From 23ab20c2fa5883dc6dd32300fde1d65bc50f9cfe Mon Sep 17 00:00:00 2001 From: sickcodes Date: Thu, 25 Feb 2021 14:03:06 +0000 Subject: [PATCH] Major serial number runtime generation and override changes. --- CHANGELOG.md | 1 + Dockerfile | 57 ++++++++++++++++++++++++++-- Dockerfile.auto | 26 ++++++++++++- Dockerfile.naked | 31 ++++++++++++++-- README.md | 97 +++++++++++++++++++++++++++++++----------------- helm/README.md | 4 ++ 6 files changed, 174 insertions(+), 42 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49f258a..d5c8619 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ |Version|Date|Notes| |---|---|---| +|3.2|2021-02-25|Add a script to generate unique machine serial numbers. Add a script to generate a bootdisk from given serial numbers. Add Linux for libguestfs which allows the docker container to make QEMU bootdisks with specific serial numbers.| | |2021-02-21|Add NOPICKER environment variable to ALL images.| |3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.| | |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.| diff --git a/Dockerfile b/Dockerfile index 453c66e..9af8470 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ # Repo: https://github.com/sickcodes/Docker-OSX/ # Title: Mac on Docker (Docker-OSX) # Author: Sick.Codes https://sick.codes/ -# Version: 3.1 +# Version: 3.2 # License: GPLv3+ # # All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm @@ -216,6 +216,8 @@ RUN touch Launch.sh \ && tee -a Launch.sh <<< '${EXTRA:-}' # docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh +# This is now a legacy command. +# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \ && chmod +x ./Launch-nopicker.sh \ && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh @@ -233,13 +235,62 @@ ENV NETWORKING=e1000-82545em ENV NOPICKER=false +# Boolean for generating a bootdisk with new serials. +ENV UNIQUE=false + VOLUME ["/tmp/.X11-unix"] +# check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image +# NOPICKER is used to skip the disk selection screen +# GENERATE_UNIQUE is used to generate serial numbers on boot. +# /env is a file that you can generate and save using -v source.sh:/env +# the env file is a file that you can carry to the next container which will supply the serials numbers. +# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using: + # -e DEVICE_MODEL="iMacPro1,1" \ + # -e SERIAL="C02TW0WAHX87" \ + # -e BOARD_SERIAL="C027251024NJG36UE" \ + # -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ + # -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ + +# the output will be /bootdisk. +# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk. + +# if you don't set any of the above: +# the default serial numbers are already contained in ./OpenCore-Catalina/OpenCore.qcow2 +# And the default serial numbers + CMD case "$(file --brief /image)" in \ - QEMU*) export IMAGE_PATH=/image && sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true;; \ - directory*) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img;; \ + QEMU\ QCOW2\ Image* ) export IMAGE_PATH=/image \ + ; sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true \ + ;; \ + directory* ) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img \ + ;; \ esac \ ; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \ + ; [[ "${GENERATE_UNIQUE}" == true ]] \ + && ./Docker-OSX/custom/generate-unique-machine-values.sh \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + && source "${ENV}" \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] \ + && source /env \ + || ./Docker-OSX/custom/generate-specific-bootdisk.sh \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + ; case "$(file --brief /bootdisk)" in \ + QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \ + ; sudo chown "$(id -u)":"$(id -g)" "${BOOTDISK}" 2>/dev/null || true \ + ;; \ + directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ + ;; \ + esac \ ; ./enable-ssh.sh && envsubst < ./Launch.sh | bash # virt-manager mode: eta son diff --git a/Dockerfile.auto