the comment in dsl sample Enabled Path SSDT-EC-USBX.aml Comment Fake EC and USBX Power Enabled Path SSDT-EC.aml Comment Read the comment in dsl sample Enabled Path SSDT-EHCx-DISABLE.aml Comment Read the comment in dsl sample Enabled Path SSDT-IMEI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Comment Read the comment in dsl sample Enabled Path SSDT-PMC.aml Comment Read the comment in dsl sample Enabled Path SSDT-PNLF.aml Comment Read the comment in dsl sample Enabled Path SSDT-PNLFCFL.aml Comment Read the comment in dsl sample Enabled Path SSDT-RTC0-RANGE.aml Comment Read the comment in dsl sample Enabled Path SSDT-RTC0.aml Comment Read the comment in dsl sample Enabled Path SSDT-SBUS-MCHC.aml Comment Read the comment in dsl sample Enabled Path SSDT-UNC.aml Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Base BaseSkip 0 Comment Replace one byte sequence with another Count 0 Enabled Find ESIzRA== Limit 0 Mask OemTableId Replace RDMiEQ== ReplaceMask Skip 0 TableLength 0 TableSignature Base \_SB.PCI0.LPCB.HPET BaseSkip 0 Comment HPET _CRS to XCRS Count 1 Enabled Find X0NSUw== Limit 0 Mask OemTableId Replace WENSUw== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus SyncTableIds Booter MmioWhitelist Quirks AllowRelocationBlock AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector ForceBooterSignature ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete Kernel Add Arch Any BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch Any BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 10.0.0 PlistPath Contents/Info.plist Arch Any BundlePath AppleALC.kext Comment Audio patches Enabled ExecutablePath Contents/MacOS/AppleALC MaxKernel MinKernel 8.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath IntelMausi.kext Comment Intel Ethernet LAN Enabled ExecutablePath Contents/MacOS/IntelMausi MaxKernel MinKernel 13.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath Legacy_USB3.kext Comment XHC ports configuration Enabled ExecutablePath MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Controller MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Keyboard.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Keyboard MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Mouse.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Mouse MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Trackpad.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooPS2Trackpad MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VoodooPS2Controller.kext/Contents/PlugIns/VoodooInput.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooInput MaxKernel MinKernel 15.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Emulate Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== DummyPowerManagement MaxKernel MinKernel Force Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Enabled ExecutablePath Contents/MacOS/IONetworkingFamily Identifier com.apple.iokit.IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist Patch Arch x86_64 Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= MaxKernel 20.3.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 Arch x86_64 Base Comment algrey - thenickdude - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN (Big Sur 11.3 and newer) Count 1 Enabled Find MdKzAYA9AAAAAAZ1 Identifier kernel Limit 0 Mask ////////AAAAAP// MaxKernel 21.99.99 MinKernel 20.4.0 Replace urxP6nizAJCQkJDr ReplaceMask Skip 0 Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomSMBIOSGuid DisableIoMapper DisableLinkeditJettison DisableRtcChecksum ExtendBTFeatureFlags ExternalDiskIcons ForceSecureBootScheme IncreasePciBarSize LapicKernelPanic LegacyCommpage PanicNoKextDump PowerTimeoutKernelPanic ProvideCurrentCpuInfo SetApfsTrimTimeout -1 ThirdPartyDrives XhciPortLimit Scheme CustomKernel FuzzyMatch KernelArch Auto KernelCache Auto Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HideAuxiliary LauncherOption Disabled LauncherPath Default PickerAttributes 17 PickerAudioAssist PickerMode External PickerVariant Auto PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout 45 Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 SerialInit SysReport Target 3 Entries Security AllowNvramReset AllowSetDefault AllowToggleSip ApECID 0 AuthRestart BlacklistAppleUpdate DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 0 SecureBootModel Disabled Vault Optional Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Flavour OpenShell:UEFIShell:Shell Name UEFI Shell Path OpenShell.efi RealPath TextMode Arguments Auxiliary Comment Memory testing utility Enabled Flavour MemTest Name memtest86 Path memtest86/BOOTX64.efi RealPath TextMode Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Flavour Auto Name Shutdown Path ResetSystem.efi RealPath TextMode NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== UIScale AQ== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 ForceDisplayRotationInEFI 0 SystemAudioVolume Rg== boot-args -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} run-efi-updater No csr-active-config ZwAAAA== prev-lang:kbd ZW4tVVM6MA== run-efi-updater No Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 UIScale DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args ForceDisplayRotationInEFI LegacyEnable LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name fmm-mobileme-token-FMM fmm-mobileme-token-FMM-BridgeHasAccount nvda_drv prev-lang:kbd 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic CustomMemory Generic AdviseFeatures MaxBIOSVersion MLB {{BOARD_SERIAL}} ProcessorType 0 ROM {{ROM}} SpoofVendor SystemMemoryStatus Auto SystemProductName {{DEVICE_MODEL}} SystemSerialNumber {{SERIAL}} SystemUUID {{UUID}} UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UseRawUuidEncoding UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate -1 MinVersion -1 AppleInput AppleEvent Builtin CustomDelays GraphicsInputMirroring KeyInitialDelay 50 KeySubsequentDelay 5 PointerSpeedDiv 1 PointerSpeedMul 1 Audio AudioCodec 0 AudioDevice PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) AudioOut 0 AudioSupport MinimumVolume 20 PlayChime Auto ResetTrafficClass SetupDelay 0 VolumeAmplifier 0 ConnectDrivers Drivers Arguments Comment HFS+ Driver Enabled Path OpenHfsPlus.efi Arguments Comment Enabled Path OpenRuntime.efi Arguments Comment Enabled Path OpenCanopy.efi Arguments Comment Enabled Path AudioDxe.efi Arguments Comment Enabled Path OpenPartitionDxe.efi Arguments Comment Enabled Path OpenUsbKbDxe.efi Arguments Comment Enabled Path UsbMouseDxe.efi Arguments Comment Enabled Path Ps2KeyboardDxe.efi Arguments Comment Enabled Path Ps2MouseDxe.efi Arguments Comment Enabled Path HiiDatabase.efi Arguments Comment Enabled Path NvmExpressDxe.efi Arguments Comment Enabled Path XhciDxe.efi Arguments Comment Enabled Path ExFatDxe.efi Arguments Comment Enabled Path CrScreenshotDxe.efi Arguments Comment Enabled Path ext4_x64.efi Arguments Comment Enabled Path OpenLinuxBoot.efi Input KeyFiltering KeyForgetThreshold 5 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleMode DirectGopRendering ForceResolution GopPassThrough Disabled IgnoreTextInGraphics ProvideConsoleGop ReconnectOnResChange ReplaceTabWithSpace Resolution {{WIDTH}}x{{HEIGHT}}@32 SanitiseClearScreen TextRenderer BuiltinGraphics UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEg2Info AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo UnicodeCollation Quirks ActivateHpetSupport DisableSecurityPolicy EnableVectorAcceleration ExitBootServicesDelay 0 ForceOcWriteFlash ForgeUefiSupport IgnoreInvalidFlexRatio ReleaseUsbOwnership ReloadOptionRoms RequestBootVarRouting TscSyncTimeout 0 UnblockFsConnect ================================================ FILE: custom/config-nopicker-legacy.plist ================================================ ACPI Add Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment Fake EC and USBX Power Enabled Path SSDT-EC.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Comment _Q11 to XQ11 Count 1 Enabled Find X1ExMQ== Limit 0 Mask OemTableId Replace WFExMQ== ReplaceMask Skip 0 TableLength 0 TableSignature Comment _Q12 to XQ12 Count 1 Enabled Find X1ExMg== Limit 0 Mask OemTableId Replace WFExMg== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus Booter MmioWhitelist Quirks AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete PciRoot(0x0)/Pci(0x1b,0x0) MaximumBootBeepVolume Kernel Add Arch Any BundlePath VoodooHDA.kext Comment Enabled ExecutablePath Contents/MacOS/VoodooHDA MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Emulate Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== Force Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Patch engine Enabled Identifier com.apple.iokit.IONetworkingFamily ExecutablePath Contents/MacOS/IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist Patch Base _cpu_topology_sort Comment algrey - cpu_topology_sort -disable _x86_validate_topology Count 1 Enabled Find 6AAA//8= Identifier kernel Limit 0 Mask /wAA//8= MaxKernel 20.99.99 MinKernel 17.0.0 Replace Dx9EAAA= ReplaceMask Skip 0 Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= MaxKernel 20.99.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomSMBIOSGuid DisableIoMapper DisableLinkeditJettison DisableRtcChecksum DummyPowerManagement ExternalDiskIcons IncreasePciBarSize LapicKernelPanic PanicNoKextDump PowerTimeoutKernelPanic ThirdPartyDrives XhciPortLimit Scheme FuzzyMatch KernelArch x86_64 KernelCache Auto Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HideAuxiliary PickerAttributes 1 PickerAudioAssist PickerMode External PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout 0 Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 SerialInit SysReport Target 3 Entries Security AllowNvramReset AllowSetDefault ApECID 0 AuthRestart BootProtect None DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 0 SecureBootModel Disabled Vault Optional Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Name UEFI Shell Path OpenShell.efi Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Name Shutdown Path ResetSystem.efi NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== UIScale AQ== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 SystemAudioVolume Rg== boot-args -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} run-efi-updater No csr-active-config ZwAAAA== prev-lang:kbd ZW4tVVM6MA== Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 UIScale DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args LegacyEnable LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name nvda_drv prev-lang:kbd 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic Generic AdviseWindows MLB {{BOARD_SERIAL_OLD}} ROM {{ROM}} SpoofVendor SystemProductName {{DEVICE_MODEL}} SystemSerialNumber {{SERIAL_OLD}} SystemUUID {{SYSTEM_UUID_OLD}} UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate 0 MinVersion 0 Audio AudioCodec 0 AudioDevice PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) AudioOut 0 AudioSupport MinimumVolume 20 PlayChime VolumeAmplifier 0 ConnectDrivers Drivers VBoxHfs.efi OpenRuntime.efi OpenCanopy.efi #AudioDxe.efi #OpenUsbKbDxe.efi #UsbMouseDxe.efi #Ps2KeyboardDxe.efi #Ps2MouseDxe.efi #HiiDatabase.efi #NvmExpressDxe.efi #XhciDxe.efi #ExFatDxe.efi #PartitionDxe.efi #CrScreenshotDxe.efi Input KeyFiltering KeyForgetThreshold 5 KeyMergeThreshold 2 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleMode DirectGopRendering IgnoreTextInGraphics ProvideConsoleGop ReconnectOnResChange ReplaceTabWithSpace Resolution 1920x1080@32 SanitiseClearScreen TextRenderer BuiltinGraphics UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEvent AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo UnicodeCollation Quirks ExitBootServicesDelay 0 IgnoreInvalidFlexRatio ReleaseUsbOwnership RequestBootVarRouting TscSyncTimeout 0 UnblockFsConnect ConnectDrivers ================================================ FILE: custom/generate-specific-bootdisk.sh ================================================ #!/bin/bash # ___ _____ __ ___ _ _ ___ _ # / _ \/ __\ \/ / / __| ___ _ _(_)__ _| | / __|___ _ _ ___ _ _ __ _| |_ ___ _ _ # | (_) \__ \> < \__ \/ -_) '_| / _` | | | (_ / -_) ' \/ -_) '_/ _` | _/ _ \ '_| # \___/|___/_/\_\ |___/\___|_| |_\__,_|_| \___\___|_||_\___|_| \__,_|\__\___/_| # # Repo: https://github.com/sickcodes/osx-serial-generator/ # Title: OSX Serial Generator # Author: Sick.Codes https://sick.codes/ # Version: 3.1 # License: GPLv3+ set -e help_text="Usage: ./generate-specific-bootdisk.sh Required options: --model Device model, e.g. 'iMacPro1,1' --serial Device Serial number --board-serial Main Logic Board Serial number (MLB) --uuid SMBIOS UUID (SmUUID) --mac-address Used for both the MAC address and to set ROM ROM is lowercased sans any colons Optional options: --width Resolution x axis length in px, default 1920 --height Resolution y axis length in px, default 1080 --kernel-args Additional boot-args --input-plist-url Specify an alternative master plist, via URL --master-plist-url Same as above. --custom-plist Optionally change the input plist. --master-plist Same as above. --output-bootdisk Optionally change the bootdisk filename --output-plist Optionally change the output plist filename --help, -h, help Display this help and exit Placeholders: {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, {{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}} Example: ./generate-specific-bootdisk.sh \\ --model iMacPro1,1 \\ --serial C02TW0WAHX87 \\ --board-serial C027251024NJG36UE \\ --uuid 5CCB366D-9118-4C61-A00A-E5BAF3BED451 \\ --mac-address A8:5C:2C:9A:46:2F \\ --output-bootdisk ./OpenCore-nopicker.qcow2 \\ --width 1920 \\ --height 1080 Author: Sick.Codes https://sick.codes/ Project: https://github.com/sickcodes/osx-serial-generator/ License: GPLv3+ " OPENCORE_IMAGE_MAKER_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/opencore-image-ng.sh' MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' # gather arguments while (( "$#" )); do case "${1}" in --help | -h | h | help ) echo "${help_text}" && exit 0 ;; --model=* | -m=* ) export DEVICE_MODEL="${1#*=}" shift ;; --model* | -m* ) export DEVICE_MODEL="${2}" shift shift ;; --serial=* ) export SERIAL="${1#*=}" shift ;; --serial* ) export SERIAL="${2}" shift shift ;; --board-serial=* ) export BOARD_SERIAL="${1#*=}" shift ;; --board-serial* ) export BOARD_SERIAL="${2}" shift shift ;; --uuid=* ) export UUID="${1#*=}" shift ;; --uuid* ) export UUID="${2}" shift shift ;; --mac-address=* ) export MAC_ADDRESS="${1#*=}" shift ;; --mac-address* ) export MAC_ADDRESS="${2}" shift shift ;; --width=* ) export WIDTH="${1#*=}" shift ;; --width* ) export WIDTH="${2}" shift shift ;; --height=* ) export HEIGHT="${1#*=}" shift ;; --height* ) export HEIGHT="${2}" shift shift ;; --output-bootdisk=* ) export OUTPUT_QCOW="${1#*=}" shift ;; --output-bootdisk* ) export OUTPUT_QCOW="${2}" shift shift ;; --output-plist=* ) export OUTPUT_PLIST="${1#*=}" shift ;; --output-plist* ) export OUTPUT_PLIST="${2}" shift shift ;; --master-plist-url=* | --input-plist-url=* | --custom-plist-url=* ) export MASTER_PLIST_URL="${1#*=}" shift ;; --master-plist-url* | --input-plist-url* | --custom-plist-url* ) export MASTER_PLIST_URL="${2}" shift shift ;; --master-plist=* | --input-plist=* | --custom-plist=* ) export MASTER_PLIST="${1#*=}" shift ;; --master-plist* | --input-plist* | --custom-plist* ) export MASTER_PLIST="${2}" shift shift ;; *) echo "Invalid option ${1}. Running with default values..." shift ;; esac done download_qcow_efi_folder () { export EFI_FOLDER=./OpenCore/EFI export RESOURCES_FOLDER=./resources/OcBinaryData/Resources # check if we are inside OSX-KVM already # if not, download OSX-KVM locally [ -d ./OpenCore/EFI/ ] || { [ -d ./OSX-KVM/ ] || git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git export EFI_FOLDER="./OSX-KVM/${EFI_FOLDER}" } [ -d ./resources/OcBinaryData/Resources/ ] || { export RESOURCES_FOLDER="./OSX-KVM/${RESOURCES_FOLDER}" } # EFI Shell commands touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh cp -a "${EFI_FOLDER}" . mkdir -p ./EFI/OC/Resources # copy Apple drivers into EFI/OC/Resources cp -a "${RESOURCES_FOLDER}"/* ./EFI/OC/Resources } generate_bootdisk () { # need a config.plist if [ "${MASTER_PLIST}" ]; then [ -e "${MASTER_PLIST}" ] || echo "Could not find: ${MASTER_PLIST}" elif [ "${MASTER_PLIST}" ] && [ "${MASTER_PLIST_URL}" ]; then echo 'You specified both a custom plist FILE & custom plist URL.' echo 'Use only one of those options.' elif [ "${MASTER_PLIST_URL}" ]; then wget -O "${MASTER_PLIST:=./config-custom.plist}" "${MASTER_PLIST_URL}" else # default is config-nopicker-custom.plist from OSX-KVM with placeholders used in Docker-OSX wget -O "${MASTER_PLIST:=./config-nopicker-custom.plist}" "${MASTER_PLIST_URL}" fi [ -e ./opencore-image-ng.sh ] \ || { wget "${OPENCORE_IMAGE_MAKER_URL}" \ && chmod +x opencore-image-ng.sh ; } # plist required for bootdisks, so create anyway. if [ "${DEVICE_MODEL}" ] \ && [ "${SERIAL}" ] \ && [ "${BOARD_SERIAL}" ] \ && [ "${UUID}" ] \ && [ "${MAC_ADDRESS}" ]; then ROM="${MAC_ADDRESS//\:/}" ROM="${ROM,,}" sed -e s/\{\{DEVICE_MODEL\}\}/"${DEVICE_MODEL}"/g \ -e s/\{\{SERIAL\}\}/"${SERIAL}"/g \ -e s/\{\{BOARD_SERIAL\}\}/"${BOARD_SERIAL}"/g \ -e s/\{\{UUID\}\}/"${UUID}"/g \ -e s/\{\{ROM\}\}/"${ROM}"/g \ -e s/\{\{WIDTH\}\}/"${WIDTH:-1920}"/g \ -e s/\{\{HEIGHT\}\}/"${HEIGHT:-1080}"/g \ -e s/\{\{KERNEL_ARGS\}\}/"${KERNEL_ARGS:-}"/g \ "${MASTER_PLIST}" > ./tmp.config.plist || exit 1 else cat < < \__ \/ -_) '_| / _` | | | (_ / -_) ' \/ -_) '_/ _` | _/ _ \ '_| # \___/|___/_/\_\ |___/\___|_| |_\__,_|_| \___\___|_||_\___|_| \__,_|\__\___/_| # # Repo: https://github.com/sickcodes/osx-serial-generator/ # Title: OSX Serial Generator # Author: Sick.Codes https://sick.codes/ # Version: 3.1 # License: GPLv3+ set -e help_text="Usage: ./generate-unique-machine-values.sh General options: --count, -n, -c Number of serials to generate --model, -m Device model, e.g. 'iMacPro1,1' --csv Optionally change the CSV output filename --tsv Optionally change the TSV output filename --output-dir Optionally change the script output location --width Resolution x axis length in px, default 1920 --height Resolution y axis length in px, default 1080 --kernel-args Additional boot-args --input-plist-url Specify an alternative master plist, via URL --master-plist-url Same as above. --custom-plist Optionally change the input plist. --master-plist Same as above. --output-bootdisk Optionally change the bootdisk filename --create-envs, --envs Create all corresponding sourcable envs --create-plists, --plists Create all corresponding config.plists --create-bootdisks, --bootdisks Create all corresponding bootdisks [SLOW] --help, -h, help Display this help and exit Additional options only if you are creating ONE serial set: --output-bootdisk Optionally change the bootdisk filename --output-env Optionally change the serials env filename Custom plist placeholders: {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, {{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}}, {{KERNEL_ARGS}} Example: ./generate-unique-machine-values.sh --count 1 --plists --bootdisks --envs Defaults: - One serial, for 'iMacPro1,1', in the current working directory - CSV and TSV output - plists in ./plists/ & bootdisks in ./bootdisks/ & envs in ./envs - if you set --bootdisk name, --bootdisks is assumed - if you set --custom-plist, --plists is assumed - if you set --output-env, --envs is assumed Author: Sick.Codes https://sick.codes/ Project: https://github.com/sickcodes/osx-serial-generator/ License: GPLv3+ " OPENCORE_IMAGE_MAKER_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/opencore-image-ng.sh' MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' # gather arguments while (( "$#" )); do case "${1}" in --help | -h | h | help ) echo "${help_text}" && exit 0 ;; --count=* | -c=* | -n=* ) export SERIAL_SET_COUNT="${1#*=}" shift ;; --count* | -c* | -n* ) export SERIAL_SET_COUNT="${2}" shift shift ;; --csv=* ) export CSV_OUTPUT_FILENAME="${1#*=}" shift ;; --csv* ) export CSV_OUTPUT_FILENAME="${2}" shift shift ;; --tsv=* ) export TSV_OUTPUT_FILENAME="${1#*=}" shift ;; --tsv* ) export TSV_OUTPUT_FILENAME="${2}" shift shift ;; --output-dir=* ) export OUTPUT_DIRECTORY="${1#*=}" shift ;; --output-dir* ) export OUTPUT_DIRECTORY="${2}" shift shift ;; --output-bootdisk=* ) export OUTPUT_BOOTDISK="${1#*=}" shift ;; --output-bootdisk* ) export OUTPUT_BOOTDISK="${2}" shift shift ;; --output-env=* ) export OUTPUT_ENV="${1#*=}" shift ;; --output-env* ) export OUTPUT_ENV="${2}" shift shift ;; --model=* | -m=* ) export DEVICE_MODEL="${1#*=}" shift ;; --model* | -m* ) export DEVICE_MODEL="${2}" shift shift ;; --width=* ) export WIDTH="${1#*=}" shift ;; --width* ) export WIDTH="${2}" shift shift ;; --height=* ) export HEIGHT="${1#*=}" shift ;; --height* ) export HEIGHT="${2}" shift shift ;; --master-plist-url=* | --input-plist-url=* | --custom-plist-url=* ) export MASTER_PLIST_URL="${1#*=}" shift ;; --master-plist-url* | --input-plist-url* | --custom-plist-url* ) export MASTER_PLIST_URL="${2}" shift shift ;; --master-plist=* | --input-plist=* | --custom-plist=* ) export MASTER_PLIST="${1#*=}" shift ;; --master-plist* | --input-plist* | --custom-plist* ) export MASTER_PLIST="${2}" shift shift ;; --create-plists | --plists ) export CREATE_PLISTS=1 shift ;; --create-bootdisks | --bootdisks ) export CREATE_BOOTDISKS=1 shift ;; --create-envs | --envs ) export CREATE_ENVS=1 shift ;; *) echo "Invalid option. Running with default values..." shift ;; esac done build_mac_serial () { [ -d ./OpenCorePkg ] || git clone --depth 1 https://github.com/acidanthera/OpenCorePkg.git make -C ./OpenCorePkg/Utilities/macserial/ mv ./OpenCorePkg/Utilities/macserial/macserial . chmod +x ./macserial stat ./macserial } download_vendor_mac_addresses () { # download the MAC Address vendor list [ -e "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" ] || wget -O "${MAC_ADDRESSES_FILE}" https://gitlab.com/wireshark/wireshark/-/raw/master/manuf } download_qcow_efi_folder () { export EFI_FOLDER=./OpenCore/EFI export RESOURCES_FOLDER=./resources/OcBinaryData/Resources # check if we are inside OSX-KVM already # if not, download OSX-KVM locally [ -d ./OpenCore/EFI/ ] || { [ -d ./OSX-KVM/ ] || git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git export EFI_FOLDER="./OSX-KVM/${EFI_FOLDER}" } [ -d ./resources/OcBinaryData/Resources/ ] || { export RESOURCES_FOLDER="./OSX-KVM/${RESOURCES_FOLDER}" } # EFI Shell commands touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh cp -a "${EFI_FOLDER}" . mkdir -p ./EFI/OC/Resources # copy Apple drivers into EFI/OC/Resources cp -a "${RESOURCES_FOLDER}"/* ./EFI/OC/Resources } generate_serial_sets () { if [ "${CSV_OUTPUT_FILENAME}" ]; then [ "${CSV_OUTPUT_FILENAME}" ] && export CSV_SERIAL_SETS_FILE="${CSV_OUTPUT_FILENAME}" else export CSV_SERIAL_SETS_FILE="${OUTPUT_DIRECTORY}/serial_sets-${DATE_NOW}.csv" fi if [ "${TSV_OUTPUT_FILENAME}" ]; then [ "${TSV_OUTPUT_FILENAME}" ] && export TSV_SERIAL_SETS_FILE="${TSV_OUTPUT_FILENAME}" else export TSV_SERIAL_SETS_FILE="${OUTPUT_DIRECTORY}/serial_sets-${DATE_NOW}.tsv" fi ./macserial \ --num "${SERIAL_SET_COUNT}" \ --model "${DEVICE_MODEL}" \ | while IFS='\ \|\ ' read -r SERIAL BOARD_SERIAL; do # make a uuid... UUID="$(uuidgen)" # bash 3-5 compatible # UUID="${UUID^^}" UUID="$(tr '[:lower:]' '[:upper:]' <<< "${UUID}")" # get a random vendor specific MAC address. RANDOM_MAC_PREFIX="$(grep -e "${VENDOR_REGEX}" < "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" | sort --random-sort | head -n1)" RANDOM_MAC_PREFIX="$(cut -d$'\t' -f1 <<< "${RANDOM_MAC_PREFIX}")" MAC_ADDRESS="$(printf "${RANDOM_MAC_PREFIX}:%02X:%02X:%02X" "$((RANDOM%256))" "$((RANDOM%256))" "$((RANDOM%256))")" [ -z "${WIDTH}" ] && WIDTH=1920 [ -z "${HEIGHT}" ] && HEIGHT=1080 # append to csv file tee -a "${CSV_SERIAL_SETS_FILE}" < "${OUTPUT_ENV_FILE}" export DEVICE_MODEL="${DEVICE_MODEL}" export SERIAL="${SERIAL}" export BOARD_SERIAL="${BOARD_SERIAL}" export UUID="${UUID}" export MAC_ADDRESS="${MAC_ADDRESS}" export WIDTH="${WIDTH}" export HEIGHT="${HEIGHT}" EOF fi # plist required for bootdisks, so create anyway. if [ "${CREATE_PLISTS}" ] || [ "${CREATE_BOOTDISKS}" ]; then # need a config.plist if [ "${MASTER_PLIST}" ]; then [ -e "${MASTER_PLIST}" ] || echo "Could not find: ${MASTER_PLIST}" elif [ "${MASTER_PLIST}" ] && [ "${MASTER_PLIST_URL}" ]; then echo 'You specified both a custom plist FILE & custom plist URL.' echo 'Use only one of those options.' elif [ "${MASTER_PLIST_URL}" ]; then wget -O "${MASTER_PLIST:=./config-custom.plist}" "${MASTER_PLIST_URL}" else # default is config-nopicker-custom.plist from OSX-KVM with placeholders used in Docker-OSX wget -O "${MASTER_PLIST:=./config-nopicker-custom.plist}" "${MASTER_PLIST_URL}" fi mkdir -p "${OUTPUT_DIRECTORY}/plists" source "${OUTPUT_ENV_FILE}" ROM="${MAC_ADDRESS//\:/}" ROM="${ROM,,}" sed -e s/\{\{DEVICE_MODEL\}\}/"${DEVICE_MODEL}"/g \ -e s/\{\{SERIAL\}\}/"${SERIAL}"/g \ -e s/\{\{BOARD_SERIAL\}\}/"${BOARD_SERIAL}"/g \ -e s/\{\{UUID\}\}/"${UUID}"/g \ -e s/\{\{ROM\}\}/"${ROM}"/g \ -e s/\{\{WIDTH\}\}/"${WIDTH}"/g \ -e s/\{\{HEIGHT\}\}/"${HEIGHT}"/g \ -e s/\{\{KERNEL_ARGS\}\}/"${KERNEL_ARGS:-}"/g \ "${MASTER_PLIST}" > "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" || exit 1 fi # make bootdisk qcow2 format if --bootdisks, but also if you set the bootdisk filename if [ "${CREATE_BOOTDISKS}" ] || [ "${OUTPUT_BOOTDISK}" ]; then [ -e ./opencore-image-ng.sh ] \ || { wget "${OPENCORE_IMAGE_MAKER_URL}" \ && chmod +x opencore-image-ng.sh ; } mkdir -p "${OUTPUT_DIRECTORY}/bootdisks" ./opencore-image-ng.sh \ --cfg "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" \ --img "${OUTPUT_BOOTDISK:-${OUTPUT_DIRECTORY}/bootdisks/${SERIAL}.OpenCore-nopicker.qcow2}" || exit 1 fi done [ -e "${CSV_SERIAL_SETS_FILE}" ] && \ cat <(echo "DEVICE_MODEL,SERIAL,BOARD_SERIAL,UUID,MAC_ADDRESS,WIDTH,HEIGHT,KERNEL_ARGS") "${CSV_SERIAL_SETS_FILE}" [ -e "${TSV_SERIAL_SETS_FILE}" ] && \ cat <(printf "DEVICE_MODEL\tSERIAL\tBOARD_SERIAL\tUUID\tMAC_ADDRESS\tWIDTH\tHEIGHT\tKERNEL_ARGS\n") "${TSV_SERIAL_SETS_FILE}" } main () { # setting default variables if there are no options export DATE_NOW="$(date +%F-%T)" export DEVICE_MODEL="${DEVICE_MODEL:=iMacPro1,1}" export VENDOR_REGEX="${VENDOR_REGEX:=Apple, Inc.}" export SERIAL_SET_COUNT="${SERIAL_SET_COUNT:=1}" export OUTPUT_DIRECTORY="${OUTPUT_DIRECTORY:=.}" cat </dev/null 2>&1 || true fi sudo rm -rf "$WORK" } WORK="${TMPDIR-/var/tmp}/${0##*/}-$$" mkdir "$WORK" || exit 1 trap 'do_cleanup' EXIT BASE="$(dirname $0)" ###################################################################### # parse args function print_help() { cat < --img --cfg EOF } while test "$1" != ""; do case "$1" in --iso) iso="$2" shift; shift ;; --img) img="$2" shift; shift ;; --cfg) cfg="$2" shift; shift ;; esac done ###################################################################### # guestfish script helpers function fish() { echo "#" "$@" guestfish --remote -- "$@" || exit 1 } function fish_init() { local format case "$img" in *.raw) format="raw" ;; *) format="qcow2";; esac msg "creating and adding disk image" fish disk-create $img $format 384M fish add $img fish run } function fish_fini() { fish umount-all } # disabled by @sickcodes to allow unattended image overwrites ###################################################################### # sanity checks # if test ! -f "$cfg"; then # echo "ERROR: cfg not found: $cfg" # exit 1 # fi # if test -f "$img"; then # if test "$allow_override" = "yes"; then # rm -f "$img" # else # echo "ERROR: image exists: $img" # exit 1 # fi # fi ###################################################################### # go! msg "copy files from local folder" BASE="$(dirname $0)" cp -a $BASE/EFI $WORK find "$WORK" #msg "[debug] list drivers in EFI/OC" #(cd $WORK/EFI/OC; find driver* -print) export LIBGUESTFS_BACKEND=direct eval $(guestfish --listen) if test "$GUESTFISH_PID" = ""; then echo "ERROR: starting guestfish failed" exit 1 fi fish_init msg "partition disk image" fish part-init /dev/sda gpt fish part-add /dev/sda p 2048 300000 fish part-add /dev/sda p 302048 -2048 fish part-set-gpt-type /dev/sda 1 C12A7328-F81F-11D2-BA4B-00A0C93EC93B fish part-set-bootable /dev/sda 1 true fish mkfs vfat /dev/sda1 label:EFI fish mkfs vfat /dev/sda2 label:OpenCore fish mount /dev/sda2 / fish mkdir /ESP fish mount /dev/sda1 /ESP msg "copy files to disk image" cp -v "$cfg" $WORK/config.plist fish mkdir /ESP/EFI fish mkdir /ESP/EFI/OC fish mkdir /ESP/EFI/OC/Kexts fish mkdir /ESP/EFI/OC/ACPI fish mkdir /ESP/EFI/OC/Resources fish mkdir /ESP/EFI/OC/Tools fish copy-in $WORK/EFI/BOOT /ESP/EFI fish copy-in $WORK/EFI/OC/OpenCore.efi /ESP/EFI/OC fish copy-in $WORK/EFI/OC/Drivers /ESP/EFI/OC/ fish copy-in $WORK/EFI/OC/Kexts /ESP/EFI/OC/ fish copy-in $WORK/EFI/OC/ACPI /ESP/EFI/OC/ fish copy-in $BASE/resources/OcBinaryData/Resources /ESP/EFI/OC/ fish copy-in $WORK/EFI/OC/Tools /ESP/EFI/OC/ # Note fish copy-in startup.nsh / BASE="$(dirname $0)" fish copy-in "$WORK/config.plist" /ESP/EFI/OC/ fish find /ESP/ fish_fini ================================================ FILE: docker-compose.yml ================================================ version: '3.4' services: osx: container_name: docker-osx build: context: . args: - SIZE=200G - VERSION=10.15.5 image: sickcodes/docker-osx privileged: true environment: - DISPLAY=${DISPLAY:-:0.0} network_mode: "host" cap_add: - ALL volumes: - /tmp/.X11-unix:/tmp/.X11-unix - /dev:/dev - /lib/modules:/lib/modules - docker-osx_data:/home volumes: docker-osx_data: name: docker-osx_data ================================================ FILE: fetch-macOS.py ================================================ #!/usr/bin/env python3 # encoding: utf-8 # # https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py # # Copyright 2017 Greg Neagle. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Thanks to Tim Sutton for ideas, suggestions, and sample code. # # Updated in May of 2019 by Dhiru Kholia. '''installinstallmacos.py A tool to download the parts for an Install macOS app from Apple's softwareupdate servers and install a functioning Install macOS app onto an empty disk image''' # https://github.com/foxlet/macOS-Simple-KVM/blob/master/tools/FetchMacOS/fetch-macos.py # is pretty similar. # Bad hack import warnings warnings.filterwarnings("ignore", category=DeprecationWarning) import os import gzip import argparse import plistlib import subprocess from xml.dom import minidom from xml.parsers.expat import ExpatError import sys if sys.version_info[0] < 3: import urlparse as urlstuff else: import urllib.parse as urlstuff # Quick fix for python 3.9 and above if sys.version_info[0] == 3 and sys.version_info[1] >= 9: from types import MethodType def readPlist(self,filepath): with open(filepath, 'rb') as f: p = plistlib._PlistParser(dict) rootObject = p.parse(f) return rootObject # adding the method readPlist() to plistlib plistlib.readPlist = MethodType(readPlist, plistlib) # https://github.com/foxlet/macOS-Simple-KVM/blob/master/tools/FetchMacOS/fetch-macos.py (unused) # https://github.com/munki/macadmin-scripts catalogs = { "CustomerSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16customerseed-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", "DeveloperSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16seed-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", "PublicSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16beta-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", "PublicRelease": "https://swscan.apple.com/content/catalogs/others/index-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", "20": "https://swscan.apple.com/content/catalogs/others/index-11-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog" } def get_default_catalog(): '''Returns the default softwareupdate catalog for the current OS''' return catalogs["20"] # return catalogs["PublicRelease"] # return catalogs["DeveloperSeed"] class ReplicationError(Exception): '''A custom error when replication fails''' pass def cmd_exists(cmd): return subprocess.Popen("type " + cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) def replicate_url(full_url, root_dir='/tmp', show_progress=False, ignore_cache=False, attempt_resume=False, installer=False, product_title=""): '''Downloads a URL and stores it in the same relative path on our filesystem. Returns a path to the replicated file.''' # hack print("[+] Fetching %s" % full_url) if installer and "BaseSystem.dmg" not in full_url and "Big Sur" not in product_title: return if "Big Sur" in product_title and "InstallAssistant.pkg" not in full_url: return attempt_resume = True # path = urllib.parse.urlsplit(full_url)[2] path = urlstuff.urlsplit(full_url)[2] relative_url = path.lstrip('/') relative_url = os.path.normpath(relative_url) # local_file_path = os.path.join(root_dir, relative_url) local_file_path = relative_url # print("Downloading %s..." % full_url) if cmd_exists('wget'): if not installer: download_cmd = ['wget', "-c", "--quiet", "-x", "-nH", full_url] # this doesn't work as there are multiple metadata files with the same name! # download_cmd = ['wget', "-c", "--quiet", full_url] else: download_cmd = ['wget', "-c", full_url] else: if not installer: download_cmd = ['curl', "--silent", "--show-error", "-o", local_file_path, "--create-dirs", full_url] else: local_file_path = os.path.basename(local_file_path) download_cmd = ['curl', "-o", local_file_path, full_url] try: subprocess.check_call(download_cmd) except subprocess.CalledProcessError as err: raise ReplicationError(err) return local_file_path def parse_server_metadata(filename): '''Parses a softwareupdate server metadata file, looking for information of interest. Returns a dictionary containing title, version, and description.''' title = '' vers = '' try: md_plist = plistlib.readPlist(filename) except (OSError, IOError, ExpatError) as err: print('Error reading %s: %s' % (filename, err), file=sys.stderr) return {} vers = md_plist.get('CFBundleShortVersionString', '') localization = md_plist.get('localization', {}) preferred_localization = (localization.get('English') or localization.get('en')) if preferred_localization: title = preferred_localization.get('title', '') metadata = {} metadata['title'] = title metadata['version'] = vers """ {'title': 'macOS Mojave', 'version': '10.14.5'} {'title': 'macOS Mojave', 'version': '10.14.6'} """ return metadata def get_server_metadata(catalog, product_key, workdir, ignore_cache=False): '''Replicate ServerMetaData''' try: url = catalog['Products'][product_key]['ServerMetadataURL'] try: smd_path = replicate_url( url, root_dir=workdir, ignore_cache=ignore_cache) return smd_path except ReplicationError as err: print('Could not replicate %s: %s' % (url, err), file=sys.stderr) return None except KeyError: # print('Malformed catalog.', file=sys.stderr) return None def parse_dist(filename): '''Parses a softwareupdate dist file, returning a dict of info of interest''' dist_info = {} try: dom = minidom.parse(filename) except ExpatError: print('Invalid XML in %s' % filename, file=sys.stderr) return dist_info except IOError as err: print('Error reading %s: %s' % (filename, err), file=sys.stderr) return dist_info titles = dom.getElementsByTagName('title') if titles: dist_info['title_from_dist'] = titles[0].firstChild.wholeText auxinfos = dom.getElementsByTagName('auxinfo') if not auxinfos: return dist_info auxinfo = auxinfos[0] key = None value = None children = auxinfo.childNodes # handle the possibility that keys from auxinfo may be nested # within a 'dict' element dict_nodes = [n for n in auxinfo.childNodes if n.nodeType == n.ELEMENT_NODE and n.tagName == 'dict'] if dict_nodes: children = dict_nodes[0].childNodes for node in children: if node.nodeType == node.ELEMENT_NODE and node.tagName == 'key': key = node.firstChild.wholeText if node.nodeType == node.ELEMENT_NODE and node.tagName == 'string': value = node.firstChild.wholeText if key and value: dist_info[key] = value key = None value = None return dist_info def download_and_parse_sucatalog(sucatalog, workdir, ignore_cache=False): '''Downloads and returns a parsed softwareupdate catalog''' try: localcatalogpath = replicate_url( sucatalog, root_dir=workdir, ignore_cache=ignore_cache) except ReplicationError as err: print('Could not replicate %s: %s' % (sucatalog, err), file=sys.stderr) exit(-1) if os.path.splitext(localcatalogpath)[1] == '.gz': with gzip.open(localcatalogpath) as the_file: content = the_file.read() try: catalog = plistlib.readPlistFromString(content) return catalog except ExpatError as err: print('Error reading %s: %s' % (localcatalogpath, err), file=sys.stderr) exit(-1) else: try: catalog = plistlib.readPlist(localcatalogpath) return catalog except (OSError, IOError, ExpatError) as err: print('Error reading %s: %s' % (localcatalogpath, err), file=sys.stderr) exit(-1) def find_mac_os_installers(catalog): '''Return a list of product identifiers for what appear to be macOS installers''' mac_os_installer_products = [] if 'Products' in catalog: for product_key in catalog['Products'].keys(): product = catalog['Products'][product_key] try: if product['ExtendedMetaInfo'][ 'InstallAssistantPackageIdentifiers']: mac_os_installer_products.append(product_key) except KeyError: continue return mac_os_installer_products def os_installer_product_info(catalog, workdir, ignore_cache=False): '''Returns a dict of info about products that look like macOS installers''' product_info = {} installer_products = find_mac_os_installers(catalog) for product_key in installer_products: product_info[product_key] = {} filename = get_server_metadata(catalog, product_key, workdir) if filename: product_info[product_key] = parse_server_metadata(filename) else: # print('No server metadata for %s' % product_key) product_info[product_key]['title'] = None product_info[product_key]['version'] = None product = catalog['Products'][product_key] product_info[product_key]['PostDate'] = product['PostDate'] distributions = product['Distributions'] dist_url = distributions.get('English') or distributions.get('en') try: dist_path = replicate_url( dist_url, root_dir=workdir, ignore_cache=ignore_cache) except ReplicationError as err: print('Could not replicate %s: %s' % (dist_url, err), file=sys.stderr) else: dist_info = parse_dist(dist_path) product_info[product_key]['DistributionPath'] = dist_path product_info[product_key].update(dist_info) if not product_info[product_key]['title']: product_info[product_key]['title'] = dist_info.get('title_from_dist') if not product_info[product_key]['version']: product_info[product_key]['version'] = dist_info.get('VERSION') return product_info def replicate_product(catalog, product_id, workdir, ignore_cache=False, product_title=""): '''Downloads all the packages for a product''' product = catalog['Products'][product_id] for package in product.get('Packages', []): # TO-DO: Check 'Size' attribute and make sure # we have enough space on the target # filesystem before attempting to download if 'URL' in package: try: replicate_url( package['URL'], root_dir=workdir, show_progress=True, ignore_cache=ignore_cache, attempt_resume=(not ignore_cache), installer=True, product_title=product_title) except ReplicationError as err: print('Could not replicate %s: %s' % (package['URL'], err), file=sys.stderr) exit(-1) if 'MetadataURL' in package: try: replicate_url(package['MetadataURL'], root_dir=workdir, ignore_cache=ignore_cache, installer=True) except ReplicationError as err: print('Could not replicate %s: %s' % (package['MetadataURL'], err), file=sys.stderr) exit(-1) def find_installer_app(mountpoint): '''Returns the path to the Install macOS app on the mountpoint''' applications_dir = os.path.join(mountpoint, 'Applications') for item in os.listdir(applications_dir): if item.endswith('.app'): return os.path.join(applications_dir, item) return None def determine_version(version, product_info): if version: if version == 'latest': from distutils.version import StrictVersion latest_version = StrictVersion('0.0.0') for index, product_id in enumerate(product_info): d = product_info[product_id]['version'] if d > latest_version: latest_version = d if latest_version == StrictVersion("0.0.0"): print("Could not find latest version {}") exit(1) version = str(latest_version) for index, product_id in enumerate(product_info): v = product_info[product_id]['version'] if v == version: return product_id, product_info[product_id]['title'] print("Could not find version {}. Versions available are:".format(version)) for _, pid in enumerate(product_info): print("- {}".format(product_info[pid]['version'])) exit(1) # display a menu of choices (some seed catalogs have multiple installers) print('%2s %12s %10s %11s %s' % ('#', 'ProductID', 'Version', 'Post Date', 'Title')) for index, product_id in enumerate(product_info): print('%2s %12s %10s %11s %s' % ( index + 1, product_id, product_info[product_id]['version'], product_info[product_id]['PostDate'].strftime('%Y-%m-%d'), product_info[product_id]['title'] )) answer = input( '\nChoose a product to download (1-%s): ' % len(product_info)) try: index = int(answer) - 1 if index < 0: raise ValueError product_id = list(product_info.keys())[index] return product_id, product_info[product_id]['title'] except (ValueError, IndexError): pass print('Invalid input provided.') exit(0) def main(): '''Do the main thing here''' """ if os.getuid() != 0: sys.exit('This command requires root (to install packages), so please ' 'run again with sudo or as root.') """ parser = argparse.ArgumentParser() parser.add_argument('--workdir', metavar='path_to_working_dir', default='.', help='Path to working directory on a volume with over ' '10G of available space. Defaults to current working ' 'directory.') parser.add_argument('--version', metavar='version', default=None, help='The version to download in the format of ' '"$major.$minor.$patch", e.g. "10.15.4". Can ' 'be "latest" to download the latest version.') parser.add_argument('--compress', action='store_true', help='Output a read-only compressed disk image with ' 'the Install macOS app at the root. This is now the ' 'default. Use --raw to get a read-write sparse image ' 'with the app in the Applications directory.') parser.add_argument('--raw', action='store_true', help='Output a read-write sparse image ' 'with the app in the Applications directory. Requires ' 'less available disk space and is faster.') parser.add_argument('--ignore-cache', action='store_true', help='Ignore any previously cached files.') args = parser.parse_args() su_catalog_url = get_default_catalog() if not su_catalog_url: print('Could not find a default catalog url for this OS version.', file=sys.stderr) exit(-1) # download sucatalog and look for products that are for macOS installers catalog = download_and_parse_sucatalog( su_catalog_url, args.workdir, ignore_cache=args.ignore_cache) product_info = os_installer_product_info( catalog, args.workdir, ignore_cache=args.ignore_cache) if not product_info: print('No macOS installer products found in the sucatalog.', file=sys.stderr) exit(-1) product_id, product_title = determine_version(args.version, product_info) print(product_id, product_title) # download all the packages for the selected product replicate_product(catalog, product_id, args.workdir, ignore_cache=args.ignore_cache, product_title=product_title) if __name__ == '__main__': main() ================================================ FILE: helm/Chart.yaml ================================================ apiVersion: v1 appVersion: "0.0.1.0" description: "Containerized OSX! Run OSX in a pod, headlessly, or with Xvfb. Test your Apps and master CI/CD processes." name: docker-osx version: 0.2.0 keywords: - docker-osx - mac - macos - qemu - cicd - ios - xnu - darwin - apple - osx ================================================ FILE: helm/Dockerfile ================================================ #!/usr/bin/docker # # This Dockerfile is to be consumed with the docker_osx helm templates. It consumes the # Ubuntu image so that OpenCore.qcow2 can be re-generated (which happens in Kube itself), # not to mention that OSX-KVM was written for Ubuntu. This was not designed to be run in Docker # by itself.. very well anyway. # FROM ubuntu:21.04 SHELL ["/bin/bash", "-c"] # this has to match .Values.image.userName in helm template ARG USER=ubuntu # this installs the kvm linux kernel in the docker container so that OpenCore.qcow2 boot images # can be built. ARG DOCKER_KERNEL_VERSION=linux-image-kvm ENV TZ=America/Los_Angeles ARG DEBIAN_FRONTEND=noninteractive RUN DEBCONF_FRONTEND=noninteractive apt update \ && apt install \ bridge-utils \ fish \ git wget \ libguestfs-tools \ libvirt-daemon-system \ $DOCKER_KERNEL_VERSION \ p7zip-full \ qemu \ sudo \ uml-utilities \ virt-manager \ -y # Configure SSH RUN apt install git vim nano alsa-utils openssh-server -y # Create user and grant sudo privledges RUN adduser --disabled-password \ --gecos '' $USER \ && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \ && chmod 0440 /etc/sudoers.d/$USER # Configure VNC for user RUN apt install \ dbus-x11 \ openbox \ tigervnc-common \ tigervnc-standalone-server \ xfce4 \ xfce4-goodies \ x11-xserver-utils \ xdotool \ xorg \ xterm \ ufw \ -y USER $USER # only create ~/.vnc as helm will build out ~/.vnc/config RUN mkdir -p ${HOME}/.vnc RUN git clone --depth 1 https://github.com/kholia/OSX-KVM.git /home/$USER/OSX-KVM VOLUME ["/tmp/.X11-unix"] WORKDIR /home/$USER/OSX-KVM # helm will build out ./Launch_custom.sh CMD envsubst < ./Launch_custom.sh | bash ================================================ FILE: helm/INSTALL-QEMU-AND-GPU-IOMMU.md ================================================ # Install macOS Docker Virtualization ## Setup This walks through setting up QEMU virtualization for running macOS in Docker & Kubernetes Please note, this guide assumes the host operation system is running Centos 7 (or ClearOS 7 more specifically). These commands can mostly be transferred to other distros, but there are a few areas that need commands (i.e. updating ) ### Host configuration ## Build QEMU and libvirt from source Since there is no official QEMU 5.X repo it appears, build from source. ### QEMU Requirements Python, glib2-devel, and pixman ``` sudo yum install python glib2-devel cairo-devel -y ``` Ninja ``` pip3 install ninja ``` ### Build QEMU from source steps Clone the offical QEMU repo and build from source: ``` git clone git://git.qemu-project.org/qemu.git cd qemu mkdir -p bin/debug/native cd bin/debug/native ../../../configure --enable-debug make -j24 make install ``` _Note: adjust make to use the desired number of threads avaliable on your system_ ### libvirt Requirements Configure repo: ``` yum-config-manager --nogpgcheck --add-repo http://mirror.centos.org/centos/7/virt/x86_64/libvirt-latest/ ``` ### Install libvirt ``` yum install libvirt -y ``` ### Update permissions ``` chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm usermod -a -G kvm root ``` _Note: these may not be required_ ### Verification Ensure latest version installed ``` virsh -c qemu:///system version --daemon ``` * For example, should output something like: ``` [root@server repos]# virsh -c qemu:///system version --daemon Compiled against library: libvirt 5.0.0 Using library: libvirt 5.0.0 Using API: QEMU 5.0.0 Running hypervisor: QEMU 5.2.50 Running against daemon: 5.0.0 ``` ## Install IMMO for GPU passthrough 1. Modify GRUB boot args: Add the following to `/etc/default/grub` to the end of the `GRUB_CMDLINE_LINUX` parameter: ``` GRUB_CMDLINE_LINUX="... iommu=pt intel_iommu=on" ``` 1. Update GRUB2: ``` grub2-mkconfig -o /boot/efi/EFI/clearos/grub.cfg ``` _Note: this command may vary based on location of the grub.cfg for the boot entry_ 1. Reboot system 1. Ensure that the kernel parameter changes worked: ``` cat /proc/cmdline ``` 1. Find GPU hardware ids with `lspci` Example: ``` lspci -nn | grep -i nvidia ``` 1. Add the hardware ids to `/etc/modprobe.d/vfio.conf` Example: ``` options vfio-pci ids=10de:1b81,10de:10f0 ``` _Note: this is for the NVIDIA GTX 1070_ 1. Enable `vfio-pci` ``` echo 'vfio-pci' > /etc/modules-load.d/vfio-pci.conf ``` Make backup and rebuild `initramfs`: ``` cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak dracut -f ``` _Note: `dracut -f` may take awhile.._ 1. Increase ulimits _This is done to avoid memory issues like `VFIO_MAP_DMA: -12` and etc_ Append the following to `/etc/security/limits.conf`: ``` @kvm soft memlock unlimited @kvm hard memlock unlimited ``` Append the following to `/etc/docker/daemon.json`: ``` { "default-ulimits": { "nofile": { "name": "nofile", "hard": 65536, "soft": 1024 }, "memlock": { "name": "memlock", "soft": -1, "hard": -1 } } } ``` Add `LimitMEMLOCK` to `/etc/systemd/system/multi-user.target.wants/libvirtd.service` like: ``` [Unit] Description=Virtualization daemon ... [Service] ... LimitMEMLOCK=infinity ``` 1. Reload systemd after changing config ``` systemctl daemon-reload ``` 1. Reboot system 1. Ensure that `vfio` worked ``` dmesg | grep -i vfio ``` # Issues Many issues can rise up as a result of adding the complexity layers involved here. Some of the main areas are improperly loading the `vfio-pci` driver for the GPU and permission issues. ## Modules for vfio not loading When `vfio` does not load, errors such as the following can be seen: ``` error getting device from group *: No such device Verify all devices in group * are bound to vfio- or pci-stub and not already in use ``` This can show up when `vfio-pci` driver is not loaded for the peripheral. Ensure that `vfio-pci` is loaded. ``` dmesg | grep -i vfio ``` If so, explicitly tell `vfio` modules to start ``` echo 'vfio vfio_iommu_type1 vfio_pci vfio_virqfd' > /etc/modules ``` Make backup and rebuild `initramfs`: ``` cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak dracut -f ``` _Note: `dracut -f` may take awhile.._ Do a system reboot After rebooting, check on the gpu with `lspci` utilizing your gpu hardware id: I.E. ``` [root@server docker-docker-osx]# lspci -vvv -s 09:00.0 09:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] (rev c7) (prog-if 00 [VGA controller]) Subsystem: Advanced Micro Devices, Inc. [AMD/ATI] Radeon RX 480 Physical Slot: 5 Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- `. If permission errors are seen, try the following commands: ``` chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm chmod 777 -R /dev/vfio && chown 1000:1000 -R /dev/vfio ``` # References https://gist.github.com/dghubble/c2dc319249b156db06aff1d49c15272e `Configure IOMMU and vfio` https://www.server-world.info/en/note?os=CentOS_7&p=kvm&f=10 `Configuring GPU driver with vfio-pci binding` https://github.com/intel/nemu/wiki/Testing-VFIO-with-GPU `IOMMU Interrupt Mapping` https://pve.proxmox.com/wiki/Pci_passthrough#IOMMU_Interrupt_Remapping `Manual Graphics Driver Binding` https://lwn.net/Articles/143397/ `QEMU Stdio Example` https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04521.html ================================================ FILE: helm/README.md ================================================ # docker-osx Docker-OSX Helm Chart for Kubernetes. Project page: https://github.com/sickcodes/docker-osx Available now on Artifact HUB [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx) ## Information This installs `docker-osx` in Kubernetes. ## Features ### What works 1) Setting cpu/memory options 1) Setting VNC password 1) Persistance 1) Setting SMBIOS 1) QEMU/virtio cpu/software gpu changes 1) Toggling Audio 1) Additional port forwarding 1) Kubernetes resource requests/limits 1) Defining version of macOS to install 1) Defining install partition size 1) Defining a different version of macOS 1) Additional QEMU parameters 1) GPU support ### What doesn't 1) Simultaneous VNC + GPU IOMMU (this is a limitation of QEMU :( unfortunately) ## Requirements * Install [host machine requirements](#INSTALL-QEMU-AND-GPU-IOMMU.md) * Ensure you are running QEMU 5.X * Kubernetes * Helm v2 * `sickcodes/docker-osx-vnc` Docker image ### Build `sickcodes/docker-osx-vnc` 1) Go back to the root directory 1) Build docker image ``` docker build \ -t sickcodes/docker-osx-vnc:latest \ -f helm/Dockerfile . ``` _Please ensure you are using the Dockerfile in the `helm` folder_ _Do not worry about passing `CPU`, `RAM`, etc as they are handled in `values.yaml` now._ ### Installation If planning on using a GPU with IOMMU passthrough it is recommended to configure it first and install macOS--otherwise installing may take a very long time depending on your hardware. Please see `qemu.systemInstaller.downloadDelay`, `qemu.systemInstaller.cache`, `qemu.systemDisk.downloadDelay`, and `qemu.systemDisk.cache` for possibly reducing installation time. It has taken me over three hours to install on some occasions with a NVMe secondary disk without GPU passthrough configured.. In `values.yaml`.. 1) Set a unique password for `vnc.password`. 1) Re-generate SMBIOS `configPlist.MLB`, `configPlist.SystemSerialNumber`, and `configPlist.SystemUUID` for iServices to work. 1) Update `serverName` to reflect the unique name (in the case more than one deployment is required). 1) Configure `qemu.systemInstaller.downloadDelay` (in a period of seconds) that reflects how long your internet connection will download around 500MB (BaseSystem.dmg) + uncompress the file (which took about the same time for me to download on a 1gig internet connection). 1) Set `service.ip` to reflect an IP address of your choice, or use ingress. 1) Update `extraVolumes.hostPath.path` to something useful for you. Optionally.. 1) Install kexts to `kexts.path` and enable. 1) Adjust `openCore.boot.timeout` if desire for macOS to load automatically. 1) Add usb devices with `qemu.usb` or `qemu.extraArgs` if desired. 1) Add more ports for portforwarding services if needed. Afterwards.. 1) Launch your VNC viewer of choice and connect to the IP/hostname you defined + the port `8888` with the password specified for `vnc.password`. 1) Install macOS like usual. _Please note, after you have installed macOS feel free to set `qemu.systemInstaller.downloadDelay` to nothing, as BaseSystem.dmg will be stored in the path defined for `extraVolumes.hostPath.path`_ #### Resources Please note, resource limits may vary based on hardware. The ones currently defined are ones that worked for me personally. ================================================ FILE: helm/artifacthub-repo.yml ================================================ # Artifact Hub repository metadata file repositoryID: 7b2e9eeb-620a-43e8-b2cc-24ca33125bfc owners: # (optional, used to claim repository ownership) - name: sickcodes email: info@sick.codes ================================================ FILE: helm/helm-chart-generate.sh ================================================ #!/usr/bin/env bash # Author: sick.codes # License: GPLv3+ # Repo: https://github.com/sickcodes/Docker-OSX/ # cd ../helm rm -f docker-osx-*.tgz helm package . helm repo index . --url https://sickcodes.github.io/Docker-OSX/helm/ ================================================ FILE: helm/index.yaml ================================================ apiVersion: v1 entries: docker-osx: - apiVersion: v1 appVersion: 0.0.1.0 created: "2021-02-27T04:15:48.784861502Z" description: Containerized OSX! Run OSX in a pod, headlessly, or with Xvfb. Test your Apps and master CI/CD processes. digest: 5a62a9291b1494b9cfaa0708ab7bab9d13cca30adbeaced3d29a5bb6935caac9 keywords: - docker-osx - mac - macos - qemu - cicd - ios - xnu - darwin - apple - osx name: docker-osx urls: - https://sickcodes.github.io/Docker-OSX/helm/docker-osx-0.2.0.tgz version: 0.2.0 generated: "2021-02-27T04:15:48.782073839Z" ================================================ FILE: helm/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "docker-osx.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "docker-osx.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "docker-osx.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} ================================================ FILE: helm/templates/configmap.yaml ================================================ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "docker-osx.fullname" . }}-boot-components data: config.plist: |- ACPI Add Comment add DTGP method Enabled Path SSDT-DTGP.aml Comment Fake EC and USBX Power Enåabled Path SSDT-EC.aml Comment USB 2.0 Injection Enabled Path SSDT-EHCI.aml Comment CPU AGPM Plugin=1 Enabled Path SSDT-PLUG.aml Delete All Comment Delete CpuPm Enabled OemTableId Q3B1UG0AAAA= TableLength 0 TableSignature U1NEVA== All Comment Delete Cpu0Ist Enabled OemTableId Q3B1MElzdAA= TableLength 0 TableSignature U1NEVA== Patch Comment _Q11 to XQ11 Count 1 Enabled Find X1ExMQ== Limit 0 Mask OemTableId Replace WFExMQ== ReplaceMask Skip 0 TableLength 0 TableSignature Comment _Q12 to XQ12 Count 1 Enabled Find X1ExMg== Limit 0 Mask OemTableId Replace WFExMg== ReplaceMask Skip 0 TableLength 0 TableSignature Quirks FadtEnableReset NormalizeHeaders RebaseRegions ResetHwSig ResetLogoStatus Booter MmioWhitelist Quirks AvoidRuntimeDefrag DevirtualiseMmio DisableSingleUser DisableVariableWrite DiscardHibernateMap EnableSafeModeSlide EnableWriteUnprotector ForceExitBootServices ProtectMemoryRegions ProtectSecureBoot ProtectUefiServices ProvideCustomSlide ProvideMaxSlide 0 RebuildAppleMemoryMap SetupVirtualMap SignalAppleOS SyncRuntimePermissions DeviceProperties Add PciRoot(0x1)/Pci(0x1F,0x0) compatible pci8086,2916 device-id FikA name pci8086,2916 Delete PciRoot(0x0)/Pci(0x1b,0x0) MaximumBootBeepVolume Kernel Add {{- if .Values.qemu.hardwareGpu.enabled }} BundlePath mXHCD.kext Comment Hello There Enabled ExecutablePath Contents/MacOS/mXHCD MaxKernel MinKernel PlistPath Contents/Info.plist {{- end }} Arch x86_64 BundlePath VoodooHDA.kext Comment Patch engine {{- if .Values.qemu.audio.enabled }} Enabled {{- else -}} Disabled {{- end }} ExecutablePath Contents/MacOS/VoodooHDA MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath Lilu.kext Comment Patch engine Enabled ExecutablePath Contents/MacOS/Lilu MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath VirtualSMC.kext Comment SMC emulator Enabled ExecutablePath Contents/MacOS/VirtualSMC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath WhateverGreen.kext Comment Video patches Enabled ExecutablePath Contents/MacOS/WhateverGreen MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist Arch x86_64 BundlePath AppleALC.kext Comment Audio patches Enabled ExecutablePath Contents/MacOS/AppleALC MaxKernel MinKernel 12.0.0 PlistPath Contents/Info.plist BundlePath AGPMInjector.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist BundlePath USBPorts.kext Comment Enabled ExecutablePath MaxKernel MinKernel PlistPath Contents/Info.plist Arch x86_64 BundlePath MCEReporterDisabler.kext Comment AppleMCEReporter disabler Enabled ExecutablePath MaxKernel MinKernel 19.0.0 PlistPath Contents/Info.plist {{- if .Values.macos.kexts.add }} {{- range .Values.macos.kexts.kextsToAdd }} Arch Any BundlePath {{ .name }} Comment Enabled ExecutablePath {{ .executablePath }} MaxKernel MinKernel PlistPath {{ .plistPath }} {{- end }} {{- end }} Block Arch Any Comment Enabled Identifier com.apple.driver.AppleTyMCEDriver MaxKernel MinKernel Emulate {{- if .Values.qemu.hardwareGpu.enabled }} Cpuid1Data VwYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask /////wAAAAAAAAAAAAAAAA== {{- else -}} Cpuid1Data VAYFAAAAAAAAAAAAAAAAAA== Cpuid1Mask ////AAAAAAAAAAAAAAAAAA== {{- end }} Force {{- if .Values.qemu.hardwareGpu.enabled }} Base Comment algrey - cpuid_set_generic_info - disable check to allow leaf7 Count 1 Enabled Find ADoPgg== Identifier kernel Limit 0 Mask MaxKernel 19.99.99 MinKernel 17.0.0 Replace AAAPgg== ReplaceMask Skip 0 {{- else -}} Arch Any BundlePath System/Library/Extensions/IONetworkingFamily.kext Comment Patch engine Enabled Identifier com.apple.iokit.IONetworkingFamily ExecutablePath Contents/MacOS/IONetworkingFamily MaxKernel 13.99.99 MinKernel PlistPath Contents/Info.plist {{- end }} Patch {{- if .Values.qemu.hardwareGpu.enabled }} Base _cpu_topology_sort Comment algrey - cpu_topology_sort -disable _x86_validate_topology Count 1 Enabled Find 6AAA//8= Identifier kernel Limit 0 Mask /wAA//8= MaxKernel 19.99.99 MinKernel 17.0.0 Replace Dx9EAAA= ReplaceMask Skip 0 {{- else -}} Base _cpu_topology_sort Comment algrey - cpu_topology_sort -disable _x86_validate_topology Count 1 Enabled Find 6AAA//8= Identifier kernel Limit 0 Mask /wAA//8= MaxKernel 20.99.99 MinKernel 17.0.0 Replace Dx9EAAA= ReplaceMask Skip 0 {{- end }} Base Comment algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN Count 1 Enabled {{- if .Values.qemu.hardwareGpu.enabled }} Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= {{- else -}} Find MduAPQAAAAAGdQA= Identifier kernel Limit 0 Mask /////wAAAP///wA= {{- end }} MaxKernel 20.99.99 MinKernel 17.0.0 Replace u7xP6njpXQAAAJA= ReplaceMask Skip 0 {{- if .Values.qemu.hardwareGpu.enabled }} Base Comment algrey - - skip cpuid_cores_per_package test -10.15 Count 0 Enabled Find gz0AAAAAAA8AAAAAAItdvA== Identifier kernel Limit 0 Mask //8AAAD///8AAAAA/////w== MaxKernel 19.99.99 MinKernel 19.0.0 Replace AAAAAAAAAQAAAAAAAAAAAA== ReplaceMask AAAAAAAADwAAAAAAAAAAAA== Skip 0 Base Comment algrey - - skip cpuid_cores_per_package test Count 0 Enabled Find gz0AAAAAAHQAi128 Identifier kernel Limit 0 Mask //8AAAD///8A//// MaxKernel 18.99.99 MinKernel 17.0.0 Replace AAAAAAAAAQAAAAAA ReplaceMask AAAAAAAADwAAAAAA Skip 0 {{- end }} Quirks AppleCpuPmCfgLock AppleXcpmCfgLock AppleXcpmExtraMsrs AppleXcpmForceBoost CustomSMBIOSGuid DisableIoMapper DisableLinkeditJettison DisableRtcChecksum DummyPowerManagement ExternalDiskIcons IncreasePciBarSize LapicKernelPanic PanicNoKextDump PowerTimeoutKernelPanic ThirdPartyDrives XhciPortLimit Scheme {{- if not .Values.qemu.hardwareGpu.enabled }} FuzzyMatch KernelArch x86_64 KernelCache Auto {{- end }} Misc BlessOverride Boot ConsoleAttributes 0 HibernateMode Auto HideAuxiliary PickerAttributes 1 PickerVariant Modern PickerAudioAssist PickerMode External PollAppleHotKeys ShowPicker TakeoffDelay 0 Timeout {{ .Values.macos.openCore.boot.timeout }} Debug AppleDebug ApplePanic DisableWatchDog DisplayDelay 0 DisplayLevel 2147483650 SerialInit SysReport Target 3 Entries Security AllowNvramReset AllowSetDefault ApECID 0 AuthRestart BootProtect None DmgLoading Signed EnablePassword ExposeSensitiveData 6 HaltLevel 2147483648 PasswordHash PasswordSalt ScanPolicy 0 SecureBootModel Disabled Vault Optional Tools Arguments Auxiliary Comment Not signed for security reasons Enabled Name UEFI Shell Path OpenShell.efi Arguments Shutdown Auxiliary Comment Perform shutdown Enabled Name Shutdown Path ResetSystem.efi NVRAM Add 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 DefaultBackgroundColor AAAAAA== UIScale AQ== 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 SystemAudioVolume Rg== boot-args {{ .Values.macos.configPlist.bootArgs }} run-efi-updater No csr-active-config ZwAAAA== prev-lang:kbd ZW4tVVM6MA== Delete 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 UIScale DefaultBackgroundColor 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 rtc-blacklist 7C436110-AB2A-4BBB-A880-FE41995C9F82 boot-args LegacyEnable LegacyOverwrite LegacySchema 7C436110-AB2A-4BBB-A880-FE41995C9F82 EFILoginHiDPI EFIBluetoothDelay LocationServicesEnabled SystemAudioVolume SystemAudioVolumeDB SystemAudioVolumeSaved bluetoothActiveControllerInfo bluetoothInternalControllerInfo flagstate fmm-computer-name nvda_drv prev-lang:kbd 8BE4DF61-93CA-11D2-AA0D-00E098032B8C Boot0080 Boot0081 Boot0082 BootNext BootOrder WriteFlash PlatformInfo Automatic Generic AdviseWindows MLB {{ .Values.macos.configPlist.MLB }} ROM m7zhIYfl SpoofVendor SystemProductName {{ .Values.macos.configPlist.SystemProductName }} SystemSerialNumber {{ .Values.macos.configPlist.SystemSerialNumber }} SystemUUID {{ .Values.macos.configPlist.SystemUUID }} UpdateDataHub UpdateNVRAM UpdateSMBIOS UpdateSMBIOSMode Create UEFI APFS EnableJumpstart GlobalConnect HideVerbose JumpstartHotPlug MinDate -1 MinVersion -1 Audio AudioCodec 0 AudioDevice PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) AudioOut 0 AudioSupport MinimumVolume 20 PlayChime VolumeAmplifier 0 ConnectDrivers Drivers VBoxHfs.efi OpenRuntime.efi OpenCanopy.efi #AudioDxe.efi #OpenUsbKbDxe.efi #UsbMouseDxe.efi #Ps2KeyboardDxe.efi #Ps2MouseDxe.efi #HiiDatabase.efi #NvmExpressDxe.efi #XhciDxe.efi #ExFatDxe.efi #PartitionDxe.efi #CrScreenshotDxe.efi Input KeyFiltering KeyForgetThreshold 5 KeyMergeThreshold 2 KeySupport KeySupportMode Auto KeySwap PointerSupport PointerSupportMode ASUS TimerResolution 50000 Output ClearScreenOnModeSwitch ConsoleMode DirectGopRendering IgnoreTextInGraphics ProvideConsoleGop ReconnectOnResChange ReplaceTabWithSpace Resolution {{ .Values.vnc.resolution }} SanitiseClearScreen TextRenderer BuiltinGraphics UgaPassThrough ProtocolOverrides AppleAudio AppleBootPolicy AppleDebugLog AppleEvent AppleFramebufferInfo AppleImageConversion AppleImg4Verification AppleKeyMap AppleRtcRam AppleSecureBoot AppleSmcIo AppleUserInterfaceTheme DataHub DeviceProperties FirmwareVolume HashServices OSInfo UnicodeCollation Quirks DeduplicateBootOrder ExitBootServicesDelay 0 IgnoreInvalidFlexRatio ReleaseUsbOwnership RequestBootVarRouting TscSyncTimeout 0 UnblockFsConnect Launch_custom.sh: |- #/bin/sh # Add extra kexts to EFI/OC/kexts {{- if .Values.macos.kexts.add }} {{- range .Values.macos.kexts.kextsToAdd }} {{- $rangeItem := . -}} {{- with $ }} echo 'Installing kext {{ $rangeItem.name }}..' cp -r "{{ .Values.macos.kexts.path }}/{{ $rangeItem.name }}" /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/ sudo chmod 755 /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/{{ $rangeItem.name }} {{- end }} {{- end }} {{- end }} # Rebuild Opencore.qcow2 after making changes to config.plist and etc.. {{- if .Values.macos.openCore.rebuild }} echo 'Building new Opencore.qcow2..' pushd OpenCore-Catalina/ mkdir -p EFI/OC/Resources rm -f OpenCore.qcow2 sudo ./opencore-image-ng.sh \ --cfg config.plist \ --img OpenCore.qcow2 sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} OpenCore.qcow2 popd {{- end }} if ! [ -d "{{ .Values.macos.installerSettings.path }}" ]; then mkdir -p {{ .Values.macos.installerSettings.path }} fi if ! [ -d "/system_image/{{ .Values.serverName }}" ]; then mkdir -p "/system_image/{{ .Values.serverName }}" fi # Download and build installer image if no system drive found.. if ! [ -f "{{ .Values.macos.installerSettings.path }}/BaseSystem{{ .Values.macos.installerSettings.version }}.img" ]; then echo "Downloading {{ .Values.macos.installerSettings.version }} base image.." python fetch-macOS.py --version {{ .Values.macos.installerSettings.version }} echo 'Converting downloaded BaseSystem.dmg into BaseSystem{{ .Values.macos.installerSettings.version }}.img and saving in {{ .Values.qemu.systemInstaller.path }}' qemu-img convert BaseSystem.dmg -O qcow2 -p -c {{ .Values.macos.installerSettings.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img rm -f BaseSystem.dmg else echo 'Base Image downloaded and converted into img already..' fi if ! [ -f "/system_image/{{ .Values.serverName }}/mac_hdd_ng.img" ]; then echo "Creating a {{ .Values.qemu.systemDisk.size }} /system_image/{{ .Values.serverName }}/mac_hdd_ng.img for system partition.." qemu-img create -f qcow2 /system_image/{{ .Values.serverName }}/mac_hdd_ng.img "{{ .Values.qemu.systemDisk.size }}" echo 'Finished creating system partition!' else echo 'Image already created. Skipping creation..' fi # # Fix permissions on usb devices.. # {{- if .Values.qemu.usb }} # {{- range .Values.qemu.usb }} # echo "Updating permissions to r/w for /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4).." # sudo chmod 666 /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4) # {{- end }} # {{- end }} # Start VNC.. {{- if .Values.vnc.enabled }} echo 'geometry={{ .Values.vnc.resolution }} localhost alwaysshared' > ~/.vnc/config sudo rm -f /tmp/.X99-lock export DISPLAY=:99 vncpasswd -f < vncpasswd_file > ${HOME}/.vnc/passwd /usr/bin/Xvnc -geometry {{ .Values.vnc.resolution }} -rfbauth "${HOME}/.vnc/passwd" :99 &\ sudo chmod 600 ~/.vnc/passwd {{- end }} sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} /dev/kvm {{- if .Values.qemu.hardwareGpu.enabled }} sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} -R /dev/vfio {{- end }} # Start QEMU.. echo 'Starting QEMU..' set -eu sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true exec qemu-system-x86_64 -m {{ .Values.resources.requests.memory | trimSuffix "i" }} \ -cpu {{ .Values.qemu.cpu }} \ -machine q35,accel=kvm:tcg \ {{- if .Values.qemu.hardwareGpu.enabled }} -device pcie-root-port,bus=pcie.0,multifunction=on,port=1,chassis=1,id=port.1 \ {{- if .Values.qemu.hardwareGpu.romfile }} -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,bus=port.1,multifunction=on,romfile={{ .Values.qemu.hardwareGpu.romfile}} \ {{- else -}} -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,multifunction=on \ {{- end }} -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.1,bus=port.1 \ {{- else -}} -vga {{ .Values.qemu.softwareGpu }} \ {{- end }} -smp {{ .Values.resources.requests.cpu }},cores={{ .Values.resources.requests.cpu }} \ {{- if .Values.vnc.enabled }} -usb -device usb-kbd -device usb-tablet \ {{- else -}} -vga none \ -display none \ {{- end }} -device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \ -drive if=pflash,format=raw,readonly,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_CODE.fd \ -drive if=pflash,format=raw,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_VARS-1024x768.fd \ -smbios type=2 \ {{- if .Values.qemu.audio.enabled }} -audiodev {{ .Values.qemu.audio.driver }},id=hda \ -device ich9-intel-hda \ -device hda-duplex,audiodev=hda \ {{- end }} -device ich9-ahci,id=sata \ -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ -device ide-hd,bus=sata.2,drive=OpenCoreBoot \ {{- if .Values.qemu.systemInstaller.enabled }} -device ide-hd,bus=sata.3,drive=InstallMedia \ -drive id=InstallMedia,if=none,file={{ .Values.macos.installerSettings.path }}/BaseSystem{{ .Values.macos.installerSettings.version }}.img,format=qcow2 \ {{- end }} -drive id=MacHDD,if=none,file=/system_image/{{ .Values.serverName }}/mac_hdd_ng.img,format=qcow2 \ -device ide-hd,bus=sata.4,drive=MacHDD \ -netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,{{ .Values.qemu.netdev.extraPortForwarding }} \ -device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:09:49:17 \ {{- range .Values.qemu.usb }} -usb -device usb-host,productid=0x{{ .productId }},vendorid=0x{{ .vendorId }} \ {{- end }} {{- range .Values.qemu.extraArgs }} {{ . }} \ {{- end }} ${EXTRA:-} vncpasswd_file: |- {{ .Values.vnc.password }} limits.conf: |- #This file sets the resource limits for the users logged in via PAM. #It does not affect resource limits of the system services. # #Also note that configuration files in /etc/security/limits.d directory, #which are read in alphabetical order, override the settings in this #file in case the domain is the same or more specific. #That means, for example, that setting a limit for wildcard domain here #can be overriden with a wildcard setting in a config file in the #subdirectory, but a user specific setting here can be overriden only #with a user specific setting in the subdirectory. # #Each line describes a limit for a user in the form: # # # #Where: # can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # # can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # # can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open file descriptors # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit (KB) # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority # # # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 @{{ .Values.image.userName }} soft memlock unlimited @{{ .Values.image.userName }} hard memlock unlimited # End of file ================================================ FILE: helm/templates/data-pvc.yaml ================================================ {{- if and .Values.persistence.data.enabled (not .Values.persistence.data.existingClaim) }} apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ template "docker-osx.fullname" . }}-config labels: app: {{ template "docker-osx.name" . }} chart: {{ template "docker-osx.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- with .Values.persistence.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: accessModes: - {{ .Values.persistence.config.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.config.size | quote }} {{- if .Values.persistence.config.storageClass }} {{- if (eq "-" .Values.persistence.config.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.persistence.config.storageClass }}" {{- end }} {{- end }} {{- end -}} ================================================ FILE: helm/templates/deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "docker-osx.fullname" . }} labels: app.kubernetes.io/name: {{ include "docker-osx.name" . }} helm.sh/chart: {{ include "docker-osx.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "docker-osx.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "docker-osx.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: allowPrivilegeEscalation: true readOnlyRootFilesystem: false privileged: true capabilities: add: - net_raw - NET_ADMIN ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: tcpSocket: port: http {{- if .Values.qemu.systemInstaller.downloadDelay }} initialDelaySeconds: {{ .Values.qemu.systemInstaller.downloadDelay }} {{- end }} readinessProbe: tcpSocket: port: http {{- if .Values.qemu.systemInstaller.downloadDelay }} initialDelaySeconds: {{ .Values.qemu.systemInstaller.downloadDelay }} {{- end }} env: - name: CORES value: "{{ .Values.resources.requests.cpu }}" - name: SMP value: "{{ .Values.resources.requests.cpu }}" - name: RAM value: "{{ .Values.resources.requests.memory | trimSuffix "Mi" }}" - name: TZ value: "{{ .Values.tz }}" - name: DISPLAY value: ':0.0' resources: {{ toYaml .Values.resources | indent 10 }} volumeMounts: - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/config.plist subPath: config.plist name: boot-components - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/Launch_custom.sh subPath: Launch_custom.sh name: boot-components - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/vncpasswd_file subPath: vncpasswd_file name: boot-components - mountPath: /dev/kvm name: kvm - mountPath: /dev/net/tun name: tun {{- if .Values.qemu.hardwareGpu.enabled }} - mountPath: /etc/security/limits.conf subPath: limits.conf name: boot-components - mountPath: /dev/vfio/vfio name: vfio - mountPath: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }} name: vfio-group - mountPath: /lib/modules name: lib-modules {{- end }} - mountPath: /dev/snd name: snd - mountPath: /tmp/.X11-unix name: x11 {{- if .Values.persistence.data.enabled }} - name: data mountPath: /mnt/data {{- end }} {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }}{{ end }} # args: # - volumes: - name: boot-components configMap: name: {{ template "docker-osx.fullname" . }}-boot-components items: - key: config.plist path: config.plist - key: Launch_custom.sh path: Launch_custom.sh - key: vncpasswd_file path: vncpasswd_file {{- if .Values.qemu.hardwareGpu.enabled }} - key: limits.conf path: limits.conf {{- end }} - name: tun hostPath: path: /dev/net/tun - name: kvm hostPath: path: /dev/kvm {{- if .Values.qemu.hardwareGpu.enabled }} - name: vfio hostPath: path: /dev/vfio/vfio - name: vfio-group hostPath: path: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }} - name: lib-modules hostPath: path: /lib/modules {{- end }} - name: snd hostPath: path: /dev/snd - name: x11 hostPath: path: /dev/ssd_data/default/{{ .Release.Name }}/.X11-unix {{- if .Values.persistence.data.enabled }} - name: data persistentVolumeClaim: claimName: {{ if .Values.persistence.data.existingClaim }}{{ .Values.persistence.data.existingClaim }}{{- else }}{{ template "docker-osx.fullname" . }}-data{{- end }} {{- else }} emptyDir: {} {{- end }} {{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 6 }}{{ end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} ================================================ FILE: helm/templates/ingress.yaml ================================================ {{- if .Values.ingress.enabled -}} {{- $fullName := include "docker-osx.fullname" . -}} {{- $ingressPath := .Values.ingress.path -}} apiVersion: extensions/v1 kind: Ingress metadata: name: {{ $fullName }} labels: app.kubernetes.io/name: {{ include "docker-osx.name" . }} helm.sh/chart: {{ include "docker-osx.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} - host: {{ . | quote }} http: paths: - path: {{ $ingressPath }} backend: serviceName: {{ $fullName }} servicePort: http {{- end }} {{- end }} ================================================ FILE: helm/templates/service.yaml ================================================ apiVersion: v1 kind: Service metadata: name: {{ include "docker-osx.fullname" . }} labels: app.kubernetes.io/name: {{ include "docker-osx.name" . }} helm.sh/chart: {{ include "docker-osx.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: {{ .Values.service.targetPort }} protocol: TCP name: http - port: 8888 targetPort: 5999 protocol: TCP name: vnc {{- range .Values.service.extraPorts }} - port: {{ .port }} targetPort: {{ .targetPort }} protocol: {{ .protocol }} name: {{ .name }} {{- end }} selector: app.kubernetes.io/name: {{ include "docker-osx.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.service.ip }} loadBalancerIP: {{ .Values.service.ip }} {{- end }} ================================================ FILE: helm/values.yaml ================================================ # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 image: repository: sickcodes/docker-osx-vnc tag: latest pullPolicy: IfNotPresent userName: ubuntu # Please note, this must be a directory name within `/system_image` mounted at the bottom in extraVolumeMounts serverName: server macos: # add kexts to EFI/OC/kexts and update config.plist # make sure your kexts are in kexts.path kexts: add: false path: /system_image/kexts kextsToAdd: {} # - name: BrcmBluetoothInjector.kext # executablePath: Contents/MacOS/BrcmBluetoothInjector # plistPath: Contents/Info.plist # - name: BrcmFirmwareData.kext # executablePath: Contents/MacOS/BrcmFirmwareData # plistPath: Contents/Info.plist # - name: BrcmPatchRAM3.kext # executablePath: Contents/MacOS/BrcmPatchRAM3 # plistPath: Contents/Info.plist # SMBIOS settings configPlist: SystemProductName: iMacPro1,1 MLB: D25338500GUF8YLJA SystemSerialNumber: D25LF7ZEF8JC SystemUUID: 139C94D6-A533-47D2-874F-D365BFD8B047 bootArgs: '-v keepsyms=1 tlbto_us=0 vti=9 -wegoff agdpmod=pikera' openCore: # Rebuild OpenCore.qcow2: this can be disabled if none of the above parameters in kexts, configPlist changes, and changing the # resolution are not desired, utilizing gpu passthrough and a few other things. Disabling is not recommended rebuild: true boot: # set to zero to have OpenCore stay at boot menu timeout: 0 installerSettings: # if using more than one deployment, a write lock will be put on the system installer dmg, so this will need to be disabled # for other pods version: 10.15.7 path: /system_image/installers # This section defines QEMU and virtlo parameters # # Note: # *) Increase downloadDelay if the pod gets killed for readiness/liveliness check. The first time the pod is started, # it will download the BaseSystem image and create a data partition to install the OS. If this value is really long, # the pod will take very long to allow VNC connections if it is rebooted/killed. # *) Big Sur (11.X) is currently broken, as it seems Apple reworked the packaging so that will have to be something fixed in # https://github.com/kholia/OSX-KVM/blob/master/fetch-macOS-v2.py # *) VNC and IOMMU GPU passthrough do not play together well. Disable one if using the other. This is a limitation of QEMU # unfortunately, so this means VNC from macOS will have to be used to view the VM when not using a physical GPU. # *) If using GPU passthrough, it is recommended to configure it first, as the installer will take way longer (several hours) # to install macOS with a software GPU configured. # qemu: cpu: Penryn,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+xsave,+xsaveopt,check softwareGpu: vmware hardwareGpu: # when enabled, qemu.softwareGpu will be disabled automatically. disabling this will rely on softwareGpu instead enabled: false hardwareId: 09:00 # slot can be found with `lspci -v -s ` slot: 05 # vfioGroup can be found with lsgroup.sh: # https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh vfioGroup: 50 # leave romfile blank if not using one to disable romfile: /system_image/vbios/Sapphire.RX480.8192.160603.rom systemInstaller: # if using more than one deployment, a write lock will be put on the system installer dmg, so this will need to be disabled # for other pods enabled: false downloadDelay: 15 # can be `writethrough`, `writeback`, or `none` cache: none # can be `native` or `threads` io: threads systemDisk: size: 128G # can be `writethrough`, `writeback`, or `none` cache: writeback # can be `native` or `threads` io: threads audio: # this enables onboard audio, hdmi audio is handled with qemu.hardwareGpu enabled: false driver: alsa netdev: extraPortForwarding: hostfwd=tcp::5901-:5900 # for usb, pass host adapters like such: # usb: # - vendorId: 0a5c # productId: 21e8 # # please use lsgroup.sh to find your host ids: # https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh # # for usb, may need to fix permissions: # sudo chmod 666 /dev/bus/usb// # # if need to add a usb controller via vfio-pci, use qemu.extraArgs # usb: {} # use the following formatting # extraArgs: # - -parallel none # - -boot order=dc extraArgs: {} # Password for accessing vm over vnc vnc: enabled: true resolution: 1920x1080 password: a5aeQbaPd4$jR80Q43 nameOverride: "" fullnameOverride: "" service: type: LoadBalancer ip: 192.168.1.10 targetPort: 50922 port: 10022 extraPorts: - port: 5901 targetPort: 5901 protocol: TCP name: os-level-vnc ingress: enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" paths: - / hosts: - docker-osx.local tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # Note: Resources can vary dramatically depending on disk caching and software GPU rendering. With disk # caching and software rendering up to x5 the cpu and x9 memory can be consumed. With disk cache off # and GPU passthrough enabled up to x3 the cpu and x1.5 memory can be consumed. Therefore, these settings # really depend on hardware and configuration choices. Note, these values used a 1080p video resolution # as well. # # Warning: do not perform unit conversion on cpu and memory requests, as these units # are tied qemu and virtio settings. Also, only use intergers for cpu requests. resources: limits: cpu: 15 memory: 32768Mi requests: cpu: 4 memory: 16384Mi nodeSelector: {} tolerations: [] affinity: {} persistence: data: enabled: false ## configuration data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" ## ## If you want to reuse an existing claim, you can pass the name of the PVC using ## the existingClaim variable existingClaim: docker-osx accessMode: ReadWriteOnce size: 5Gi # Any extra volumes to define for the pod extraVolumes: - name: data hostPath: path: /mnt/data/default/docker_osx/ type: DirectoryOrCreate # Any extra volume mounts to define for the containers extraVolumeMounts: - name: data mountPath: /system_image ================================================ FILE: rankmirrors ================================================ #!/usr/bin/bash # # rankmirrors - read a list of mirrors from a file and rank them by speed # Generated from rankmirrors.sh.in; do not edit by hand. # # Copyright (c) 2009 Matthew Bruenig # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # traps interrupt key to spit out pre-interrupt info trap finaloutput INT declare -r myname='rankmirrors' declare -r myver='1.4.0' usage() { echo "${myname} v${myver}" echo echo "Ranks pacman mirrors by their connection and opening speed. Pacman mirror" echo "files are located in /etc/pacman.d/. It can also rank one mirror if the URL is" echo "provided." echo echo "Usage: ${myname} [options] MIRRORFILE | URL" echo echo "Options:" echo " --version show program's version number and exit" echo " -h, --help show this help message and exit" echo " -n NUM number of servers to output, 0 for all" echo " -m, --max-time NUM specify a ranking operation timeout, can be decimal number" echo " -t, --times only output mirrors and their response times" echo " -u, --url test a specific URL" echo " -v, --verbose be verbose in output" echo " -r, --repo specify a repository name instead of guessing" exit 0 } version() { echo "${myname} (pacman) ${myver}" echo "Copyright (c) 2009 Matthew Bruenig ." echo echo "This is free software; see the source for copying conditions." echo "There is NO WARRANTY, to the extent permitted by law." exit 0 } err() { echo "$1" >&2 exit 1 } # gettime fetchurl (e.g gettime http://foo.com/core/os/i686/core.db.tar.gz) # returns the fetching time, or timeout, or unreachable gettime() { IFS=' ' output=( $(curl -s -m $MAX_TIME -w "%{time_total} %{http_code}" "$1" -o/dev/null) ) (( $? == 28 )) && echo timeout && return (( ${output[1]} >= 400 || ! ${output[1]} )) && echo unreachable && return echo "${output[0]}" } # getfetchurl serverurl (e.g. getturl http://foo.com/core/os/i686) # if $repo is in the line, then assumes core # if $arch is in the line, then assumes $(uname -m) # returns a fetchurl (e.g. http://foo.com/core/os/i686/core.db.tar.gz) ARCH="$(uname -m)" getfetchurl() { local strippedurl="${1%/}" local replacedurl="${strippedurl//'$arch'/$ARCH}" if [[ ! $TARGETREPO ]]; then replacedurl="${replacedurl//'$repo'/core}" local tmp="${replacedurl%/*}" tmp="${tmp%/*}" local reponame="${tmp##*/}" else replacedurl="${replacedurl//'$repo'/$TARGETREPO}" local reponame="$TARGETREPO" fi if [[ -z $reponame || $reponame = $replacedurl ]]; then echo "fail" else local fetchurl="${replacedurl}/$reponame.db" echo "$fetchurl" fi } # This exists to remove the need for a separate interrupt function finaloutput() { IFS=$'\n' read -r -d '' -a sortedarray < \ <(printf '%s\n' "${timesarray[@]}" | LC_COLLATE=C sort) # Final output for mirrorfile numiterator="0" if [[ $TIMESONLY ]]; then echo echo " Servers sorted by time (seconds):" for line in "${sortedarray[@]}"; do echo "${line#* } : ${line% *}" ((numiterator++)) (( NUM && numiterator >= NUM )) && break done else for line in "${sortedarray[@]}"; do echo "Server = ${line#* }" ((numiterator++)) (( NUM && numiterator >= NUM )) && break done fi exit 0 } # Argument parsing [[ $1 ]] || usage while [[ $1 ]]; do if [[ ${1:0:2} = -- ]]; then case "${1:2}" in help) usage ;; version) version ;; max-time) [[ $2 ]] || err "Must specify number."; MAX_TIME="$2" shift 2;; times) TIMESONLY=1 ; shift ;; verbose) VERBOSE=1 ; shift ;; url) CHECKURL=1; [[ $2 ]] || err "Must specify URL."; URL="$2"; shift 2;; repo) [[ $2 ]] || err "Must specify repository name."; TARGETREPO="$2"; shift 2;; *) err "'$1' is an invalid argument." esac elif [[ ${1:0:1} = - ]]; then if [[ ! ${1:1:1} ]]; then [[ -t 0 ]] && err "Stdin is empty." IFS=$'\n' linearray=( $( Patch section in config.plist") return False # Write the updated plist file with open(config_path, 'wb') as f: plistlib.dump(config, f) print(f"Successfully updated {config_path}") return True if __name__ == "__main__": if len(sys.argv) != 2: print("Usage: python apply_appleid_kernelpatch.py /path/to/config.plist") sys.exit(1) config_path = sys.argv[1] if not os.path.exists(config_path): print(f"Error: File {config_path} does not exist") sys.exit(1) success = add_kernel_patches(config_path) if success: print("Patches applied successfully. Please reboot to apply changes.") else: print("Failed to apply patches.") ================================================ FILE: tests/boot-images.sh ================================================ #!/bin/bash # Author: Sick.Codes https://twitter.com/sickcodes # Contact: https://github.com/sickcodes, https://sick.codes # Copyright: sickcodes (C) 2021 # License: GPLv3+ # Title: Docker-OSX (Mac on Docker) # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes # # Status: Used internally to run each image and take screenshots until they match the pngs in this folder. # # note to self: # to get master images, boot each image, then screen shot using DISPLAY=:99 in the test.sh script # scrot -o high-sierra_master.png # scrot -o mojave_master.png # scrot -o catalina_master.png # scrot -o big-sur_master.png # scrot -o monterey_master.png # scrot -o ventura_master.png # scrot --overwrite --display :99 --file ~/${TEST}.png # pull off remote server to the tests folder # REMOTE_SERVER= # scp root@"${REMOTE_SERVER}":~/*_master.png . export DISPLAY=:99 TESTS=( high-sierra mojave catalina big-sur monterey ventura sonoma ) # test each docker image to see if they boot to their unique respective installation screens. for TEST in "${TESTS[@]}"; do # run the image detached docker run --rm -d \ --device /dev/kvm \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=:99" \ "sickcodes/docker-osx:${TEST}" # imcat the expected test screenshot to ./"${TEST}_master.txt" imcat ~/Docker-OSX/tests/${TEST}_master.png > ./"${TEST}_master.txt" # run until the screen matches the expected screen while :; do sleep 5 # screenshot the Xvfb scrotcat > ./"${TEST}.txt" # diff the low res txt files created from imcat diff "./${TEST}.txt" ./"${TEST}_master.txt" && break scrotcat done # kill any containers docker kill "$(docker ps --format "{{.ID}}")" # ensure all containers are dead until [[ "$(docker ps | wc -l)" = 1 ]]; do sleep 1 docker ps | xargs docker kill done done exit 0 ================================================ FILE: tests/test.sh ================================================ #!/usr/bin/bash # ____ __ ____ ______ __ # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| TESTS # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes # Version: 4.2 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes # # Status: Used internally to auto build, run and test images on DO. # help_text="Usage: ./test.sh --branch --repo General options: --branch, -b Git branch, default is master --repo, -r Alternative link to build --mirror-country, -m Two letter country code for Arch mirrors --docker-username, -u Docker hub username --docker-password, -p Docker hub password --vnc-password, -v Choose a VNC passwd. Flags --no-cache, -n Enable --no-cache (default already) --no-no-cache, -nn Disable --no-cache docker builds --help, -h, help Display this help and exit " # set -xeuf -o pipefail # gather arguments while (( "$#" )); do case "${1}" in --help | -h | h | help ) echo "${help_text}" && exit 0 ;; --branch=* | -b=* ) export BRANCH="${1#*=}" shift ;; --branch* | -b* ) export BRANCH="${2}" shift shift ;; --repo=* | -r=* ) export REPO="${1#*=}" shift ;; --repo* | -r* ) export REPO="${2}" shift shift ;; --mirror-country=* | -m=* ) export MIRROR_COUNTRY="${1#*=}" shift ;; --mirror-country* | -m* ) export MIRROR_COUNTRY="${2}" shift shift ;; --vnc-password=* | -v=* | --vnc-passwd=* ) export VNC_PASSWORD="${1#*=}" shift ;; --vnc-password* | -v* | --vnc-passwd* ) export VNC_PASSWORD="${2}" shift shift ;; --docker-username=* | -u=* ) export DOCKER_USERNAME="${1#*=}" shift ;; --docker-username* | -u* ) export DOCKER_USERNAME="${2}" shift shift ;; --docker-password=* | -p=* ) export DOCKER_PASSWORD="${1#*=}" shift ;; --docker-password* | -p* ) export DOCKER_PASSWORD="${2}" shift shift ;; --no-cache | -n ) export NO_CACHE='--no-cache' shift ;; --no-no-cache | -nn ) export NO_CACHE= shift ;; *) echo "Invalid option: ${1}" exit 1 ;; esac done BRANCH="${BRANCH:=master}" REPO="${REPO:=https://github.com/sickcodes/Docker-OSX.git}" VNC_PASSWORD="${VNC_PASSWORD:=testing}" MIRROR_COUNTRY="${MIRROR_COUNTRY:=US}" NO_CACHE="${NO_CACHE:=--no-cache}" TEST_BUILDS=( 'docker-osx:naked' 'docker-osx:naked-auto' 'docker-osx:auto' ) TEST_BUILDS=( 'docker-osx:naked' 'docker-osx:naked-auto' 'docker-osx:auto' ) VERSION_BUILDS=( 'high-sierra' 'mojave' 'catalina' 'big-sur' 'monterey' 'ventura' 'sonoma' ) warning () { clear for j in {15..1}; do echo "############# WARNING: THIS SCRIPT IS NOT INTENDED FOR USE BY ################" echo "############# IT IS USED BY THE PROJECT TO BUILD AND PUSH TO DOCKERHUB #######" echo "" echo " Press Ctrl C to stop. " MAX_COLS=$((${COLUMNS}/2)) printf "$j %.0s" {1..20} echo sleep 1 done } install_docker () { apt remove docker docker-engine docker.io containerd runc -y \ ; apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y \ && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ && apt-key fingerprint 0EBFCD88 \ && > /etc/apt/sources.list.d/docker.list \ && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ && apt update -y \ && apt install docker-ce docker-ce-cli containerd.io -y \ && usermod -aG docker "${USER}" \ && su hook docker run --rm hello-world } install_vnc () { apt update -y \ && apt install xorg openbox tigervnc-standalone-server tigervnc-common tigervnc-xorg-extension tigervnc-viewer -y \ && mkdir -p ${HOME}/.vnc \ && touch ~/.vnc/config \ && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ && tee -a ~/.vnc/config <<< 'localhost' \ && tee -a ~/.vnc/config <<< 'alwaysshared' \ && touch ./vnc.sh \ && printf '\n%s\n' \ 'sudo rm -f /tmp/.X99-lock' \ 'export DISPLAY=:99' \ '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth ~/.vnc/passwd :99 &' > ./vnc.sh \ && tee vncpasswd_file <<< "${VNC_PASSWORD:=testing}" && echo "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd \ && chmod 600 ~/.vnc/passwd \ && apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager -y \ && sudo systemctl enable libvirtd.service \ && sudo systemctl enable virtlogd.service \ && echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs \ && sudo modprobe kvm \ && echo 'export DISPLAY=:99' >> ~/.bashrc \ && printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$( USER root # OPTIONAL: Arch Linux server mirrors for super fast builds # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true ARG RANKMIRRORS ARG MIRROR_COUNTRY=US ARG MIRROR_COUNT=10 RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors" \ ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ | sed -e 's/^#Server/Server/' -e '/^#/d' \ | head -n "$((${MIRROR_COUNT:-10}+1))" \ | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && cat /etc/pacman.d/mirrorlist ; fi # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys RUN pacman -Sy archlinux-keyring --noconfirm && rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate USER arch RUN yes | sudo pacman -Syyuu --noconfirm \ && yes | sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm \ && mkdir -p ${HOME}/.vnc \ && touch ~/.vnc/config \ && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ && tee -a ~/.vnc/config <<< 'localhost' \ && tee -a ~/.vnc/config <<< 'alwaysshared' # this won't work if you have 99 monitors, 98 monitors is fine though # don't forget to remove the lock file incase you shut down incorrectly or create an image. RUN printf '\n%s\n' \ 'sudo rm -f /tmp/.X99-lock' \ 'export DISPLAY=:99' \ '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &' > vnc.sh RUN cat vnc.sh Launch.sh > Launch_custom.sh RUN chmod +x Launch_custom.sh RUN tee vncpasswd_file <<< "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd RUN chmod 600 ~/.vnc/passwd RUN printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$( USER root WORKDIR /root RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img # OPTIONAL: Arch Linux server mirrors for super fast builds # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true ARG RANKMIRRORS ARG MIRROR_COUNTRY=US ARG MIRROR_COUNT=10 RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors" \ ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ | sed -e 's/^#Server/Server/' -e '/^#/d' \ | head -n "$((${MIRROR_COUNT:-10}+1))" \ | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && cat /etc/pacman.d/mirrorlist ; fi # For taking screenshots of the Xfvb screen, useful during development. ARG SCROT RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \ && if [[ "${SCROT}" ]]; then \ pacman -Syu scrot base-devel --noconfirm \ && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ && cd imcat \ && make \ && sudo cp imcat /usr/bin/imcat \ && touch /usr/bin/scrotcat \ && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ && chmod +x /usr/bin/scrotcat \ ; else \ touch /usr/bin/scrotcat \ && echo echo >> /usr/bin/scrotcat \ && chmod +x /usr/bin/scrotcat \ ; fi \ ; yes | pacman -Scc USER arch WORKDIR /home/arch/OSX-KVM RUN mkdir -p ~/.ssh \ && touch ~/.ssh/authorized_keys \ && touch ~/.ssh/config \ && chmod 700 ~/.ssh \ && chmod 600 ~/.ssh/config \ && chmod 600 ~/.ssh/authorized_keys \ && tee -a ~/.ssh/config <<< 'Host *' \ && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' #### SPECIAL RUNTIME ARGUMENTS BELOW ENV ADDITIONAL_PORTS= # add additional QEMU boot arguments ENV BOOT_ARGS= ENV BOOTDISK= # edit the CPU that is beign emulated ENV CPU=Penryn ENV DISPLAY=:99 ENV HEADLESS=false ENV ENV=/env # Boolean for generating a bootdisk with new random serials. ENV GENERATE_UNIQUE=false # Boolean for generating a bootdisk with specific serials. ENV GENERATE_SPECIFIC=false ENV IMAGE_PATH=/image ENV IMAGE_FORMAT=qcow2 ENV KVM='accel=kvm:tcg' # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" # ENV NETWORKING=e1000-82545em ENV NETWORKING=vmxnet3 ENV NOPICKER=true # dynamic RAM options for runtime ENV RAM=8 # ENV RAM=max # ENV RAM=half # The x and y coordinates for resolution. # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. ENV WIDTH=1920 ENV HEIGHT=1080 # libguestfs verbose ENV LIBGUESTFS_DEBUG=1 ENV LIBGUESTFS_TRACE=1 CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ nohup Xvfb :99 -screen 0 1920x1080x16 \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ ; } \ ; [[ "${NOPICKER}" == true ]] && { \ sed -i '/^.*InstallMedia.*/d' Launch.sh \ && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2}" \ ; } \ || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --count 1 \ --tsv ./serial.tsv \ --bootdisks \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ --output-env "${ENV:=/env}" \ || exit 1 ; } \ ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ source "${ENV:=/env}" 2>/dev/null \ ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --model "${DEVICE_MODEL}" \ --serial "${SERIAL}" \ --board-serial "${BOARD_SERIAL}" \ --uuid "${UUID}" \ --mac-address "${MAC_ADDRESS}" \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ || exit 1 ; } \ # ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh WORKDIR /home/arch/OSX-KVM RUN yes | sudo pacman -Syyuu --noconfirm \ && yes | sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm \ && mkdir -p ${HOME}/.vnc \ && touch ~/.vnc/config \ && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ && tee -a ~/.vnc/config <<< 'localhost' \ && tee -a ~/.vnc/config <<< 'alwaysshared' RUN printf '\n%s\n' \ 'sudo rm -f /tmp/.X99-lock' \ 'export DISPLAY=:99' \ '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &' > vnc.sh RUN cat vnc.sh Launch.sh > Launch_custom.sh RUN chmod +x Launch_custom.sh RUN tee vncpasswd_file <<< "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd RUN chmod 600 ~/.vnc/passwd RUN printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$(