b/Dockerfile.auto index ab8e67d..0d466fc 100644 --- a/Dockerfile.auto +++ b/Dockerfile.auto @@ -7,7 +7,7 @@ # # Title: Mac on Docker (Docker-OSX) [AUTOINSTALL] # Author: Sick.Codes https://twitter.com/sickcodes -# Version: 3.1 +# Version: 3.2 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # @@ -140,6 +140,30 @@ ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a secur CMD echo "${BOILERPLATE}" \ && [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ ; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \ + ; [[ "${GENERATE_UNIQUE}" == true ]] \ + && ./Docker-OSX/custom/generate-unique-machine-values.sh \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + && source "${ENV}" \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] \ + && source /env \ + || ./Docker-OSX/custom/generate-specific-bootdisk.sh \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + ; case "$(file --brief /bootdisk)" in \ + QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \ + ; sudo chown "$(id -u)":"$(id -g)" "${BOOTDISK}" 2>/dev/null || true \ + ;; \ + directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ + ;; \ + esac \ ; [[ "${DISPLAY}" = ':99' ]] && { \ nohup Xvfb :99 -screen 0 1920x1080x16 \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 0.1 ; done \ diff --git a/Dockerfile.naked b/Dockerfile.naked index 06f9b9e..2bb8783 100644 --- a/Dockerfile.naked +++ b/Dockerfile.naked @@ -7,7 +7,7 @@ # # Title: Mac on Docker (Docker-OSX) [AUTOINSTALL] # Author: Sick.Codes https://twitter.com/sickcodes -# Version: 3.1 +# Version: 3.2 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # @@ -29,7 +29,7 @@ # docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image -e "DISPLAY=${DISPLAY:-:0.0}" -v /tmp/.X11-unix:/tmp/.X11-unix docker-osx:naked # -FROM sickcodes/docker-osx:latest +FROM docker-osx:latest MAINTAINER 'https://twitter.com/sickcodes' @@ -112,6 +112,29 @@ CMD [[ "${DISPLAY}" = ':99' ]] && { \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ ; } \ ; sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true \ - ; ./enable-ssh.sh \ ; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \ - ; envsubst < ./Launch.sh | bash + ; [[ "${GENERATE_UNIQUE}" == true ]] \ + && ./Docker-OSX/custom/generate-unique-machine-values.sh \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + && source "${ENV}" \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] \ + && source /env \ + || ./Docker-OSX/custom/generate-specific-bootdisk.sh \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + ; case "$(file --brief /bootdisk)" in \ + QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \ + ; sudo chown "$(id -u)":"$(id -g)" "${BOOTDISK}" 2>/dev/null || true \ + ;; \ + directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ + ;; \ + esac \ + ; ./enable-ssh.sh && envsubst < ./Launch.sh | bash diff --git a/README.md b/README.md index 8090b91..78e1f52 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,12 @@ ![Running mac osx in a docker container](/running-mac-inside-docker-qemu.png?raw=true "OSX KVM DOCKER") -Run Mac in a Docker container! Run near native OSX-KVM in Docker! X11 Forwarding! +Run Mac in a Docker container! Run near native OSX-KVM in Docker! X11 Forwarding! iMessage security research! Author: Sick.Codes https://sick.codes/ & https://twitter.com/sickcodes +Documentation: everything is on this page! + ### PR & Contributor Credits https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md @@ -21,7 +23,9 @@ Docker Hub: https://hub.docker.com/r/sickcodes/docker-osx ## Professional Support Available! -Enquire at https://sick.codes/contact +Small questions & issues: open an issue! + +For big projects, DM on Twitter [@sickcodes on Twitter](https://twitter.com/sickcodes) or write to us at https://sick.codes/contact. - Enterprise support, Business support, or casual support. - Custom images, custom scripts, consulting (per hour available!) @@ -31,11 +35,13 @@ Enquire at https://sick.codes/contact Kubernetes Helm Chart & Documentation [available at ./helm](https://github.com/sickcodes/Docker-OSX/tree/master/helm) +Thank you to @cephasara for this major contribution. + [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx) #### Follow [@sickcodes on Twitter](https://twitter.com/sickcodes) for updates or feature requests! -# Quick Start Docker-OSX +# Basic Quick Start Docker-OSX ```bash @@ -52,18 +58,28 @@ docker run -it \ ``` -# Quick Start 17.5GB Pre-Made Image +# Quick Start Large Pre-Made Image +Current large image size: 17.5GB -You will need around 50GB of space: half for the base image + half for your runtime image. +This starts the special auto image @sickcodes prepared earlier. -If you run out of space, you can nuke your Docker images/history/cache by simply deleting `/var/lib/docker` +This image has already been installed with the following settings: + +- SSH enabled +- username is user +- password is alpine +- Autoupdates off + +You will need around 50GB of space to run this image: half for the base image + half for your runtime image. + +If you run out of space, you can delete all your Docker images/history/cache by simply deleting `/var/lib/docker` ```bash docker pull sickcodes/docker-osx:auto -# boot straight to OSX shell with no display (19GB) +# boot directly into a real OSX shell with no display (Xvfb) docker run -it \ --device /dev/kvm \ -p 50922:10022 \ @@ -76,7 +92,7 @@ docker run -it \ docker pull sickcodes/docker-osx:auto -# boot to OSX shell + display (19GB) +# boot directly into a real OSX shell with a visual display docker run -it \ --device /dev/kvm \ -p 50922:10022 \ @@ -90,7 +106,7 @@ docker run -it \ docker pull sickcodes/docker-osx:auto -# boot to OSX shell + display (19GB) + commands to run inside OSX +# boot to OSX shell + display + specify commands to run inside OSX! docker run -it \ --device /dev/kvm \ -p 50922:10022 \ @@ -104,6 +120,8 @@ docker run -it \ ``` ### Restart an auto container +Containers that use `sickcodes/docker-osx:auto` can be stopped at started. + ```bash # find last container docker ps -a @@ -113,13 +131,14 @@ docker start -i containerid ``` -# Quick Start Own Image +# Quick Start Own Image (naked container image) +This is my favourite container. You can supply an existing disk image as a docker command line argument. Supply your own local image with `-v "${PWD}/mac_hdd_ng.img:/image"` and use `sickcodes/docker-osx:naked` - Naked image is for booting any existing .img file. -- By default, this image has a variable called `NOPICKER` which is `"true"`. Use `-e NOPICKER=false` or any other string than the word `true` to enter the boot menu. This lets you use other disks instead of skipping the boot menu, e.g. recovery disk. +- By default, this image has a variable called `NOPICKER` which is `"true"`. This skips the disk selection menu. Use `-e NOPICKER=false` or any other string than the word `true` to enter the boot menu. This lets you use other disks instead of skipping the boot menu, e.g. recovery disk or disk utility. ```bash docker pull sickcodes/docker-osx:naked @@ -153,24 +172,25 @@ docker run -it \ sickcodes/docker-osx:naked ``` -# Features In Docker-OSX v3.1 -- Full auto mode: boot straight to OSX shell. -- sickcodes/docker-osx:latest - original base recovery image (safe) -- sickcodes/docker-osx:naked - supply your own .img file (safe) -- sickcodes/docker-osx:auto - 17.5GB image boot to OSX shell (must trust @sickcodes) -- Supply your own image using -v $PWD/disk.img:/image +# Features In Docker-OSX v3.2 +- Serial number generators. [See below or ./custom](https://github.com/sickcodes/Docker-OSX/tree/master/custom) +- Full auto mode: boot straight to OSX shell and even run commands as runtime arguments! +- `sickcodes/docker-osx:latest` - original base recovery image (safe) +- `sickcodes/docker-osx:naked` - supply your own .img file (safe) +- `sickcodes/docker-osx:auto` - Large docker image that boots to OSX shell (must trust @sickcodes) +- Supply your own image using `-v "${PWD}/disk.img:/image"` - Kubernetes Helm Chart. [See ./helm](https://github.com/sickcodes/Docker-OSX/tree/master/helm) -- OSX-KVM +- [OSX-KVM](https://github.com/kholia/OSX-KVM) inside a Docker container! - X11 Forwarding -- SSH on localhost:50922 -- QEMU -- VNC on localhost:8888 [vnc version is inside a separate directory](https://github.com/sickcodes/Docker-OSX/blob/master/vnc-version/Dockerfile) -- Create an ARMY using `docker commit` -- XFVB HEADLESS (use vnc) +- SSH on `localhost:50922` +- QEMU + KVM! +- VNC version on `localhost:8888` [vnc version is inside a separate directory, there are security risks involved with using VNC, see insid the Dockerfile](https://github.com/sickcodes/Docker-OSX/blob/master/vnc-version/Dockerfile) +- Create an ARMY of the same exact container using `docker commit` +- Xfvb headless mode ### All Pull Requests Welcome! -Docker-OSX is a GPLv3+ Dockerfile and we need contributors just like you :). +Docker-OSX is a GPLv3+ Dockerfile and we need contributors just like you :) Upstream: https://github.com/kholia/OSX-KVM && the great guy [@kholia](https://twitter.com/kholia) @@ -178,6 +198,10 @@ Upstream Credits (OSX-KVM project) among many others: https://github.com/kholia/ # Download The Image for sickcodes/docker-osx:naked +This is the current automated image. Username is `user`, passsword is `alpine`, SSH is on, and auto-updates are off. + +If the download is slow, just get the image from `docker pull sickcodes/docker-osx:auto` and find it in `/var/lib/docker`. + ```bash wget https://images2.sick.codes/mac_hdd_ng_auto.img @@ -191,14 +215,6 @@ docker run -it \ ``` -# Internet Speeds - -### Slow internet but iMessage & iCloud compatability -`-e NETWORKING=e1000-82545em` - -### FAST internet but not compatable with iMessage & iCloud -`-e NETWORKING=vmxnet3` - ### Other cool Docker-QEMU based projects: [Run iOS in a Docker with Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [https://github.com/sickcodes/Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) @@ -243,6 +259,8 @@ ssh fullname@localhost -p 50922 # Autoboot into OSX after you've installed everything +You can use `-e NOPICKER=true` or for older machines: + ```bash # find you containerID docker ps @@ -289,7 +307,9 @@ sudo modprobe kvm # Start the same container later (persistent disk) -This is for when you want to run the SAME container again later. +1. You can now pull the `.img` file out of the container, which is stored in `/var/lib/docker`, and supply it as a runtime argument to the `:naked` Docker image. See above. + +2. This is for when you want to run the SAME container again later. If you don't run this you will have a new image every time. @@ -501,6 +521,15 @@ sudo mv somedir/mac_hdd_ng.img . [Use the sickcodes/docker-osx:naked image.](https://github.com/sickcodes/Docker-OSX/tree/custom-identity#quick-start-own-image) +# Internet Speeds + +### Slow internet but iMessage & iCloud compatability +`-e NETWORKING=e1000-82545em` + +### FAST internet but not compatable with iMessage & iCloud +`-e NETWORKING=vmxnet3` + + # DESTROY: Wipe old images to free disk space The easiest way to clean out your entire Docker (ALL images, layers, and containers) is to `sudo rm -rf /var/lib/docker` @@ -713,7 +742,7 @@ The directory that we are letting the Docker container use is a X server display If we let the Docker container use the same display socket as our own environment, then any applications you run inside the Docker container will show up on your screen too! [https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html](https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html) -## Todo: +## TODO: ``` - Security Documentation - GPU Acceleration: Coming Soon diff --git a/helm/README.md b/helm/README.md index a6500e6..6e8db3c 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,5 +1,9 @@ # docker-osx +Docker-OSX Helm Chart for Kubernetes. + +Project page: https://github.com/sickcodes/docker-osx + Available now on Artifact HUB [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx)