diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..fff304d --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,65 @@ +|Version|Date|Notes| +|---|---|---| +| |2021-09-09|Add Monterey| +| |2021-08-27|Add iPhone passthrough OTA!| +|6.0|2021-08-25|Added naked-auto. Keep kernel at 5.13, even tho it's just for supermin.| +|5.0|2021-07-25|Retire glibc patch. Retire file command patch. Add bootmenu=on.| +| |2021-07-08|Add CPUID_FLAGS to edit the CPUID flags on the fly.| +|4.4|2021-05-06|Prepare nakedvnc for hub.docker.com. Add `ENV BOOT_ARGS=` to supply additon boot arguments, for example, `vmx,rdtscp`. Add `ENV CPU=Penryn` to allow changes to the CPU emulation, for example, `Skylake-Client`, or see [more examples here](https://manpages.ubuntu.com/manpages/disco/man7/qemu-cpu-models.7.html).| +| |2021-05-04|Disable arbitrary chown warning| +| |2021-04-27|Fixed missing sudo| +| |2021-04-18|Add LIBGUESTFS debug & trace commands, exit on fail when creating bootdisks. Silence touch errors.| +|4.3|2021-03-24|Enable interactive QEMU again. Remove envsubst since we are already using bash... Add set -x flag| +|4.2|2021-03-24|Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add `IMAGE_FORMAT=qcow2` to allow `IMAGE_FORMAT=raw` too.| +| |2021-03-19|Use RAM=3 as the default RAM allocation. Add instructions to clear buff/cache.| +| |2021-03-17|Add RAM=max and RAM=half to dynamically select ram at runtime (DEFAULT).| +| |2021-03-06|Change envs to require --envs. Automatically enable --envs if --output-env is used. Same for plists, bootdisks. Fix help ugliness and sanity of generate serial scripts. Fix bootdisk not getting written to persistent file when using NOPICKER=true. NOPICKER=true is overridden by a custom plist now anyway. Remove useless case statements. Allow -e HEADLESS=true as human readable alternative to -e DISPLAY=:99.| +|4.1|2021-03-04|Add `-e MASTER_PLIST_URL` to all images to allow using your own remote plist.| +| |2021-03-03|Add `WIDTH` and `HEIGHT` to set the x and y resolutions, use in conjuction with serial numbers.| +| |2021-03-02|Add ADDITIONAL_PORTS, for example `-e ADDITIONAL_PORTS='hostfwd=tcp::23-:23,'`| +|4.0|2021-02-27|Add big-sur support. Use `sickcodes/docker-osx:big-sur` or build using `--build-arg VERSION=11`| +| |2021-02-26|Change `-e NOPICKER=true` to simply do `sed -i '/^.*InstallMedia.*/d' Launch.sh` and `export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2`.| +|3.2|2021-02-25|Add a script to generate unique machine serial numbers. Add a script to generate a bootdisk from given serial numbers. Add Linux for libguestfs which allows the docker container to make QEMU bootdisks with specific serial numbers.| +| |2021-02-21|Add NOPICKER environment variable to ALL images.| +|3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.| +| |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.| +| |2021-02-07|Add MAC_ADDRESS environment variable.| +| |2021-02-03|Employ wget --no-verbose to avoid buffer overload in hub.docker.com.| +| |2021-02-03|Reduce build size.| +| |2021-01-27|Add OSX_COMMANDS to allow runtime commands on :auto image.| +| |2021-01-26|Removed most pointless VOLUME build commands.| +|3.0|2021-01-23|Add fast mode boot straight to shell. And -v $PWD/disk.img:/image for all Dockerfiles| +| |2021-01-22|Add additional helm chart instructions and files.| +| |2021-01-15|Fix helm initial disk creation process and add installation instructions.| +| |2021-01-14|Add Helm Chart for Kubernetes support.| +| |2021-01-08|Use IMAGE_PATH as a variable during envsubst for the full path of mac_hdd_ng.img. In preparation for full auto.| +| |2021-01-07|Fix sounds errors and sshd missing on latest build.| +|2.7|2021-01-05|Add rankmirrors. Remove gibMacOS. Replace iptables with iptables-nft. Remove libguestfs.| +| |2020-12-17|Remove unnecessary WORKDIR commands.| +| |2020-12-16|Reduce image size by cloning OSX-KVM to only 1 depth level. Simplify mkdir && chown to mkdir -m| +| |2020-10-06|Add the ability to skip the boot screen with ./Launch-nopicker.sh| +| |2020-10-05|Add vim/vi and nano to the container.| +|2.6|2020-09-26|Increase version.| +| |2020-09-25|Add some WORKDIR fixes.| +| |2020-09-24|Clear pacman cache after use to reduce disk size significantly. Add various shell expansions to inline variables. Add set -eu to Launch.sh. Add a shebang to Launch.sh. Add tcg acceleration as a fallback to kvm. Remove need for display **(This change is reverted later)**. Chown /dev/kvm and /dev/snd. Remove --privileged by specifying required passthroughs. Add audio driver arguments to satisfy QEMU **(USB SoundCard recommended)**. Tidy Launch.sh to reduce image by 2.5GB (from 6GB). | +|2.5|2020-09-20|Critical changes to TigerVNC due to upstream overhaul in TigerVNC.| +| |2020-09-20|Replace ebtables with iptables-nft.| +| |2020-08-29|Increase default OSX to 10.15.6 and add SCREEN_SHARE_PORT=5900 ENV variable.| +| |2020-08-23|Add OSX Screen Sharing port forwarding.| +| |2020-08-23|Clear /tmp/.X99-lock before starting the VNC version.| +| |2020-07-02|Refresh the docker-compose file.| +| |2020-06-22|Add some mirrors to the container.| +| |2020-06-22|Add more force updates to pacman.| +| |2020-06-18|Significantly reduce image layer count by concatenating groups of commands.| +| |2020-06-18|Use the mainline image as the base image for the VNC version.| +|2.0|2020-06-15|Change default OSX version from 10.14.6 to 10.15.5. Add SSH port forwarding inside the container thru to the guest. Increase default arbitrary disk size to 200G. Force update pacman to prevent old mirror links. Add custom Launch.sh script. Add customizable RAM, SMP, CORES, EXTRA and INTERNAL_SSH_PORT| +| |2020-06-14|Remove yay| +| |2020-06-10|Add an OR for attemping to kill non-existent VNC lock files.| +| |2020-06-09|Instruct gibMacOS to download recovery disk only.| +| |2020-06-09|Remove VNC lockfile from killed containers preventing a restart.| +| |2020-06-08|Add docker-compose.yml| +| |2020-06-07|Add VNC version inside the vnc folder.| +| |2020-06-05|Remove systemctl enable libvirtd.service/virtlogd.service since Docker doesn't have systemd| +| |2020-06-04|Removed svm\|vmx via /proc/cpuinfo check which fails on hub.docker.com| +|1.0|2020-06-04|Initial Release| + diff --git a/CREDITS.md b/CREDITS.md new file mode 100644 index 0000000..3cba260 --- /dev/null +++ b/CREDITS.md @@ -0,0 +1,133 @@ +# Credits + +The most important part of the project. You. + +## Upstream Acknowledgements: + +This project uses OSX-KVM from https://github.com/kholia/OSX-KVM and fully appreciates the work done by [@Kholia](https://github.com/Kholia) and all the contributors who are listed: [https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md](https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md) + +This project also uses KVM-OpenCore from https://github.com/Leoyzen/KVM-Opencore and fully appreciates the work done by [@Leoyzen](https://github.com/Leoyzen). + +We use a special fork by [Nicholas Sherlock](https://www.nicksherlock.com/) of KVM-Opencore https://github.com/thenickdude/KVM-Opencore and thank Nick for his awesome upstream work! + +This project now uses the fantastic OpenCore bootloader from the community OpenCore project: https://github.com/acidanthera/OpenCorePkg. You can join their [Subreddit here](https://www.reddit.com/r/hackintosh/)! + +## These credits refer to the legendary contributors to this repository: + +[@GreeFine](https://github.com/GreeFine) - Readme Typo #9 + +[@parasquid](https://github.com/parasquid) - Docker compose file + +[@matusnovak](https://github.com/matusnovak) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31 + +[@m1k1o](https://github.com/m1k1o) - Kill badly terminated old vnc session before vnc starts and fix gtk initialization failed #31 + +[@qcasey](https://github.com/qcasey) - Removed unnecessary yay in Remove yay dependancy #40 + +[@tlierdotfr](https://github.com/tlierdotfr) - Reduce number of layers in Dockerfile + +[@Julioevm](https://github.com/Julioevm) - Update docker-compose.yml #57 + +[@jviotti](https://github.com/jviotti) - Auto-boot thru ShowPicker + +[@IAmBenMitchell]([https://github.com/MrBenFTW](https://github.com/iambenmitchell)) - Updated macOS version 10.15.5 -> 10.15.6, Enabled screen sharing port forwarding, Removed the need to remove 1gb from the partition. + +[@hoantp](https://github.com/hoantp) - Initialized TigerVNC 1.11.0 fix + +[@jimdigriz](https://github.com/jimdigriz) - Epic fixes: image size, shellisms, fallback2kvm, unprivileged mode https://github.com/sickcodes/Docker-OSX/pull/82 + +[@NickZhouNan](https://github.com/NickZhouNan) - Bug fix with changed WORKDIR + +[@MrBenFTW](https://github.com/MrBenFTW) - Added IP forwarding hot tips, useful for boosting bridged networking in remote environments. + +[@mikob](https://github.com/mikob) - Added important warning for Xcode users to reserve 60GB++ - Made instructions more clear for those needing Xcode #94 + +[@AdamMomen](https://github.com/AdamMomen) - Fixed automatic boot vnc-version container instructions for better usablility + +[@PeterDaveHello](https://github.com/PeterDaveHello) - Simplify .ssh directory setup process in Dockerfile #111 + +[@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce image size by setting git clone depth #110 + +[@PeterDaveHello](https://github.com/PeterDaveHello) - Reduce Dockerfile instructions and Docker image layers #112 + +[@weskerfoot](https://github.com/weskerfoot) Docs updates: usb passthrough, headless mode, disk space reduction guide #113 + +[@PeterDaveHello](https://github.com/PeterDaveHello) - Improve Dockerfile #121 + +[@cephasara](https://github.com/cephasara) - Add helm chart #124 + +[@cephasara](https://github.com/cephasara) - Fix helm initial disk creation process and add installation instructions #125 + +[@cephasara](https://github.com/cephasara) - Add gpu passthrough support as well as dynamic OpenCore chainloader regeneration #132 + +[@cephasara](https://github.com/cephasara) - Fix helm installation failure and cleanup values organization #134 + +[@prometheas](https://github.com/prometheas) - docs: fix broken multi-line docker command #140 + +[@MrBenFTW](https://github.com/MrBenFTW) - Tempfix for arch #150 + +[@edsonboldrini](https://github.com/edsonboldrini) - Update README.md #161 + +[@TheHackerCoding](https://github.com/TheHackerCoding) - Typo in README.md #194 + +[@panos](https://github.com/panos) - Improved README #212 + +[@ggjulio](https://github.com/ggjulio) - Restarting an "auto" container #216 + +[@panos](https://github.com/panos) - Improved README #212 + +[@panos](https://github.com/panos) - Made further improvements to the README #219 + +[@kaoudis](https://github.com/kaoudis) README / troubleshooting docs improvements #235 + +[@a10kiloham](https://github.com/a10kiloham) - Dockerfile for :naked image with VNC support #245 + +[@a10kiloham](https://github.com/a10kiloham) - Adding Bluebubbles as an example use case #250 + +[@aronzvi](https://github.com/aronzvi) - Fixed Failed to boot OSX with GENERATE_UNIQUE #244 + +[@tinjaw](https://github.com/tinjaw) - Fixed Type #258 + +[@m-zheng](https://github.com/m-zheng) - Update README.md #260 + +[@johnjhacking](https://github.com/johnjhacking) - Change call function to Popen #288 + +[@allansrc](https://github.com/allansrc) - Update Doc detail for run on WLS #318 + +[@mcandre](https://github.com/mcandre) - fix typo #334 + +[@cybik](https://github.com/cybik) Spice fix #337 + +[@Silfalion](https://github.com/Silfalion) - [https://github.com/Silfalion/Iphone_docker_osx_passthrough](https://github.com/Silfalion/Iphone_docker_osx_passthrough) + +[@chirag350](https://github.com/chirag350) use LABEL instead of MAINTAINER since MAINTAINER is deprecated #352 + +[@Buthrakaur](https://github.com/Buthrakaur) readme - improve instructions for running on windows #361 + +[@TheHackerCoding](https://github.com/TheHackerCoding) Typo in README #367 + +[@cameronsteele](https://github.com/cameronsteele) fix Big Sur build example #378 + +[@eggplants](https://github.com/eggplants) Fix command to launch sickcodes/docker-osx:auto #366 + +[@martinmullins](https://github.com/martinmullins) Notes for mounting an NFS folder from a linux host #392 + +[@kimjammer](https://github.com/kimjammer) Readme - Added instructions for using WSLg's built in X11 server #395 + +[@jk2K](https://github.com/jk2K) fix: support dynamic change of Base image #408 + +[@MikeCoder96](https://github.com/MikeCoder96) Update README.md with WSL how to #412 + +[@aslafy-z](https://github.com/aslafy-z) chore(docs): update helm requirements list style #420 + +[@kimjammer](https://github.com/kimjammer) Update Windows Installation section #422 + +[@Mhartig](https://github.com/Mhartig) - Worked out issue `Enter a number (default=1): error: invalid number: y` + +[@felipestt](https://github.com/felipestt) Use more CPU Cores/SMP' broken #440 + +[@routmoute](https://github.com/routmoute) README: add PulseAudio with WSLg #442 +[@dulatello08](https://github.com/dulatello08) Update README.md #452 + +[@Anthropohedron](https://github.com/Anthropohedron) Added FAQ.md + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..40accb6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,398 @@ +#!/usr/bin/docker +# ____ __ ____ ______ __ +# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / +# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / +# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | +# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| +# +# Title: Docker-OSX (Mac on Docker) +# Author: Sick.Codes https://twitter.com/sickcodes +# Version: 6.0 +# License: GPLv3+ +# Repository: https://github.com/sickcodes/Docker-OSX +# Website: https://sick.codes +# +# All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm +# OpenCore support go to https://github.com/Leoyzen/KVM-Opencore +# and https://github.com/thenickdude/KVM-Opencore/ +# +# This Dockerfile automates the installation of Docker-OSX +# It will build a 200GB container. You can change the size using build arguments. +# This Dockerfile builds on top of the work done by Dhiru Kholia, and many others. +# +# Build: +# +# docker build -t docker-osx . +# docker build -t docker-osx --build-arg VERSION=10.15.5 --build-arg SIZE=200G . +# docker build -t docker-osx-sonoma --build-arg BRANCH=sonoma --build-arg SHORTNAME=sonoma . +# +# Basic Run: +# +# docker run --device /dev/kvm --device /dev/snd -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest +# +# Run with SSH: +# +# docker run --device /dev/kvm --device /dev/snd -e RAM=6 -p 50922:10022 -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" sickcodes/docker-osx:latest +# # ssh fullname@localhost -p 50922 +# +# Optargs: +# +# -v $PWD/disk.img:/image +# -e SIZE=200G +# -e VERSION=10.15.6 +# -e RAM=5 +# -e SMP=4 +# -e CORES=4 +# -e EXTRA= +# -e INTERNAL_SSH_PORT=10022 +# -e MAC_ADDRESS= +# +# Extra QEMU args: +# +# docker run ... -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8" ... +# # you will also need to pass the device to the container + +FROM archlinux:base-devel +LABEL maintainer='https://twitter.com/sickcodes ' + +SHELL ["/bin/bash", "-c"] + +# change disk size here or add during build, e.g. --build-arg VERSION=10.14.5 --build-arg SIZE=50G +ARG SIZE=200G +ARG PARALLEL_DOWNLOADS=30 + +# OPTIONAL: Arch Linux server mirrors for super fast builds +# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true +RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ ${PARALLEL_DOWNLOADS:=30}/g /etc/pacman.conf + +ARG RANKMIRRORS +ARG MIRROR_COUNTRY=US +ARG MIRROR_COUNT=10 + +RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' + +# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys +RUN pacman -Sy archlinux-keyring --noconfirm \ + && rm -rf /etc/pacman.d/gnupg \ + && pacman-key --init \ + && pacman-key --populate archlinux + +RUN if [[ "${RANKMIRRORS}" ]]; then \ + { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ + ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ + ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ + | sed -e 's/^#Server/Server/' -e '/^#/d' \ + | head -n "$((${MIRROR_COUNT:-10}+1))" \ + | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ + && cat /etc/pacman.d/mirrorlist \ + ; fi + +RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' + +# This fails on hub.docker.com, useful for debugging in cloud +# RUN [[ $(egrep -c '(svm|vmx)' /proc/cpuinfo) -gt 0 ]] || { echo KVM not possible on this host && exit 1; } + +# RUN tee -a /etc/pacman.conf <<< '[community-testing]' \ +# && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist' + +RUN pacman -Syu git zip vim nano alsa-utils openssh --noconfirm \ + && ln -s /bin/vim /bin/vi \ + && useradd arch -p arch \ + && tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \ + && mkdir -p /home/arch \ + && chown arch:arch /home/arch + +# allow ssh to container +RUN mkdir -p -m 700 /root/.ssh + +WORKDIR /root/.ssh +RUN touch authorized_keys \ + && chmod 644 authorized_keys + +WORKDIR /etc/ssh +RUN tee -a sshd_config <<< 'AllowTcpForwarding yes' \ + && tee -a sshd_config <<< 'PermitTunnel yes' \ + && tee -a sshd_config <<< 'X11Forwarding yes' \ + && tee -a sshd_config <<< 'PasswordAuthentication yes' \ + && tee -a sshd_config <<< 'PermitRootLogin yes' \ + && tee -a sshd_config <<< 'PubkeyAuthentication yes' \ + && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_rsa_key' \ + && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ecdsa_key' \ + && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ed25519_key' + +USER arch + +# download OSX-KVM for the submodules +RUN git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git /home/arch/OSX-KVM + +# enable ssh +# docker exec .... ./enable-ssh.sh +USER arch + +WORKDIR /home/arch/OSX-KVM + +RUN touch enable-ssh.sh \ + && chmod +x ./enable-ssh.sh \ + && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_rsa_key ]] || \' \ + && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \ + && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \' \ + && tee -a enable-ssh.sh <<< 'sudo /usr/bin/ssh-keygen -A' \ + && tee -a enable-ssh.sh <<< 'nohup sudo /usr/bin/sshd -D &' + +# QEMU CONFIGURATOR +# set optional ram at runtime -e RAM=16 +# set optional cores at runtime -e SMP=4 -e CORES=2 +# add any additional commands in QEMU cli format -e EXTRA="-usb -device usb-host,hostbus=1,hostaddr=8" + +# default env vars, RUNTIME ONLY, not for editing in build time. + +# RUN yes | sudo pacman -Syu qemu libvirt dnsmasq virt-manager bridge-utils edk2-ovmf netctl libvirt-dbus --overwrite --noconfirm + +RUN yes | sudo pacman -Syu bc qemu-desktop libvirt dnsmasq virt-manager bridge-utils openresolv jack2 ebtables edk2-ovmf netctl libvirt-dbus wget scrot --overwrite --noconfirm \ + && yes | sudo pacman -Scc + +WORKDIR /home/arch/OSX-KVM + +# shortname default is catalina, which means :latest is catalina +ARG SHORTNAME=catalina + +RUN make \ + && qemu-img convert BaseSystem.dmg -O qcow2 -p -c BaseSystem.img \ + && rm ./BaseSystem.dmg + +# fix invalid signature on old libguestfs +ARG SIGLEVEL=Never + +RUN sudo tee -a /etc/pacman.conf <<< "SigLevel = ${SIGLEVEL}" \ + && sudo tee -a /etc/pacman.conf <<< 'RemoteFileSigLevel = Optional' \ + && sudo sed -i -e 's/^\#RemoteFileSigLevel/RemoteFileSigLevel/g' /etc/pacman.conf + +ARG LINUX=true + +# required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly +# reminder this is what makes :naked image larger than expected +RUN if [[ "${LINUX}" == true ]]; then \ + sudo pacman -Syu linux linux-headers archlinux-keyring guestfs-tools mkinitcpio pcre pcre2 --noconfirm \ + && libguestfs-test-tool \ + && rm -rf /var/tmp/.guestfs-* \ + && yes | sudo pacman -Scc \ + ; fi + +# optional --build-arg to change branches for testing +ARG BRANCH=master +ARG REPO='https://github.com/sickcodes/Docker-OSX.git' +RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH:=master}" "${REPO:=https://github.com/sickcodes/Docker-OSX.git}" + +RUN touch Launch.sh \ + && chmod +x ./Launch.sh \ + && tee -a Launch.sh <<< '#!/bin/bash' \ + && tee -a Launch.sh <<< 'set -eux' \ + && tee -a Launch.sh <<< 'sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true' \ + && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ + && tee -a Launch.sh <<< '[[ "${RAM}" = max ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 1000000"))"' \ + && tee -a Launch.sh <<< '[[ "${RAM}" = half ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 2000000"))"' \ + && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ + && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-4}000 \' \ + && tee -a Launch.sh <<< '-cpu ${CPU:-Penryn},${CPUID_FLAGS:-vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,}${BOOT_ARGS} \' \ + && tee -a Launch.sh <<< '-machine q35,${KVM-"accel=kvm:tcg"} \' \ + && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \ + && tee -a Launch.sh <<< '-device qemu-xhci,id=xhci \' \ + && tee -a Launch.sh <<< '-device usb-kbd,bus=xhci.0 -device usb-tablet,bus=xhci.0 \' \ + && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \ + && tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \ + && tee -a Launch.sh <<< '-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \' \ + && tee -a Launch.sh <<< '-smbios type=2 \' \ + && tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \ + && tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \ + && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2} \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \ + && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=${BASESYSTEM_FORMAT:-qcow2} \' \ + && tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.4,drive=MacHDD \' \ + && tee -a Launch.sh <<< '-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \' \ + && tee -a Launch.sh <<< '-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \' \ + && tee -a Launch.sh <<< '-monitor stdio \' \ + && tee -a Launch.sh <<< '-boot menu=on \' \ + && tee -a Launch.sh <<< '-vga vmware \' \ + && tee -a Launch.sh <<< '${EXTRA:-}' + +# docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh +# This is now a legacy command. +# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk + +### LEGACY CODE +RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \ + && chmod +x ./Launch-nopicker.sh \ + && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh +### + +USER arch + +ENV USER=arch + +# These are hardcoded serials for non-iMessage related research +# Overwritten by using GENERATE_UNIQUE=true +# Upstream removed nopicker, so we are adding it back in, at build time +# Once again, this is just for the Docker build so there is a default nopicker image there + +# libguestfs verbose +ENV LIBGUESTFS_DEBUG=1 +ENV LIBGUESTFS_TRACE=1 + +ARG STOCK_DEVICE_MODEL=iMacPro1,1 +ARG STOCK_SERIAL=C02TM2ZBHX87 +ARG STOCK_BOARD_SERIAL=C02717306J9JG361M +ARG STOCK_UUID=007076A6-F2A2-4461-BBE5-BAD019F8025A +ARG STOCK_MAC_ADDRESS=00:0A:27:00:00:00 +ARG STOCK_WIDTH=1920 +ARG STOCK_HEIGHT=1080 +ARG STOCK_MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist +ARG STOCK_MASTER_PLIST_URL_NOPICKER=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist +ARG STOCK_BOOTDISK=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 +ARG STOCK_BOOTDISK_NOPICKER=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2 + +RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${STOCK_MASTER_PLIST_URL}" \ + --model "${STOCK_DEVICE_MODEL}" \ + --serial "${STOCK_SERIAL}" \ + --board-serial "${STOCK_BOARD_SERIAL}" \ + --uuid "${STOCK_UUID}" \ + --mac-address "${STOCK_MAC_ADDRESS}" \ + --width "${STOCK_WIDTH}" \ + --height "${STOCK_HEIGHT}" \ + --output-bootdisk "${STOCK_BOOTDISK}" || exit 1 \ + ; rm -rf /var/tmp/.guestfs-* + +RUN ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${STOCK_MASTER_PLIST_URL_NOPICKER}" \ + --model "${STOCK_DEVICE_MODEL}" \ + --serial "${STOCK_SERIAL}" \ + --board-serial "${STOCK_BOARD_SERIAL}" \ + --uuid "${STOCK_UUID}" \ + --mac-address "${STOCK_MAC_ADDRESS}" \ + --width "${STOCK_WIDTH}" \ + --height "${STOCK_HEIGHT}" \ + --output-bootdisk "${STOCK_BOOTDISK_NOPICKER}" || exit 1 \ + ; rm -rf /var/tmp/.guestfs-* + +### symlink the old directory as upstream has renamed a directory. Symlinking purely for backwards compatability! +RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true +#### + +#### SPECIAL RUNTIME ARGUMENTS BELOW +# env -e ADDITIONAL_PORTS with a comma +# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23, +ENV ADDITIONAL_PORTS= + +# since the Makefile uses raw, and raw uses the full disk amount +# we want to use a compressed qcow2 +# ENV BASESYSTEM_FORMAT=raw +ENV BASESYSTEM_FORMAT=qcow2 + +# add additional QEMU boot arguments +ENV BOOT_ARGS= + +ENV BOOTDISK= + +# edit the CPU that is being emulated +ENV CPU=Penryn +ENV CPUID_FLAGS='vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,' + +ENV DISPLAY=:0.0 + +# Deprecated +ENV ENV=/env + +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + +ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + +# boolean for skipping the disk selection menu at in the boot process +ENV NOPICKER=false + +# dynamic RAM options for runtime +ENV RAM=4 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + +VOLUME ["/tmp/.X11-unix"] + +# check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image +# NOPICKER is used to skip the disk selection screen +# GENERATE_UNIQUE is used to generate serial numbers on boot. +# /env is a file that you can generate and save using -v source.sh:/env +# the env file is a file that you can carry to the next container which will supply the serials numbers. +# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using: + # -e DEVICE_MODEL="iMacPro1,1" \ + # -e SERIAL="C02TW0WAHX87" \ + # -e BOARD_SERIAL="C027251024NJG36UE" \ + # -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ + # -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ + +# the output will be /bootdisk. +# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk. + +# if you don't set any of the above: +# the default serial numbers are already contained in ./OpenCore/OpenCore.qcow2 +# And the default serial numbers + +CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; [[ "${NOPICKER}" == true ]] && { \ + sed -i '/^.*InstallMedia.*/d' Launch.sh \ + && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ + ; } \ + || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ + ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + || exit 1 ; } \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ + source "${ENV:=/env}" 2>/dev/null \ + ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + || exit 1 ; } \ + ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh + +# virt-manager mode: eta son +# CMD virsh define <(envsubst < Docker-OSX.xml) && virt-manager || virt-manager +# CMD virsh define <(envsubst < macOS-libvirt-Catalina.xml) && virt-manager || virt-manager diff --git a/Dockerfile.auto b/Dockerfile.auto new file mode 100644 index 0000000..432d01b --- /dev/null +++ b/Dockerfile.auto @@ -0,0 +1,280 @@ +#!/usr/bin/docker +# ____ __ ____ ______ __ +# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / +# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / +# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | +# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :AUTO +# +# Title: Docker-OSX (Mac on Docker) +# Author: Sick.Codes https://twitter.com/sickcodes +# Version: 6.0 +# License: GPLv3+ +# Repository: https://github.com/sickcodes/Docker-OSX +# Website: https://sick.codes +# +# This Dockerfile is a pre-installed naked installation of Docker-OSX! +# +# Default username: user +# Default password: alpine +# +# Take screenshots in the Arch container and display in terminal: scrotcat +# readme: +# timezone: UTC/GMT +# +# Future versions will navigate the installation process, inside the Dockerfile. +# +# +# Build: +# +# docker build -t docker-osx:auto -f Dockerfile.auto . +# +# Run: +# +# docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng_auto.img:/image docker-osx-auto:latest +# +# SSH: +# From inside the container: +# ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022 +# +# From outside the container: +# ssh localhost user@127.0.0.1 -p 50922 +# docker exec -it containerid ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022 + +FROM sickcodes/docker-osx:latest + +LABEL maintainer='https://twitter.com/sickcodes ' + +USER root + +WORKDIR /root + +# For taking screenshots of the Xfvb screen, useful during development. +ARG SCROT + +# OPTIONAL: Arch Linux server mirrors for super fast builds +# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true +RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf +ARG RANKMIRRORS +ARG MIRROR_COUNTRY=US +ARG MIRROR_COUNT=10 + +RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' + +# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys +RUN pacman -Sy archlinux-keyring --noconfirm \ + && rm -rf /etc/pacman.d/gnupg \ + && pacman-key --init \ + && pacman-key --populate archlinux + +RUN if [[ "${RANKMIRRORS}" ]]; then \ + { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ + ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ + ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ + | sed -e 's/^#Server/Server/' -e '/^#/d' \ + | head -n "$((${MIRROR_COUNT:-10}+1))" \ + | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ + + + + && cat /etc/pacman.d/mirrorlist \ + ; fi + +RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' + +RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \ + && if [[ "${SCROT}" ]]; then \ + pacman -Syu scrot base-devel --noconfirm \ + && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ + && cd imcat \ + && make \ + && sudo cp imcat /usr/bin/imcat \ + && touch /usr/bin/scrotcat \ + && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ + && chmod +x /usr/bin/scrotcat \ + ; else \ + touch /usr/bin/scrotcat \ + && echo echo >> /usr/bin/scrotcat \ + && chmod +x /usr/bin/scrotcat \ + ; fi \ + ; yes | pacman -Scc + +RUN pacman -S sshpass --noconfirm \ + && yes | pacman -Scc + +USER arch + +ENV USER arch + +WORKDIR /home/arch/OSX-KVM + +RUN mkdir -p ~/.ssh \ + && touch ~/.ssh/authorized_keys \ + && touch ~/.ssh/config \ + && chmod 700 ~/.ssh \ + && chmod 600 ~/.ssh/config \ + && chmod 600 ~/.ssh/authorized_keys \ + && tee -a ~/.ssh/config <<< 'Host *' \ + && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ + && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' + +ARG COMPLETE=true + +# use the COMPLETE arg, for a complete image, ready to boot. +# otherwise use your own image: -v "$PWD/disk.img":/image +ARG WGET_OPTIONS= +# ARG WGET_OPTIONS='--no-verbose' + +# Feel free to take a copy of this image and then host it internally +ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto.img' +# ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' + +RUN if [[ "${COMPLETE}" ]]; then \ + echo "Downloading 20GB image... This step might take a while... Press Ctrl+C if you want to abort." \ + ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ + && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ + ; fi + + +#### + +# symlink the old directory, for redundancy +RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true + +#### + +#### SPECIAL RUNTIME ARGUMENTS BELOW + +ENV ADDITIONAL_PORTS= + +# add additional QEMU boot arguments +ENV BOOT_ARGS= + +ENV BOOTDISK= + +# edit the CPU that is beign emulated +ENV CPU=Penryn + +ENV DISPLAY=:99 + +ENV HEADLESS=false + +ENV ENV=/env + +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + +ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + +ENV NOPICKER=true + +# set the username and password for automatically logging in +ENV USERNAME=user +ENV PASSWORD=alpine + +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + +# libguestfs verbose +ENV LIBGUESTFS_DEBUG=1 +ENV LIBGUESTFS_TRACE=1 + +ENV TERMS_OF_USE=i_agree + +ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" + +CMD echo "${BOILERPLATE}" \ + ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ + ; echo "Disk is being copied between layers... Please wait a minute..." \ + ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; [[ "${NOPICKER}" == true ]] && { \ + sed -i '/^.*InstallMedia.*/d' Launch.sh \ + && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ + ; } \ + || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ + ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + || exit 1 ; } \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ + source "${ENV:=/env}" 2>/dev/null \ + ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + || exit 1 ; } \ + ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ + nohup Xvfb :99 -screen 0 1920x1080x16 \ + & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ + ; } \ + ; stat "${IMAGE_PATH}" \ + ; echo "Large image is being copied between layers, please wait a minute..." \ + ; ./enable-ssh.sh \ + ; [[ -e ~/.ssh/id_docker_osx ]] || { \ + /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \ + && chmod 600 ~/.ssh/id_docker_osx \ + ; } \ + ; /bin/bash -c ./Launch.sh \ + & echo "Booting Docker-OSX in the background. Please wait..." \ + ; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \ + echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \ + ; sleep 1 \ + ; done \ + ; grep id_docker_osx ~/.ssh/config || { \ + tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \ + ; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \ + ; tee -a ~/.ssh/config <<< ' Port 10022' \ + ; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \ + ; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ + ; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \ + ; } \ + && echo 'Default username: user' \ + && echo 'Default password: alpine' \ + && echo 'Change it immediately using the command: passwd' \ + && ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}" + +# username: user +# password: alpine +# screenshot: docker exec -it containerid scrotcat +# readme: https://github.com/sickcodes/Docker-OSX +# timezone: UTC/GMT + +# Future case option when supplying IMAGE_PATH: +# Zstandard*) zstd -d /image && export IMAGE_PATH=/image;; \ diff --git a/Dockerfile.monterey b/Dockerfile.monterey new file mode 100644 index 0000000..6d7718d --- /dev/null +++ b/Dockerfile.monterey @@ -0,0 +1,255 @@ +#!/usr/bin/docker +# ____ __ ____ ______ __ +# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / +# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / +# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | +# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| [MONTEREY] +# +# Title: Docker-OSX (Mac on Docker) +# Author: Sick.Codes https://twitter.com/sickcodes +# Version: 6.0 +# License: GPLv3+ +# Repository: https://github.com/sickcodes/Docker-OSX +# Website: https://sick.codes +# +# Notes: Uses a self-hosted BaseSystem.img from a USB installer. +# If you want to DIY, use https://github.com/corpnewt/gibMacOS +# Set seed as developer, and install the Install Assistant on Big Sur +# Burn to a USB, and pull out BaseSystem.img +# Or download from https://images.sick.codes/BaseSystem_Monterey.dmg +# + +FROM sickcodes/docker-osx + +LABEL maintainer='https://twitter.com/sickcodes ' + +SHELL ["/bin/bash", "-c"] + +# change disk size here or add during build, e.g. --build-arg VERSION=10.14.5 --build-arg SIZE=50G +ARG SIZE=200G +ARG BASE_SYSTEM='https://images.sick.codes/BaseSystem_Monterey.dmg' + +WORKDIR /home/arch/OSX-KVM + +RUN wget -O BaseSystem.dmg "${BASE_SYSTEM}" \ + && qemu-img convert BaseSystem.dmg -O qcow2 -p -c BaseSystem.img \ + && rm -f BaseSystem.dmg + +RUN qemu-img create -f qcow2 /home/arch/OSX-KVM/mac_hdd_ng.img "${SIZE}" + +WORKDIR /home/arch/OSX-KVM + +#### libguestfs versioning + +# 5.13+ problem resolved by building the qcow2 against 5.12 using libguestfs-1.44.1-6 + +ENV SUPERMIN_KERNEL=/boot/vmlinuz-linux +ENV SUPERMIN_MODULES=/lib/modules/5.12.14-arch1-1 +ENV SUPERMIN_KERNEL_VERSION=5.12.14-arch1-1 +ENV KERNEL_PACKAGE_URL=https://archive.archlinux.org/packages/l/linux/linux-5.12.14.arch1-1-x86_64.pkg.tar.zst +ENV KERNEL_HEADERS_PACKAGE_URL=https://archive.archlinux.org/packages/l/linux/linux-headers-5.12.14.arch1-1-x86_64.pkg.tar.zst +ENV LIBGUESTFS_PACKAGE_URL=https://archive.archlinux.org/packages/l/libguestfs/libguestfs-1.44.1-6-x86_64.pkg.tar.zst + +ARG LINUX=true + +# required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly +RUN if [[ "${LINUX}" == true ]]; then \ + sudo pacman -U "${KERNEL_PACKAGE_URL}" --noconfirm \ + ; sudo pacman -U "${LIBGUESTFS_PACKAGE_URL}" --noconfirm \ + ; sudo pacman -U "${KERNEL_HEADERS_PACKAGE_URL}" --noconfirm \ + ; sudo pacman -S mkinitcpio --noconfirm \ + ; sudo libguestfs-test-tool \ + ; sudo rm -rf /var/tmp/.guestfs-* \ + ; fi + +#### + + +# optional --build-arg to change branches for testing +ARG BRANCH=master +ARG REPO='https://github.com/sickcodes/Docker-OSX.git' +# RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH}" "${REPO}" +RUN rm -rf ./Docker-OSX \ + && git clone --recurse-submodules --depth 1 --branch "${BRANCH}" "${REPO}" + +RUN touch Launch.sh \ + && chmod +x ./Launch.sh \ + && tee -a Launch.sh <<< '#!/bin/bash' \ + && tee -a Launch.sh <<< 'set -eux' \ + && tee -a Launch.sh <<< 'sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true' \ + && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ + && tee -a Launch.sh <<< '[[ "${RAM}" = max ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 1000000"))"' \ + && tee -a Launch.sh <<< '[[ "${RAM}" = half ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 2000000"))"' \ + && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ + && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-2}000 \' \ + && tee -a Launch.sh <<< '-cpu ${CPU:-Penryn},${CPUID_FLAGS:-vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,}${BOOT_ARGS} \' \ + && tee -a Launch.sh <<< '-machine q35,${KVM-"accel=kvm:tcg"} \' \ + && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \ + && tee -a Launch.sh <<< '-usb -device usb-kbd -device usb-tablet \' \ + && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \ + && tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \ + && tee -a Launch.sh <<< '-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \' \ + && tee -a Launch.sh <<< '-smbios type=2 \' \ + && tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \ + && tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \ + && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2} \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \ + && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \' \ + && tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.4,drive=MacHDD \' \ + && tee -a Launch.sh <<< '-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \' \ + && tee -a Launch.sh <<< '-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \' \ + && tee -a Launch.sh <<< '-monitor stdio \' \ + && tee -a Launch.sh <<< '-boot menu=on \' \ + && tee -a Launch.sh <<< '-vga vmware \' \ + && tee -a Launch.sh <<< '${EXTRA:-}' + +# docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh +# This is now a legacy command. +# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk +RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \ + && chmod +x ./Launch-nopicker.sh \ + && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh + +USER arch + +ENV USER arch + + +#### libguestfs versioning + +# 5.13+ problem resolved by building the qcow2 against 5.12 using libguestfs-1.44.1-6 + +ENV SUPERMIN_KERNEL=/boot/vmlinuz-linux +ENV SUPERMIN_MODULES=/lib/modules/5.12.14-arch1-1 +ENV SUPERMIN_KERNEL_VERSION=5.12.14-arch1-1 +ENV KERNEL_PACKAGE_URL=https://archive.archlinux.org/packages/l/linux/linux-5.12.14.arch1-1-x86_64.pkg.tar.zst +ENV KERNEL_HEADERS_PACKAGE_URL=https://archive.archlinux.org/packages/l/linux/linux-headers-5.12.14.arch1-1-x86_64.pkg.tar.zst +ENV LIBGUESTFS_PACKAGE_URL=https://archive.archlinux.org/packages/l/libguestfs/libguestfs-1.44.1-6-x86_64.pkg.tar.zst + +RUN sudo pacman -Syy \ + && sudo pacman -Rns linux --noconfirm \ + ; sudo pacman -S mkinitcpio --noconfirm \ + && sudo pacman -U "${KERNEL_PACKAGE_URL}" --noconfirm \ + && sudo pacman -U "${LIBGUESTFS_PACKAGE_URL}" --noconfirm \ + && rm -rf /var/tmp/.guestfs-* \ + ; libguestfs-test-tool || exit 1 + +#### + +# symlink the old directory, for redundancy +RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true + +#### + +#### SPECIAL RUNTIME ARGUMENTS BELOW + +# env -e ADDITIONAL_PORTS with a comma +# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23, +ENV ADDITIONAL_PORTS= + +# add additional QEMU boot arguments +ENV BOOT_ARGS= + +ENV BOOTDISK= + +# edit the CPU that is being emulated +ENV CPU=Penryn +ENV CPUID_FLAGS='vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,' + +ENV DISPLAY=:0.0 + +# Deprecated +ENV ENV=/env + +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + +ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + +# boolean for skipping the disk selection menu at in the boot process +ENV NOPICKER=false + +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + +# libguestfs verbose +ENV LIBGUESTFS_DEBUG=1 +ENV LIBGUESTFS_TRACE=1 + +VOLUME ["/tmp/.X11-unix"] + +# check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image +# NOPICKER is used to skip the disk selection screen +# GENERATE_UNIQUE is used to generate serial numbers on boot. +# /env is a file that you can generate and save using -v source.sh:/env +# the env file is a file that you can carry to the next container which will supply the serials numbers. +# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using: + # -e DEVICE_MODEL="iMacPro1,1" \ + # -e SERIAL="C02TW0WAHX87" \ + # -e BOARD_SERIAL="C027251024NJG36UE" \ + # -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ + # -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ + +# the output will be /bootdisk. +# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk. + +# if you don't set any of the above: +# the default serial numbers are already contained in ./OpenCore/OpenCore.qcow2 +# And the default serial numbers + +CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; [[ "${NOPICKER}" == true ]] && { \ + sed -i '/^.*InstallMedia.*/d' Launch.sh \ + && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ + ; } \ + || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ + ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + || exit 1 ; } \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ + source "${ENV:=/env}" 2>/dev/null \ + ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + || exit 1 ; } \ + ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh + +# virt-manager mode: eta son +# CMD virsh define <(envsubst < Docker-OSX.xml) && virt-manager || virt-manager +# CMD virsh define <(envsubst < macOS-libvirt-Catalina.xml) && virt-manager || virt-manager diff --git a/Dockerfile.naked b/Dockerfile.naked new file mode 100644 index 0000000..712d059 --- /dev/null +++ b/Dockerfile.naked @@ -0,0 +1,204 @@ +#!/usr/bin/docker +# ____ __ ____ ______ __ +# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / +# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / +# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | +# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED +# +# Title: Docker-OSX (Mac on Docker) +# Author: Sick.Codes https://twitter.com/sickcodes +# Version: 6.0 +# License: GPLv3+ +# Repository: https://github.com/sickcodes/Docker-OSX +# Website: https://sick.codes +# +# This image won't run unless you supply a disk image using: +# -v ${PWD}/mac_hdd_ng.img:/image +# +# Take screenshots in the Arch container and display in terminal: scrotcat +# +# Build: +# +# docker build -t docker-osx:naked -f Dockerfile.naked . +# +# Run headless: +# +# docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image docker-osx:naked +# +# Run with display: +# +# docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng.img:/image -e "DISPLAY=${DISPLAY:-:0.0}" -v /tmp/.X11-unix:/tmp/.X11-unix docker-osx:naked +# + +FROM sickcodes/docker-osx:latest + +LABEL maintainer='https://twitter.com/sickcodes ' + +USER root + +WORKDIR /root + +RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img + +# OPTIONAL: Arch Linux server mirrors for super fast builds +# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true +RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf +ARG RANKMIRRORS +ARG MIRROR_COUNTRY=US +ARG MIRROR_COUNT=10 + +RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' + +# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys +RUN pacman -Sy archlinux-keyring --noconfirm \ + && rm -rf /etc/pacman.d/gnupg \ + && pacman-key --init \ + && pacman-key --populate archlinux + +RUN if [[ "${RANKMIRRORS}" ]]; then \ + { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ + ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ + ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ + | sed -e 's/^#Server/Server/' -e '/^#/d' \ + | head -n "$((${MIRROR_COUNT:-10}+1))" \ + | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ + && cat /etc/pacman.d/mirrorlist \ + ; fi + +RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' + +# For taking screenshots of the Xfvb screen, useful during development. +ARG SCROT + +RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \ + && if [[ "${SCROT}" ]]; then \ + pacman -Syu scrot base-devel --noconfirm \ + && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ + && cd imcat \ + && make \ + && sudo cp imcat /usr/bin/imcat \ + && touch /usr/bin/scrotcat \ + && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ + && chmod +x /usr/bin/scrotcat \ + ; else \ + touch /usr/bin/scrotcat \ + && echo echo >> /usr/bin/scrotcat \ + && chmod +x /usr/bin/scrotcat \ + ; fi \ + ; yes | pacman -Scc + +USER arch + +ENV USER arch + +WORKDIR /home/arch/OSX-KVM + +RUN mkdir -p ~/.ssh \ + && touch ~/.ssh/authorized_keys \ + && touch ~/.ssh/config \ + && chmod 700 ~/.ssh \ + && chmod 600 ~/.ssh/config \ + && chmod 600 ~/.ssh/authorized_keys \ + && tee -a ~/.ssh/config <<< 'Host *' \ + && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ + && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' + +#### + +# symlink the old directory, for redundancy +RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true + +#### + +#### SPECIAL RUNTIME ARGUMENTS BELOW + +ENV ADDITIONAL_PORTS= + +# add additional QEMU boot arguments +ENV BOOT_ARGS= + +ENV BOOTDISK= + +# edit the CPU that is beign emulated +ENV CPU=Penryn + +ENV DISPLAY=:99 + +ENV HEADLESS=false + +ENV ENV=/env + +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + +ENV IMAGE_PATH=/image +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + +ENV NOPICKER=true + +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + +# libguestfs verbose +ENV LIBGUESTFS_DEBUG=1 +ENV LIBGUESTFS_TRACE=1 + +CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ + nohup Xvfb :99 -screen 0 1920x1080x16 \ + & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ + ; } \ + ; [[ "${NOPICKER}" == true ]] && { \ + sed -i '/^.*InstallMedia.*/d' Launch.sh \ + && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ + ; } \ + || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ + ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + || exit 1 ; } \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ + source "${ENV:=/env}" 2>/dev/null \ + ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + || exit 1 ; } \ + ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh diff --git a/Dockerfile.naked-auto b/Dockerfile.naked-auto new file mode 100644 index 0000000..44f2866 --- /dev/null +++ b/Dockerfile.naked-auto @@ -0,0 +1,245 @@ +#!/usr/bin/docker +# ____ __ ____ ______ __ +# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / +# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / +# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | +# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED-AUTO +# +# Title: Docker-OSX (Mac on Docker) +# Author: Sick.Codes https://twitter.com/sickcodes +# Version: 6.0 +# License: GPLv3+ +# Repository: https://github.com/sickcodes/Docker-OSX +# Website: https://sick.codes +# +# This Dockerfile needs you to supply a pre-installed installation of Docker-OSX! +# +# Visit https://github.com/sickcodes/Docker-OSX for info + +FROM sickcodes/docker-osx:latest + +LABEL maintainer='https://twitter.com/sickcodes ' + +USER root + +WORKDIR /root + +RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img + +# For taking screenshots of the Xfvb screen, useful during development. +ARG SCROT + +# OPTIONAL: Arch Linux server mirrors for super fast builds +# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true +RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf +ARG RANKMIRRORS +ARG MIRROR_COUNTRY=US +ARG MIRROR_COUNT=10 + +RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' + +# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys +RUN pacman -Sy archlinux-keyring --noconfirm \ + && rm -rf /etc/pacman.d/gnupg \ + && pacman-key --init \ + && pacman-key --populate archlinux + +RUN if [[ "${RANKMIRRORS}" ]]; then \ + { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ + ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ + ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ + | sed -e 's/^#Server/Server/' -e '/^#/d' \ + | head -n "$((${MIRROR_COUNT:-10}+1))" \ + | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ + && cat /etc/pacman.d/mirrorlist \ + ; fi + +RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ + && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' + +# For taking screenshots of the Xfvb screen, useful during development. +ARG SCROT + +RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \ + && if [[ "${SCROT}" ]]; then \ + pacman -Syu scrot base-devel --noconfirm \ + && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ + && cd imcat \ + && make \ + && sudo cp imcat /usr/bin/imcat \ + && touch /usr/bin/scrotcat \ + && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ + && chmod +x /usr/bin/scrotcat \ + ; else \ + touch /usr/bin/scrotcat \ + && echo echo >> /usr/bin/scrotcat \ + && chmod +x /usr/bin/scrotcat \ + ; fi \ + ; yes | pacman -Scc + +RUN pacman -S sshpass --noconfirm \ + && yes | pacman -Scc + +USER arch + +ENV USER arch + +WORKDIR /home/arch/OSX-KVM + +RUN mkdir -p ~/.ssh \ + && touch ~/.ssh/authorized_keys \ + && touch ~/.ssh/config \ + && chmod 700 ~/.ssh \ + && chmod 600 ~/.ssh/config \ + && chmod 600 ~/.ssh/authorized_keys \ + && tee -a ~/.ssh/config <<< 'Host *' \ + && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ + && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' + +ARG COMPLETE= + +# use the COMPLETE arg, for a complete image, ready to boot. +# otherwise use your own image: -v "$PWD/disk.img":/image +ARG WGET_OPTIONS= +# ARG WGET_OPTIONS='--no-verbose' + +# Feel free to take a copy of this image and then host it internally +ARG IMAGE_URL= +# ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' + +RUN if [[ "${COMPLETE}" ]]; then \ + echo "Downloading your image... This step might take a while... Press Ctrl+C if you want to abort." \ + ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ + && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ + ; fi + +#### + +# symlink the old directory, for redundancy +RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true + +#### + +#### SPECIAL RUNTIME ARGUMENTS BELOW + +ENV ADDITIONAL_PORTS= + +# add additional QEMU boot arguments +ENV BOOT_ARGS= + +ENV BOOTDISK= + +# edit the CPU that is beign emulated +ENV CPU=Penryn + +ENV DISPLAY=:99 + +ENV HEADLESS=false + +ENV ENV=/env + +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + +ENV IMAGE_PATH=/image +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + +ENV NOPICKER=true + +# set the username and password for automatically logging in +ENV USERNAME=user +ENV PASSWORD=alpine + +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + +# libguestfs verbose +ENV LIBGUESTFS_DEBUG=1 +ENV LIBGUESTFS_TRACE=1 + +ENV TERMS_OF_USE=i_agree + +ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" + +CMD echo "${BOILERPLATE}" \ + ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ + ; echo "Disk is being copied between layers... Please wait a minute..." \ + ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; [[ "${NOPICKER}" == true ]] && { \ + sed -i '/^.*InstallMedia.*/d' Launch.sh \ + && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ + ; } \ + || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ + ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + || exit 1 ; } \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ + source "${ENV:=/env}" 2>/dev/null \ + ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ + || exit 1 ; } \ + ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ + nohup Xvfb :99 -screen 0 1920x1080x16 \ + & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ + ; } \ + ; stat "${IMAGE_PATH}" \ + ; echo "Large image is being copied between layers, please wait a minute..." \ + ; ./enable-ssh.sh \ + ; [[ -e ~/.ssh/id_docker_osx ]] || { \ + /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \ + && chmod 600 ~/.ssh/id_docker_osx \ + ; } \ + ; /bin/bash -c ./Launch.sh \ + & echo "Booting Docker-OSX in the background. Please wait..." \ + ; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \ + echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \ + ; sleep 1 \ + ; done \ + ; grep id_docker_osx ~/.ssh/config || { \ + tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \ + ; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \ + ; tee -a ~/.ssh/config <<< ' Port 10022' \ + ; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \ + ; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ + ; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \ + ; } \ + && ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}" diff --git a/FAQ.md b/FAQ.md new file mode 100644 index 0000000..64d21c5 --- /dev/null +++ b/FAQ.md @@ -0,0 +1,178 @@ +# Frequently Asked Questions + +These questions come up regularly, so here are the answers. + +## Basics + +### Is this legal? + +The [macOS software license](https://www.apple.com/legal/sla/) allows running (some versions of) macOS in a virtual machine only on Apple hardware. The [Apple Security Bounty terms and conditions](https://security.apple.com/terms-and-conditions/) make an exception to that (and essentially anything in the macOS software license) under some specific circumstances. + +Therefore, yes, there is a legal use for Docker-OSX. If your use doesn't fall under the license or the security bounty terms, then you are/will be violating the macOS software license. **Note that this is not provided as legal advice, and you should consult with your own counsel for legal guidance.** + +You may also be interested in this [deeper dive into the subject](https://sick.codes/is-hackintosh-osx-kvm-or-docker-osx-legal/). + +### What does Docker-OSX do? + +Docker-OSX is an approach to setting up and launching a macOS virtual machine (VM) under [docker](https://en.wikipedia.org/wiki/Docker_(software)). The [Dockerfile](Dockerfile) is essentially a docker image building script that: +1. validates a few things about the environment +2. installs VM software (qemu) and creates a virtual disk within the docker container +3. generates a serial number and firmware to make the VM look (enough) like Mac hardware +4. downloads a macOS installer disk image +5. generates a shell script to start the VM + +The default configuration is intended to create an ephemeral but repeatably bootable macOS that can be probed for security research. + +### Why docker? + +Docker provides a straightforward way to package a flexible turnkey solution to setting up a macOS VM. It is not the only way to do so, nor is it necessarily the best approach to setting up a long-lived, persistent macOS VM. You may prefer to study the [Dockerfile](Dockerfile) and/or [OSX-KVM](https://github.com/kholia/OSX-KVM) to prepare a VM to run under [proxmox](https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment) or [libvirt](https://en.wikipedia.org/wiki/Libvirt). + +## Can I... + +### ...run BlueBubbles/AirMessage/Beeper on it? + +Yes. Make sure you [make serial numbers persist across reboots](README.md#making-serial-numbers-persist-across-reboots) after generating a unique serial number for yourself; don't use the default serial number. There is, of course, no guarantee that Apple won't block/disable your account, or inflict other consequences. See also the [legal considerations](#is-this-legal). + +### ...develop iPhone apps on it? + +Yes. You will probably find Xcode's UI frustratingly slow, but yes. Compiling apps (e.g. React Native) from the command line is likely to be less frustrating. There is, of course, no guarantee that Apple won't block/disable your account, remove you from the Apple Developer program, or inflict other consequences. See also the [legal considerations](#is-this-legal). + +### ...connect my iPhone or other USB device to it? + +Yes, at least if your host OS is Linux. See [instructions](README.md#vfio-iphone-usb-passthrough-vfio). It may or may not be possible if your host OS is Windows. + +### ...run CI/CD processes with it? + +Maybe, but there are several reasons not to: +1. There are [legal considerations](#is-this-legal). +2. Nested virtualization is generally unavailable on cloud-hosted CI/CD and therefore Docker-OSX doesn't run. +3. You are almost always better off using your own macOS runners (on virtual or actual Mac hardware) rather than trying to make the square peg of Docker-OSX fit the round hole of macOS-specific CI/CD. + +You absolutely can install runners on the macOS VM itself (which does not get around the legal considerations mentioned above), but [Docker-OSX may not be the best approach](#why-docker). + +### ...run on Linux but with Wayland? + +Yes, but your Wayland server must support X11 connections (or you can [use VNC instead](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only)). + +### ...run on Windows? + +Yes, as long as you have a new enough version of Windows 11 and have WSL2 set up. See [this section of the README](README.md#id-like-to-run-docker-osx-on-windows) for details. No, it will not work under Windows 10. Not even if you have WSL2 set up. + +### ...run on macOS? + +If you have a Mac with Apple Silicon you are better served by [UTM](https://apps.apple.com/us/app/utm-virtual-machines/id1538878817?mt=12). + +If you have an Intel Mac you can install and run docker (either [Docker Desktop](https://www.docker.com/products/docker-desktop/) or [colima](https://github.com/abiosoft/colima)). In either case, docker will be running under a Linux VM, which complicates things. You are likely to encounter one or more of the [common errors](#common-errors) below. Consider using qemu directly with HVF acceleration (e.g. with [libvirt](https://libvirt.org/macos.html)) instead. + +### ...run on cloud services? + +Cloud providers typically run their various services within virtual machines running on top of their actual hardware. These VMs typically are not set up to provide nested virtualization, which means KVM is unavailable so Docker-OSX will not work. This is _especially and specifically_ the case on CI/CD runners such as GitHub Actions, Azure DevOps Pipelines, CircleCI, GitLab CI/CD, etc. (however, see [running CI/CD](#run-cicd-processes-with-it)). Some cloud providers offer services that do allow virtualization, such as [Amazon's EC2 Bare Metal Instances](https://aws.amazon.com/about-aws/whats-new/2018/05/announcing-general-availability-of-amazon-ec2-bare-metal-instances/), but often at a significant premium. + +In short, probably not. + +## Common Errors + +### Docker Errors + +If you get an error like `docker: command not found` then you don't have docker installed and none of this works. Try [Docker Desktop](https://www.docker.com/products/docker-desktop/) on Windows or your distribution's normal package manager on Linux. + +If you get an error like `docker: Got permission denied while trying to connect to the Docker daemon` or `docker: unknown server OS: .` the mostly likely explanation is that your user isn't in the `docker` Unix group. You'll need to add yourself to the `docker` group, log out, and log back in. + +If you get an error like `Cannot connect to the Docker daemon at unix://var/run/docker.sock. Is the docker daemon running?` then `dockerd` isn't running. On most Linux distributions you should be able to start it with `sudo systemctl enable docker --now`. + +### GTK Initialization Failed + +This is an X11 error and means that the arguments to qemu are telling it to connect to an X11 display that it either can't connect to at all or doesn't have permission to connect to. In the latter case, this can usually be fixed by running `xhost +` on the host running the X11 server. + +In many cases, however, it is preferable to tell qemu to listen for a VNC connection instead of trying to connect to X11; see [this section of the README](README.md#building-a-headless-container-that-allows-insecure-vnc-on-localhost-for-local-use-only) for instructions. + +### KVM Error + +If you get an error like `error gathering device information while adding custom device "/dev/kvm": no such file or directory` that means KVM is not available/working on the Linux kernel on which you are running docker. This could be because you are attempting to run somewhere that doesn't support nested virtualization (see [above](#can-i-run-this-on)), or because your BIOS does not have virtualization extensions turned on, or because your CPU is too old to support virtualization extensions, or your Linux kernel does not have KVM support loaded/enabled. Fixing KVM issues is well beyond the scope of this document, but you can [start here](https://www.linux-kvm.org/page/FAQ). + +### ALSA Error + +You might get an error like this: +``` +(qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0' +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory +ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory +ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory +ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory +ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default +alsa: Could not initialize DAC +alsa: Failed to open `default': +alsa: Reason: No such file or directory +ALSA lib confmisc.c:767:(parse_card) cannot find card '0' +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory +ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory +ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory +ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory +ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default +alsa: Could not initialize DAC +alsa: Failed to open `default': +alsa: Reason: No such file or directory +audio: Failed to create voice `dac' +ALSA lib confmisc.c:767:(parse_card) cannot find card '0' +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory +ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory +ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory +ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory +ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default +alsa: Could not initialize ADC +alsa: Failed to open `default': +alsa: Reason: No such file or directory +ALSA lib confmisc.c:767:(parse_card) cannot find card '0' +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory +ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory +ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name +ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory +ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory +ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default +alsa: Could not initialize ADC +alsa: Failed to open `default': +alsa: Reason: No such file or directory +audio: Failed to create voice `adc' +``` + +Docker-OSX defaults to telling qemu to use ALSA for audio output. Your host system may be using PulseAudio instead (see [PulseAudio](README.md#pulseaudio)), but you may not need audio output at all. You can pass `-e AUDIO_DRIVER="id=none,driver=none"` to disable audio output. + +### No Disk to Install On + +If you have launched the installer but don't see a disk to install macOS on, it probably means you skipped the step where you run Disk Utility to format the virtual disk. See the [README](README.md#additional-boot-instructions-for-when-you-are-creating-your-container). + +### Slow Installation + +This is not unique to virtual hardware. The macOS installation process gives apparently random and dependably incorrect time estimates, and can often appear to have completely frozen. Just be patient. It could take hours, maybe even more than a day. + +### Installer After Completing Install + +If you wind up in the installer again after you've installed macOS it means you booted from the installer disk instead of the disk you installed macOS on. Reboot and make sure you choose the correct disk to boot. + +## Next Steps + +Congratulations, you got a macOS VM up and running! Now what? + +### Slow UI + +The macOS UI expects and relies on GPU acceleration, and there is (currently) no way to provide GPU acceleration in the virtual hardware. See [osx-optimizer](https://github.com/sickcodes/osx-optimizer) for macOS configuration to speed things up. + +### Extract the Virtual Disk + +With the container stopped, `sudo find /var/lib/docker -size +10G -name mac_hdd_ng.img` to find the disk image then copy it where you want it. + +### Disk Space + +Is your host machine's disk, specifically `/var` (because of `/var/lib/docker`), getting full? [Fix it](README.md#increase-disk-space-by-moving-varlibdocker-to-external-drive-block-storage-nfs-or-any-other-location-conceivable). + +### Increase RAM or CPUs/cores + +The `RAM`, `SMP`, and `CORES` options are all docker environment variables, which means it uses whatever you provide any time you start a container. + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f288702 --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/Youtube-Screenshot-Docker-OSX-Setup.png b/Youtube-Screenshot-Docker-OSX-Setup.png new file mode 100644 index 0000000..a236309 Binary files /dev/null and b/Youtube-Screenshot-Docker-OSX-Setup.png differ diff --git a/Youtube-USBFLUXD-Screenshot-Docker-OSX.png b/Youtube-USBFLUXD-Screenshot-Docker-OSX.png new file mode 100644 index 0000000..4f9cc82 Binary files /dev/null and b/Youtube-USBFLUXD-Screenshot-Docker-OSX.png differ diff --git a/custom/README.md b/custom/README.md new file mode 100644 index 0000000..92bb97d --- /dev/null +++ b/custom/README.md @@ -0,0 +1,7 @@ +# OSX Serial Generator + +This folder has been moved to its own repository :) + +This is a temporary copy for hardlinks. + +See [https://github.com/sickcodes/osx-serial-generator](https://github.com/sickcodes/osx-serial-generator) \ No newline at end of file diff --git a/custom/config-custom.plist b/custom/config-custom.plist new file mode 100644 index 0000000..b5644a2 --- /dev/null +++ b/custom/config-custom.plist @@ -0,0 +1,1401 @@ + + + + + + + + ACPI + + Add + + + Comment + My custom DSDT + Enabled + + Path + DSDT.aml + + + Comment + My custom SSDT + Enabled + + Path + SSDT-1.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-ALS0.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-AWAC-DISABLE.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-BRG0.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-EC-USBX.aml + + + Comment + Fake EC and USBX Power + Enabled + + Path + SSDT-EC.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-EHCx-DISABLE.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-IMEI.aml + + + Comment + CPU AGPM Plugin=1 + Enabled + + Path + SSDT-PLUG.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-PMC.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-PNLF.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-PNLFCFL.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-RTC0-RANGE.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-RTC0.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-SBUS-MCHC.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-UNC.aml + + + Comment + add DTGP method + Enabled + + Path + SSDT-DTGP.aml + + + Comment + USB 2.0 Injection + Enabled + + Path + SSDT-EHCI.aml + + + Delete + + + All + + Comment + Delete CpuPm + Enabled + + OemTableId + Q3B1UG0AAAA= + TableLength + 0 + TableSignature + U1NEVA== + + + All + + Comment + Delete Cpu0Ist + Enabled + + OemTableId + Q3B1MElzdAA= + TableLength + 0 + TableSignature + U1NEVA== + + + Patch + + + Base + + BaseSkip + 0 + Comment + Replace one byte sequence with another + Count + 0 + Enabled + + Find + ESIzRA== + Limit + 0 + Mask + + OemTableId + + Replace + RDMiEQ== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Base + \_SB.PCI0.LPCB.HPET + BaseSkip + 0 + Comment + HPET _CRS to XCRS + Count + 1 + Enabled + + Find + X0NSUw== + Limit + 0 + Mask + + OemTableId + + Replace + WENSUw== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Quirks + + FadtEnableReset + + NormalizeHeaders + + RebaseRegions + + ResetHwSig + + ResetLogoStatus + + SyncTableIds + + + + Booter + + MmioWhitelist + + Quirks + + AllowRelocationBlock + + AvoidRuntimeDefrag + + DevirtualiseMmio + + DisableSingleUser + + DisableVariableWrite + + DiscardHibernateMap + + EnableSafeModeSlide + + EnableWriteUnprotector + + ForceBooterSignature + + ForceExitBootServices + + ProtectMemoryRegions + + ProtectSecureBoot + + ProtectUefiServices + + ProvideCustomSlide + + ProvideMaxSlide + 0 + RebuildAppleMemoryMap + + SetupVirtualMap + + SignalAppleOS + + SyncRuntimePermissions + + + + DeviceProperties + + Add + + PciRoot(0x1)/Pci(0x1F,0x0) + + compatible + pci8086,2916 + device-id + + FikA + + name + pci8086,2916 + + + Delete + + + Kernel + + Add + + + Arch + Any + BundlePath + Lilu.kext + Comment + Patch engine + Enabled + + ExecutablePath + Contents/MacOS/Lilu + MaxKernel + + MinKernel + 8.0.0 + PlistPath + Contents/Info.plist + + + Arch + Any + BundlePath + VirtualSMC.kext + Comment + SMC emulator + Enabled + + ExecutablePath + Contents/MacOS/VirtualSMC + MaxKernel + + MinKernel + 8.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + WhateverGreen.kext + Comment + Video patches + Enabled + + ExecutablePath + Contents/MacOS/WhateverGreen + MaxKernel + + MinKernel + 10.0.0 + PlistPath + Contents/Info.plist + + + Arch + Any + BundlePath + AppleALC.kext + Comment + Audio patches + Enabled + + ExecutablePath + Contents/MacOS/AppleALC + MaxKernel + + MinKernel + 8.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + IntelMausi.kext + Comment + Intel Ethernet LAN + Enabled + + ExecutablePath + Contents/MacOS/IntelMausi + MaxKernel + + MinKernel + 13.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + Legacy_USB3.kext + Comment + XHC ports configuration + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + MCEReporterDisabler.kext + Comment + AppleMCEReporter disabler + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + 19.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Controller + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Keyboard.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Keyboard + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Mouse.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Mouse + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Trackpad.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Trackpad + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooInput.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooInput + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + USBPorts.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + AGPMInjector.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Block + + + Arch + Any + Comment + + Enabled + + Identifier + com.apple.driver.AppleTyMCEDriver + MaxKernel + + MinKernel + + + + Emulate + + Cpuid1Data + + VAYFAAAAAAAAAAAAAAAAAA== + + Cpuid1Mask + + ////AAAAAAAAAAAAAAAAAA== + + DummyPowerManagement + + MaxKernel + + MinKernel + + + Force + + + Arch + Any + BundlePath + System/Library/Extensions/IONetworkingFamily.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/IONetworkingFamily + Identifier + com.apple.iokit.IONetworkingFamily + MaxKernel + 13.99.99 + MinKernel + + PlistPath + Contents/Info.plist + + + Patch + + + Arch + x86_64 + Base + + Comment + algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN + Count + 1 + Enabled + + Find + + MduAPQAAAAAGdQA= + + Identifier + kernel + Limit + 0 + Mask + + /////wAAAP///wA= + + MaxKernel + 20.3.99 + MinKernel + 17.0.0 + Replace + + u7xP6njpXQAAAJA= + + ReplaceMask + + + Skip + 0 + + + Arch + x86_64 + Base + + Comment + algrey - thenickdude - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN (Big Sur 11.3 and newer) + Count + 1 + Enabled + + Find + + MdKzAYA9AAAAAAZ1 + + Identifier + kernel + Limit + 0 + Mask + + ////////AAAAAP// + + MaxKernel + 21.99.99 + MinKernel + 20.4.0 + Replace + + urxP6nizAJCQkJDr + + ReplaceMask + + + Skip + 0 + + + Quirks + + AppleCpuPmCfgLock + + AppleXcpmCfgLock + + AppleXcpmExtraMsrs + + AppleXcpmForceBoost + + CustomSMBIOSGuid + + DisableIoMapper + + DisableLinkeditJettison + + DisableRtcChecksum + + ExtendBTFeatureFlags + + ExternalDiskIcons + + ForceSecureBootScheme + + IncreasePciBarSize + + LapicKernelPanic + + LegacyCommpage + + PanicNoKextDump + + PowerTimeoutKernelPanic + + ProvideCurrentCpuInfo + + SetApfsTrimTimeout + -1 + ThirdPartyDrives + + XhciPortLimit + + + Scheme + + CustomKernel + + FuzzyMatch + + KernelArch + Auto + KernelCache + Auto + + + Misc + + BlessOverride + + Boot + + ConsoleAttributes + 0 + HibernateMode + Auto + HideAuxiliary + + LauncherOption + Disabled + LauncherPath + Default + PickerAttributes + 17 + PickerAudioAssist + + PickerMode + External + PickerVariant + Auto + PollAppleHotKeys + + ShowPicker + + TakeoffDelay + 0 + Timeout + 45 + + Debug + + AppleDebug + + ApplePanic + + DisableWatchDog + + DisplayDelay + 0 + DisplayLevel + 2147483650 + SerialInit + + SysReport + + Target + 3 + + Entries + + Security + + AllowNvramReset + + AllowSetDefault + + AllowToggleSip + + ApECID + 0 + AuthRestart + + BlacklistAppleUpdate + + DmgLoading + Signed + EnablePassword + + ExposeSensitiveData + 6 + HaltLevel + 2147483648 + PasswordHash + + PasswordSalt + + ScanPolicy + 0 + SecureBootModel + Disabled + Vault + Optional + + Tools + + + Arguments + + Auxiliary + + Comment + Not signed for security reasons + Enabled + + Flavour + OpenShell:UEFIShell:Shell + Name + UEFI Shell + Path + OpenShell.efi + RealPath + + TextMode + + + + Arguments + + Auxiliary + + Comment + Memory testing utility + Enabled + + Flavour + MemTest + Name + memtest86 + Path + memtest86/BOOTX64.efi + RealPath + + TextMode + + + + Arguments + Shutdown + Auxiliary + + Comment + Perform shutdown + Enabled + + Flavour + Auto + Name + Shutdown + Path + ResetSystem.efi + RealPath + + TextMode + + + + + NVRAM + + Add + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + DefaultBackgroundColor + AAAAAA== + UIScale + AQ== + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + ForceDisplayRotationInEFI + 0 + SystemAudioVolume + Rg== + boot-args + -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} + run-efi-updater + No + csr-active-config + ZwAAAA== + prev-lang:kbd + ZW4tVVM6MA== + run-efi-updater + No + + + Delete + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + UIScale + DefaultBackgroundColor + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + boot-args + ForceDisplayRotationInEFI + + + LegacyEnable + + LegacyOverwrite + + LegacySchema + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + EFILoginHiDPI + EFIBluetoothDelay + LocationServicesEnabled + SystemAudioVolume + SystemAudioVolumeDB + SystemAudioVolumeSaved + bluetoothActiveControllerInfo + bluetoothInternalControllerInfo + flagstate + fmm-computer-name + fmm-mobileme-token-FMM + fmm-mobileme-token-FMM-BridgeHasAccount + nvda_drv + prev-lang:kbd + + 8BE4DF61-93CA-11D2-AA0D-00E098032B8C + + Boot0080 + Boot0081 + Boot0082 + BootNext + BootOrder + + + WriteFlash + + + PlatformInfo + + Automatic + + CustomMemory + + Generic + + AdviseFeatures + + MaxBIOSVersion + + MLB + {{BOARD_SERIAL}} + ProcessorType + 0 + ROM + + {{ROM}} + + SpoofVendor + + SystemMemoryStatus + Auto + SystemProductName + {{DEVICE_MODEL}} + SystemSerialNumber + {{SERIAL}} + SystemUUID + {{UUID}} + + UpdateDataHub + + UpdateNVRAM + + UpdateSMBIOS + + UpdateSMBIOSMode + Create + UseRawUuidEncoding + + + UEFI + + APFS + + EnableJumpstart + + GlobalConnect + + HideVerbose + + JumpstartHotPlug + + MinDate + -1 + MinVersion + -1 + + AppleInput + + AppleEvent + Builtin + CustomDelays + + GraphicsInputMirroring + + KeyInitialDelay + 50 + KeySubsequentDelay + 5 + PointerSpeedDiv + 1 + PointerSpeedMul + 1 + + Audio + + AudioCodec + 0 + AudioDevice + PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) + AudioOut + 0 + AudioSupport + + MinimumVolume + 20 + PlayChime + Auto + ResetTrafficClass + + SetupDelay + 0 + VolumeAmplifier + 0 + + ConnectDrivers + + Drivers + + + Arguments + + Comment + HFS+ Driver + Enabled + + Path + OpenHfsPlus.efi + + + Arguments + + Comment + + Enabled + + Path + OpenRuntime.efi + + + Arguments + + Comment + + Enabled + + Path + OpenCanopy.efi + + + Arguments + + Comment + + Enabled + + Path + AudioDxe.efi + + + Arguments + + Comment + + Enabled + + Path + OpenPartitionDxe.efi + + + Arguments + + Comment + + Enabled + + Path + OpenUsbKbDxe.efi + + + Arguments + + Comment + + Enabled + + Path + UsbMouseDxe.efi + + + Arguments + + Comment + + Enabled + + Path + Ps2KeyboardDxe.efi + + + Arguments + + Comment + + Enabled + + Path + Ps2MouseDxe.efi + + + Arguments + + Comment + + Enabled + + Path + HiiDatabase.efi + + + Arguments + + Comment + + Enabled + + Path + NvmExpressDxe.efi + + + Arguments + + Comment + + Enabled + + Path + XhciDxe.efi + + + Arguments + + Comment + + Enabled + + Path + ExFatDxe.efi + + + Arguments + + Comment + + Enabled + + Path + CrScreenshotDxe.efi + + + Arguments + + Comment + + Enabled + + Path + ext4_x64.efi + + + Arguments + + Comment + + Enabled + + Path + OpenLinuxBoot.efi + + + Input + + KeyFiltering + + KeyForgetThreshold + 5 + KeySupport + + KeySupportMode + Auto + KeySwap + + PointerSupport + + PointerSupportMode + ASUS + TimerResolution + 50000 + + Output + + ClearScreenOnModeSwitch + + ConsoleMode + + DirectGopRendering + + ForceResolution + + GopPassThrough + Disabled + IgnoreTextInGraphics + + ProvideConsoleGop + + ReconnectOnResChange + + ReplaceTabWithSpace + + Resolution + {{WIDTH}}x{{HEIGHT}}@32 + SanitiseClearScreen + + TextRenderer + BuiltinGraphics + UgaPassThrough + + + ProtocolOverrides + + AppleAudio + + AppleBootPolicy + + AppleDebugLog + + AppleEg2Info + + AppleFramebufferInfo + + AppleImageConversion + + AppleImg4Verification + + AppleKeyMap + + AppleRtcRam + + AppleSecureBoot + + AppleSmcIo + + AppleUserInterfaceTheme + + DataHub + + DeviceProperties + + FirmwareVolume + + HashServices + + OSInfo + + UnicodeCollation + + + Quirks + + ActivateHpetSupport + + DisableSecurityPolicy + + EnableVectorAcceleration + + ExitBootServicesDelay + 0 + ForceOcWriteFlash + + ForgeUefiSupport + + IgnoreInvalidFlexRatio + + ReleaseUsbOwnership + + ReloadOptionRoms + + RequestBootVarRouting + + TscSyncTimeout + 0 + UnblockFsConnect + + + + + diff --git a/custom/config-legacy.plist b/custom/config-legacy.plist new file mode 100644 index 0000000..25aaea2 --- /dev/null +++ b/custom/config-legacy.plist @@ -0,0 +1,883 @@ + + + + + ACPI + + Add + + + Comment + add DTGP method + Enabled + + Path + SSDT-DTGP.aml + + + Comment + Fake EC and USBX Power + Enabled + + Path + SSDT-EC.aml + + + Comment + USB 2.0 Injection + Enabled + + Path + SSDT-EHCI.aml + + + Comment + CPU AGPM Plugin=1 + Enabled + + Path + SSDT-PLUG.aml + + + Delete + + + All + + Comment + Delete CpuPm + Enabled + + OemTableId + Q3B1UG0AAAA= + TableLength + 0 + TableSignature + U1NEVA== + + + All + + Comment + Delete Cpu0Ist + Enabled + + OemTableId + Q3B1MElzdAA= + TableLength + 0 + TableSignature + U1NEVA== + + + Patch + + + Comment + _Q11 to XQ11 + Count + 1 + Enabled + + Find + X1ExMQ== + Limit + 0 + Mask + + OemTableId + + Replace + WFExMQ== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Comment + _Q12 to XQ12 + Count + 1 + Enabled + + Find + X1ExMg== + Limit + 0 + Mask + + OemTableId + + Replace + WFExMg== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Quirks + + FadtEnableReset + + NormalizeHeaders + + RebaseRegions + + ResetHwSig + + ResetLogoStatus + + + + Booter + + MmioWhitelist + + Quirks + + AvoidRuntimeDefrag + + DevirtualiseMmio + + DisableSingleUser + + DisableVariableWrite + + DiscardHibernateMap + + EnableSafeModeSlide + + EnableWriteUnprotector + + ForceExitBootServices + + ProtectMemoryRegions + + ProtectSecureBoot + + ProtectUefiServices + + ProvideCustomSlide + + ProvideMaxSlide + 0 + RebuildAppleMemoryMap + + SetupVirtualMap + + SignalAppleOS + + SyncRuntimePermissions + + + + DeviceProperties + + Add + + PciRoot(0x1)/Pci(0x1F,0x0) + + compatible + pci8086,2916 + device-id + + FikA + + name + pci8086,2916 + + + Delete + + PciRoot(0x0)/Pci(0x1b,0x0) + + MaximumBootBeepVolume + + + + Kernel + + Add + + + Arch + Any + BundlePath + VoodooHDA.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooHDA + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + Lilu.kext + Comment + Patch engine + Enabled + + ExecutablePath + Contents/MacOS/Lilu + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VirtualSMC.kext + Comment + SMC emulator + Enabled + + ExecutablePath + Contents/MacOS/VirtualSMC + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + WhateverGreen.kext + Comment + Video patches + Enabled + + ExecutablePath + Contents/MacOS/WhateverGreen + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + BundlePath + AGPMInjector.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + BundlePath + USBPorts.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + MCEReporterDisabler.kext + Comment + AppleMCEReporter disabler + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + 19.0.0 + PlistPath + Contents/Info.plist + + + Block + + + Arch + Any + Comment + + Enabled + + Identifier + com.apple.driver.AppleTyMCEDriver + MaxKernel + + MinKernel + + + + Emulate + + Cpuid1Data + + VAYFAAAAAAAAAAAAAAAAAA== + + Cpuid1Mask + + ////AAAAAAAAAAAAAAAAAA== + + + Force + + + Arch + Any + BundlePath + System/Library/Extensions/IONetworkingFamily.kext + Comment + Patch engine + Enabled + + Identifier + com.apple.iokit.IONetworkingFamily + ExecutablePath + Contents/MacOS/IONetworkingFamily + MaxKernel + 13.99.99 + MinKernel + + PlistPath + Contents/Info.plist + + + Patch + + + Base + _cpu_topology_sort + Comment + algrey - cpu_topology_sort -disable _x86_validate_topology + Count + 1 + Enabled + + Find + + 6AAA//8= + + Identifier + kernel + Limit + 0 + Mask + + /wAA//8= + + MaxKernel + 20.99.99 + MinKernel + 17.0.0 + Replace + + Dx9EAAA= + + ReplaceMask + + + Skip + 0 + + + Base + + Comment + algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN + Count + 1 + Enabled + + Find + + MduAPQAAAAAGdQA= + + Identifier + kernel + Limit + 0 + Mask + + /////wAAAP///wA= + + MaxKernel + 20.99.99 + MinKernel + 17.0.0 + Replace + + u7xP6njpXQAAAJA= + + ReplaceMask + + + Skip + 0 + + + Quirks + + AppleCpuPmCfgLock + + AppleXcpmCfgLock + + AppleXcpmExtraMsrs + + AppleXcpmForceBoost + + CustomSMBIOSGuid + + DisableIoMapper + + DisableLinkeditJettison + + DisableRtcChecksum + + DummyPowerManagement + + ExternalDiskIcons + + IncreasePciBarSize + + LapicKernelPanic + + PanicNoKextDump + + PowerTimeoutKernelPanic + + ThirdPartyDrives + + XhciPortLimit + + + Scheme + + FuzzyMatch + + KernelArch + x86_64 + KernelCache + Auto + + + Misc + + BlessOverride + + Boot + + ConsoleAttributes + 0 + HibernateMode + Auto + HideAuxiliary + + PickerAttributes + 1 + PickerAudioAssist + + PickerMode + External + PollAppleHotKeys + + ShowPicker + + TakeoffDelay + 0 + Timeout + 0 + + Debug + + AppleDebug + + ApplePanic + + DisableWatchDog + + DisplayDelay + 0 + DisplayLevel + 2147483650 + SerialInit + + SysReport + + Target + 3 + + Entries + + Security + + AllowNvramReset + + AllowSetDefault + + ApECID + 0 + AuthRestart + + BootProtect + None + DmgLoading + Signed + EnablePassword + + ExposeSensitiveData + 6 + HaltLevel + 2147483648 + PasswordHash + + PasswordSalt + + ScanPolicy + 0 + SecureBootModel + Disabled + Vault + Optional + + Tools + + + Arguments + + Auxiliary + + Comment + Not signed for security reasons + Enabled + + Name + UEFI Shell + Path + OpenShell.efi + + + Arguments + Shutdown + Auxiliary + + Comment + Perform shutdown + Enabled + + Name + Shutdown + Path + ResetSystem.efi + + + + NVRAM + + Add + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + DefaultBackgroundColor + AAAAAA== + UIScale + AQ== + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + SystemAudioVolume + Rg== + boot-args + -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} + run-efi-updater + No + csr-active-config + ZwAAAA== + prev-lang:kbd + ZW4tVVM6MA== + + + Delete + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + UIScale + DefaultBackgroundColor + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + boot-args + + + LegacyEnable + + LegacyOverwrite + + LegacySchema + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + EFILoginHiDPI + EFIBluetoothDelay + LocationServicesEnabled + SystemAudioVolume + SystemAudioVolumeDB + SystemAudioVolumeSaved + bluetoothActiveControllerInfo + bluetoothInternalControllerInfo + flagstate + fmm-computer-name + nvda_drv + prev-lang:kbd + + 8BE4DF61-93CA-11D2-AA0D-00E098032B8C + + Boot0080 + Boot0081 + Boot0082 + BootNext + BootOrder + + + WriteFlash + + + PlatformInfo + + Automatic + + Generic + + AdviseWindows + + MLB + {{BOARD_SERIAL_OLD}} + ROM + + {{ROM}} + + SpoofVendor + + SystemProductName + {{DEVICE_MODEL}} + SystemSerialNumber + {{SERIAL_OLD}} + SystemUUID + {{SYSTEM_UUID_OLD}} + + UpdateDataHub + + UpdateNVRAM + + UpdateSMBIOS + + UpdateSMBIOSMode + Create + + UEFI + + APFS + + EnableJumpstart + + GlobalConnect + + HideVerbose + + JumpstartHotPlug + + MinDate + 0 + MinVersion + 0 + + Audio + + AudioCodec + 0 + AudioDevice + PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) + AudioOut + 0 + AudioSupport + + MinimumVolume + 20 + PlayChime + + VolumeAmplifier + 0 + + ConnectDrivers + + Drivers + + VBoxHfs.efi + OpenRuntime.efi + OpenCanopy.efi + #AudioDxe.efi + #OpenUsbKbDxe.efi + #UsbMouseDxe.efi + #Ps2KeyboardDxe.efi + #Ps2MouseDxe.efi + #HiiDatabase.efi + #NvmExpressDxe.efi + #XhciDxe.efi + #ExFatDxe.efi + #PartitionDxe.efi + #CrScreenshotDxe.efi + + Input + + KeyFiltering + + KeyForgetThreshold + 5 + KeyMergeThreshold + 2 + KeySupport + + KeySupportMode + Auto + KeySwap + + PointerSupport + + PointerSupportMode + ASUS + TimerResolution + 50000 + + Output + + ClearScreenOnModeSwitch + + ConsoleMode + + DirectGopRendering + + IgnoreTextInGraphics + + ProvideConsoleGop + + ReconnectOnResChange + + ReplaceTabWithSpace + + Resolution + 1920x1080@32 + SanitiseClearScreen + + TextRenderer + BuiltinGraphics + UgaPassThrough + + + ProtocolOverrides + + AppleAudio + + AppleBootPolicy + + AppleDebugLog + + AppleEvent + + AppleFramebufferInfo + + AppleImageConversion + + AppleImg4Verification + + AppleKeyMap + + AppleRtcRam + + AppleSecureBoot + + AppleSmcIo + + AppleUserInterfaceTheme + + DataHub + + DeviceProperties + + FirmwareVolume + + HashServices + + OSInfo + + UnicodeCollation + + + Quirks + + ExitBootServicesDelay + 0 + IgnoreInvalidFlexRatio + + ReleaseUsbOwnership + + RequestBootVarRouting + + TscSyncTimeout + 0 + UnblockFsConnect + + ConnectDrivers + + + + + \ No newline at end of file diff --git a/custom/config-nopicker-custom.plist b/custom/config-nopicker-custom.plist new file mode 100644 index 0000000..daed0b9 --- /dev/null +++ b/custom/config-nopicker-custom.plist @@ -0,0 +1,1401 @@ + + + + + + + + ACPI + + Add + + + Comment + My custom DSDT + Enabled + + Path + DSDT.aml + + + Comment + My custom SSDT + Enabled + + Path + SSDT-1.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-ALS0.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-AWAC-DISABLE.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-BRG0.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-EC-USBX.aml + + + Comment + Fake EC and USBX Power + Enabled + + Path + SSDT-EC.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-EHCx-DISABLE.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-IMEI.aml + + + Comment + CPU AGPM Plugin=1 + Enabled + + Path + SSDT-PLUG.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-PMC.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-PNLF.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-PNLFCFL.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-RTC0-RANGE.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-RTC0.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-SBUS-MCHC.aml + + + Comment + Read the comment in dsl sample + Enabled + + Path + SSDT-UNC.aml + + + Comment + add DTGP method + Enabled + + Path + SSDT-DTGP.aml + + + Comment + USB 2.0 Injection + Enabled + + Path + SSDT-EHCI.aml + + + Delete + + + All + + Comment + Delete CpuPm + Enabled + + OemTableId + Q3B1UG0AAAA= + TableLength + 0 + TableSignature + U1NEVA== + + + All + + Comment + Delete Cpu0Ist + Enabled + + OemTableId + Q3B1MElzdAA= + TableLength + 0 + TableSignature + U1NEVA== + + + Patch + + + Base + + BaseSkip + 0 + Comment + Replace one byte sequence with another + Count + 0 + Enabled + + Find + ESIzRA== + Limit + 0 + Mask + + OemTableId + + Replace + RDMiEQ== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Base + \_SB.PCI0.LPCB.HPET + BaseSkip + 0 + Comment + HPET _CRS to XCRS + Count + 1 + Enabled + + Find + X0NSUw== + Limit + 0 + Mask + + OemTableId + + Replace + WENSUw== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Quirks + + FadtEnableReset + + NormalizeHeaders + + RebaseRegions + + ResetHwSig + + ResetLogoStatus + + SyncTableIds + + + + Booter + + MmioWhitelist + + Quirks + + AllowRelocationBlock + + AvoidRuntimeDefrag + + DevirtualiseMmio + + DisableSingleUser + + DisableVariableWrite + + DiscardHibernateMap + + EnableSafeModeSlide + + EnableWriteUnprotector + + ForceBooterSignature + + ForceExitBootServices + + ProtectMemoryRegions + + ProtectSecureBoot + + ProtectUefiServices + + ProvideCustomSlide + + ProvideMaxSlide + 0 + RebuildAppleMemoryMap + + SetupVirtualMap + + SignalAppleOS + + SyncRuntimePermissions + + + + DeviceProperties + + Add + + PciRoot(0x1)/Pci(0x1F,0x0) + + compatible + pci8086,2916 + device-id + + FikA + + name + pci8086,2916 + + + Delete + + + Kernel + + Add + + + Arch + Any + BundlePath + Lilu.kext + Comment + Patch engine + Enabled + + ExecutablePath + Contents/MacOS/Lilu + MaxKernel + + MinKernel + 8.0.0 + PlistPath + Contents/Info.plist + + + Arch + Any + BundlePath + VirtualSMC.kext + Comment + SMC emulator + Enabled + + ExecutablePath + Contents/MacOS/VirtualSMC + MaxKernel + + MinKernel + 8.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + WhateverGreen.kext + Comment + Video patches + Enabled + + ExecutablePath + Contents/MacOS/WhateverGreen + MaxKernel + + MinKernel + 10.0.0 + PlistPath + Contents/Info.plist + + + Arch + Any + BundlePath + AppleALC.kext + Comment + Audio patches + Enabled + + ExecutablePath + Contents/MacOS/AppleALC + MaxKernel + + MinKernel + 8.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + IntelMausi.kext + Comment + Intel Ethernet LAN + Enabled + + ExecutablePath + Contents/MacOS/IntelMausi + MaxKernel + + MinKernel + 13.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + Legacy_USB3.kext + Comment + XHC ports configuration + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + MCEReporterDisabler.kext + Comment + AppleMCEReporter disabler + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + 19.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Controller + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Keyboard.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Keyboard + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Mouse.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Mouse + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooPS2Trackpad.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooPS2Trackpad + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VoodooPS2Controller.kext/Contents/PlugIns/VoodooInput.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooInput + MaxKernel + + MinKernel + 15.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + USBPorts.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + AGPMInjector.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Block + + + Arch + Any + Comment + + Enabled + + Identifier + com.apple.driver.AppleTyMCEDriver + MaxKernel + + MinKernel + + + + Emulate + + Cpuid1Data + + VAYFAAAAAAAAAAAAAAAAAA== + + Cpuid1Mask + + ////AAAAAAAAAAAAAAAAAA== + + DummyPowerManagement + + MaxKernel + + MinKernel + + + Force + + + Arch + Any + BundlePath + System/Library/Extensions/IONetworkingFamily.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/IONetworkingFamily + Identifier + com.apple.iokit.IONetworkingFamily + MaxKernel + 13.99.99 + MinKernel + + PlistPath + Contents/Info.plist + + + Patch + + + Arch + x86_64 + Base + + Comment + algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN + Count + 1 + Enabled + + Find + + MduAPQAAAAAGdQA= + + Identifier + kernel + Limit + 0 + Mask + + /////wAAAP///wA= + + MaxKernel + 20.3.99 + MinKernel + 17.0.0 + Replace + + u7xP6njpXQAAAJA= + + ReplaceMask + + + Skip + 0 + + + Arch + x86_64 + Base + + Comment + algrey - thenickdude - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN (Big Sur 11.3 and newer) + Count + 1 + Enabled + + Find + + MdKzAYA9AAAAAAZ1 + + Identifier + kernel + Limit + 0 + Mask + + ////////AAAAAP// + + MaxKernel + 21.99.99 + MinKernel + 20.4.0 + Replace + + urxP6nizAJCQkJDr + + ReplaceMask + + + Skip + 0 + + + Quirks + + AppleCpuPmCfgLock + + AppleXcpmCfgLock + + AppleXcpmExtraMsrs + + AppleXcpmForceBoost + + CustomSMBIOSGuid + + DisableIoMapper + + DisableLinkeditJettison + + DisableRtcChecksum + + ExtendBTFeatureFlags + + ExternalDiskIcons + + ForceSecureBootScheme + + IncreasePciBarSize + + LapicKernelPanic + + LegacyCommpage + + PanicNoKextDump + + PowerTimeoutKernelPanic + + ProvideCurrentCpuInfo + + SetApfsTrimTimeout + -1 + ThirdPartyDrives + + XhciPortLimit + + + Scheme + + CustomKernel + + FuzzyMatch + + KernelArch + Auto + KernelCache + Auto + + + Misc + + BlessOverride + + Boot + + ConsoleAttributes + 0 + HibernateMode + Auto + HideAuxiliary + + LauncherOption + Disabled + LauncherPath + Default + PickerAttributes + 17 + PickerAudioAssist + + PickerMode + External + PickerVariant + Auto + PollAppleHotKeys + + ShowPicker + + TakeoffDelay + 0 + Timeout + 45 + + Debug + + AppleDebug + + ApplePanic + + DisableWatchDog + + DisplayDelay + 0 + DisplayLevel + 2147483650 + SerialInit + + SysReport + + Target + 3 + + Entries + + Security + + AllowNvramReset + + AllowSetDefault + + AllowToggleSip + + ApECID + 0 + AuthRestart + + BlacklistAppleUpdate + + DmgLoading + Signed + EnablePassword + + ExposeSensitiveData + 6 + HaltLevel + 2147483648 + PasswordHash + + PasswordSalt + + ScanPolicy + 0 + SecureBootModel + Disabled + Vault + Optional + + Tools + + + Arguments + + Auxiliary + + Comment + Not signed for security reasons + Enabled + + Flavour + OpenShell:UEFIShell:Shell + Name + UEFI Shell + Path + OpenShell.efi + RealPath + + TextMode + + + + Arguments + + Auxiliary + + Comment + Memory testing utility + Enabled + + Flavour + MemTest + Name + memtest86 + Path + memtest86/BOOTX64.efi + RealPath + + TextMode + + + + Arguments + Shutdown + Auxiliary + + Comment + Perform shutdown + Enabled + + Flavour + Auto + Name + Shutdown + Path + ResetSystem.efi + RealPath + + TextMode + + + + + NVRAM + + Add + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + DefaultBackgroundColor + AAAAAA== + UIScale + AQ== + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + ForceDisplayRotationInEFI + 0 + SystemAudioVolume + Rg== + boot-args + -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} + run-efi-updater + No + csr-active-config + ZwAAAA== + prev-lang:kbd + ZW4tVVM6MA== + run-efi-updater + No + + + Delete + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + UIScale + DefaultBackgroundColor + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + boot-args + ForceDisplayRotationInEFI + + + LegacyEnable + + LegacyOverwrite + + LegacySchema + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + EFILoginHiDPI + EFIBluetoothDelay + LocationServicesEnabled + SystemAudioVolume + SystemAudioVolumeDB + SystemAudioVolumeSaved + bluetoothActiveControllerInfo + bluetoothInternalControllerInfo + flagstate + fmm-computer-name + fmm-mobileme-token-FMM + fmm-mobileme-token-FMM-BridgeHasAccount + nvda_drv + prev-lang:kbd + + 8BE4DF61-93CA-11D2-AA0D-00E098032B8C + + Boot0080 + Boot0081 + Boot0082 + BootNext + BootOrder + + + WriteFlash + + + PlatformInfo + + Automatic + + CustomMemory + + Generic + + AdviseFeatures + + MaxBIOSVersion + + MLB + {{BOARD_SERIAL}} + ProcessorType + 0 + ROM + + {{ROM}} + + SpoofVendor + + SystemMemoryStatus + Auto + SystemProductName + {{DEVICE_MODEL}} + SystemSerialNumber + {{SERIAL}} + SystemUUID + {{UUID}} + + UpdateDataHub + + UpdateNVRAM + + UpdateSMBIOS + + UpdateSMBIOSMode + Create + UseRawUuidEncoding + + + UEFI + + APFS + + EnableJumpstart + + GlobalConnect + + HideVerbose + + JumpstartHotPlug + + MinDate + -1 + MinVersion + -1 + + AppleInput + + AppleEvent + Builtin + CustomDelays + + GraphicsInputMirroring + + KeyInitialDelay + 50 + KeySubsequentDelay + 5 + PointerSpeedDiv + 1 + PointerSpeedMul + 1 + + Audio + + AudioCodec + 0 + AudioDevice + PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) + AudioOut + 0 + AudioSupport + + MinimumVolume + 20 + PlayChime + Auto + ResetTrafficClass + + SetupDelay + 0 + VolumeAmplifier + 0 + + ConnectDrivers + + Drivers + + + Arguments + + Comment + HFS+ Driver + Enabled + + Path + OpenHfsPlus.efi + + + Arguments + + Comment + + Enabled + + Path + OpenRuntime.efi + + + Arguments + + Comment + + Enabled + + Path + OpenCanopy.efi + + + Arguments + + Comment + + Enabled + + Path + AudioDxe.efi + + + Arguments + + Comment + + Enabled + + Path + OpenPartitionDxe.efi + + + Arguments + + Comment + + Enabled + + Path + OpenUsbKbDxe.efi + + + Arguments + + Comment + + Enabled + + Path + UsbMouseDxe.efi + + + Arguments + + Comment + + Enabled + + Path + Ps2KeyboardDxe.efi + + + Arguments + + Comment + + Enabled + + Path + Ps2MouseDxe.efi + + + Arguments + + Comment + + Enabled + + Path + HiiDatabase.efi + + + Arguments + + Comment + + Enabled + + Path + NvmExpressDxe.efi + + + Arguments + + Comment + + Enabled + + Path + XhciDxe.efi + + + Arguments + + Comment + + Enabled + + Path + ExFatDxe.efi + + + Arguments + + Comment + + Enabled + + Path + CrScreenshotDxe.efi + + + Arguments + + Comment + + Enabled + + Path + ext4_x64.efi + + + Arguments + + Comment + + Enabled + + Path + OpenLinuxBoot.efi + + + Input + + KeyFiltering + + KeyForgetThreshold + 5 + KeySupport + + KeySupportMode + Auto + KeySwap + + PointerSupport + + PointerSupportMode + ASUS + TimerResolution + 50000 + + Output + + ClearScreenOnModeSwitch + + ConsoleMode + + DirectGopRendering + + ForceResolution + + GopPassThrough + Disabled + IgnoreTextInGraphics + + ProvideConsoleGop + + ReconnectOnResChange + + ReplaceTabWithSpace + + Resolution + {{WIDTH}}x{{HEIGHT}}@32 + SanitiseClearScreen + + TextRenderer + BuiltinGraphics + UgaPassThrough + + + ProtocolOverrides + + AppleAudio + + AppleBootPolicy + + AppleDebugLog + + AppleEg2Info + + AppleFramebufferInfo + + AppleImageConversion + + AppleImg4Verification + + AppleKeyMap + + AppleRtcRam + + AppleSecureBoot + + AppleSmcIo + + AppleUserInterfaceTheme + + DataHub + + DeviceProperties + + FirmwareVolume + + HashServices + + OSInfo + + UnicodeCollation + + + Quirks + + ActivateHpetSupport + + DisableSecurityPolicy + + EnableVectorAcceleration + + ExitBootServicesDelay + 0 + ForceOcWriteFlash + + ForgeUefiSupport + + IgnoreInvalidFlexRatio + + ReleaseUsbOwnership + + ReloadOptionRoms + + RequestBootVarRouting + + TscSyncTimeout + 0 + UnblockFsConnect + + + + + diff --git a/custom/config-nopicker-legacy.plist b/custom/config-nopicker-legacy.plist new file mode 100644 index 0000000..ccd444c --- /dev/null +++ b/custom/config-nopicker-legacy.plist @@ -0,0 +1,883 @@ + + + + + ACPI + + Add + + + Comment + add DTGP method + Enabled + + Path + SSDT-DTGP.aml + + + Comment + Fake EC and USBX Power + Enabled + + Path + SSDT-EC.aml + + + Comment + USB 2.0 Injection + Enabled + + Path + SSDT-EHCI.aml + + + Comment + CPU AGPM Plugin=1 + Enabled + + Path + SSDT-PLUG.aml + + + Delete + + + All + + Comment + Delete CpuPm + Enabled + + OemTableId + Q3B1UG0AAAA= + TableLength + 0 + TableSignature + U1NEVA== + + + All + + Comment + Delete Cpu0Ist + Enabled + + OemTableId + Q3B1MElzdAA= + TableLength + 0 + TableSignature + U1NEVA== + + + Patch + + + Comment + _Q11 to XQ11 + Count + 1 + Enabled + + Find + X1ExMQ== + Limit + 0 + Mask + + OemTableId + + Replace + WFExMQ== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Comment + _Q12 to XQ12 + Count + 1 + Enabled + + Find + X1ExMg== + Limit + 0 + Mask + + OemTableId + + Replace + WFExMg== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Quirks + + FadtEnableReset + + NormalizeHeaders + + RebaseRegions + + ResetHwSig + + ResetLogoStatus + + + + Booter + + MmioWhitelist + + Quirks + + AvoidRuntimeDefrag + + DevirtualiseMmio + + DisableSingleUser + + DisableVariableWrite + + DiscardHibernateMap + + EnableSafeModeSlide + + EnableWriteUnprotector + + ForceExitBootServices + + ProtectMemoryRegions + + ProtectSecureBoot + + ProtectUefiServices + + ProvideCustomSlide + + ProvideMaxSlide + 0 + RebuildAppleMemoryMap + + SetupVirtualMap + + SignalAppleOS + + SyncRuntimePermissions + + + + DeviceProperties + + Add + + PciRoot(0x1)/Pci(0x1F,0x0) + + compatible + pci8086,2916 + device-id + + FikA + + name + pci8086,2916 + + + Delete + + PciRoot(0x0)/Pci(0x1b,0x0) + + MaximumBootBeepVolume + + + + Kernel + + Add + + + Arch + Any + BundlePath + VoodooHDA.kext + Comment + + Enabled + + ExecutablePath + Contents/MacOS/VoodooHDA + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + Lilu.kext + Comment + Patch engine + Enabled + + ExecutablePath + Contents/MacOS/Lilu + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VirtualSMC.kext + Comment + SMC emulator + Enabled + + ExecutablePath + Contents/MacOS/VirtualSMC + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + WhateverGreen.kext + Comment + Video patches + Enabled + + ExecutablePath + Contents/MacOS/WhateverGreen + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + BundlePath + AGPMInjector.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + BundlePath + USBPorts.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + MCEReporterDisabler.kext + Comment + AppleMCEReporter disabler + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + 19.0.0 + PlistPath + Contents/Info.plist + + + Block + + + Arch + Any + Comment + + Enabled + + Identifier + com.apple.driver.AppleTyMCEDriver + MaxKernel + + MinKernel + + + + Emulate + + Cpuid1Data + + VAYFAAAAAAAAAAAAAAAAAA== + + Cpuid1Mask + + ////AAAAAAAAAAAAAAAAAA== + + + Force + + + Arch + Any + BundlePath + System/Library/Extensions/IONetworkingFamily.kext + Comment + Patch engine + Enabled + + Identifier + com.apple.iokit.IONetworkingFamily + ExecutablePath + Contents/MacOS/IONetworkingFamily + MaxKernel + 13.99.99 + MinKernel + + PlistPath + Contents/Info.plist + + + Patch + + + Base + _cpu_topology_sort + Comment + algrey - cpu_topology_sort -disable _x86_validate_topology + Count + 1 + Enabled + + Find + + 6AAA//8= + + Identifier + kernel + Limit + 0 + Mask + + /wAA//8= + + MaxKernel + 20.99.99 + MinKernel + 17.0.0 + Replace + + Dx9EAAA= + + ReplaceMask + + + Skip + 0 + + + Base + + Comment + algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN + Count + 1 + Enabled + + Find + + MduAPQAAAAAGdQA= + + Identifier + kernel + Limit + 0 + Mask + + /////wAAAP///wA= + + MaxKernel + 20.99.99 + MinKernel + 17.0.0 + Replace + + u7xP6njpXQAAAJA= + + ReplaceMask + + + Skip + 0 + + + Quirks + + AppleCpuPmCfgLock + + AppleXcpmCfgLock + + AppleXcpmExtraMsrs + + AppleXcpmForceBoost + + CustomSMBIOSGuid + + DisableIoMapper + + DisableLinkeditJettison + + DisableRtcChecksum + + DummyPowerManagement + + ExternalDiskIcons + + IncreasePciBarSize + + LapicKernelPanic + + PanicNoKextDump + + PowerTimeoutKernelPanic + + ThirdPartyDrives + + XhciPortLimit + + + Scheme + + FuzzyMatch + + KernelArch + x86_64 + KernelCache + Auto + + + Misc + + BlessOverride + + Boot + + ConsoleAttributes + 0 + HibernateMode + Auto + HideAuxiliary + + PickerAttributes + 1 + PickerAudioAssist + + PickerMode + External + PollAppleHotKeys + + ShowPicker + + TakeoffDelay + 0 + Timeout + 0 + + Debug + + AppleDebug + + ApplePanic + + DisableWatchDog + + DisplayDelay + 0 + DisplayLevel + 2147483650 + SerialInit + + SysReport + + Target + 3 + + Entries + + Security + + AllowNvramReset + + AllowSetDefault + + ApECID + 0 + AuthRestart + + BootProtect + None + DmgLoading + Signed + EnablePassword + + ExposeSensitiveData + 6 + HaltLevel + 2147483648 + PasswordHash + + PasswordSalt + + ScanPolicy + 0 + SecureBootModel + Disabled + Vault + Optional + + Tools + + + Arguments + + Auxiliary + + Comment + Not signed for security reasons + Enabled + + Name + UEFI Shell + Path + OpenShell.efi + + + Arguments + Shutdown + Auxiliary + + Comment + Perform shutdown + Enabled + + Name + Shutdown + Path + ResetSystem.efi + + + + NVRAM + + Add + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + DefaultBackgroundColor + AAAAAA== + UIScale + AQ== + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + SystemAudioVolume + Rg== + boot-args + -v keepsyms=1 tlbto_us=0 vti=9 {{KERNEL_ARGS}} + run-efi-updater + No + csr-active-config + ZwAAAA== + prev-lang:kbd + ZW4tVVM6MA== + + + Delete + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + UIScale + DefaultBackgroundColor + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + boot-args + + + LegacyEnable + + LegacyOverwrite + + LegacySchema + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + EFILoginHiDPI + EFIBluetoothDelay + LocationServicesEnabled + SystemAudioVolume + SystemAudioVolumeDB + SystemAudioVolumeSaved + bluetoothActiveControllerInfo + bluetoothInternalControllerInfo + flagstate + fmm-computer-name + nvda_drv + prev-lang:kbd + + 8BE4DF61-93CA-11D2-AA0D-00E098032B8C + + Boot0080 + Boot0081 + Boot0082 + BootNext + BootOrder + + + WriteFlash + + + PlatformInfo + + Automatic + + Generic + + AdviseWindows + + MLB + {{BOARD_SERIAL_OLD}} + ROM + + {{ROM}} + + SpoofVendor + + SystemProductName + {{DEVICE_MODEL}} + SystemSerialNumber + {{SERIAL_OLD}} + SystemUUID + {{SYSTEM_UUID_OLD}} + + UpdateDataHub + + UpdateNVRAM + + UpdateSMBIOS + + UpdateSMBIOSMode + Create + + UEFI + + APFS + + EnableJumpstart + + GlobalConnect + + HideVerbose + + JumpstartHotPlug + + MinDate + 0 + MinVersion + 0 + + Audio + + AudioCodec + 0 + AudioDevice + PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) + AudioOut + 0 + AudioSupport + + MinimumVolume + 20 + PlayChime + + VolumeAmplifier + 0 + + ConnectDrivers + + Drivers + + VBoxHfs.efi + OpenRuntime.efi + OpenCanopy.efi + #AudioDxe.efi + #OpenUsbKbDxe.efi + #UsbMouseDxe.efi + #Ps2KeyboardDxe.efi + #Ps2MouseDxe.efi + #HiiDatabase.efi + #NvmExpressDxe.efi + #XhciDxe.efi + #ExFatDxe.efi + #PartitionDxe.efi + #CrScreenshotDxe.efi + + Input + + KeyFiltering + + KeyForgetThreshold + 5 + KeyMergeThreshold + 2 + KeySupport + + KeySupportMode + Auto + KeySwap + + PointerSupport + + PointerSupportMode + ASUS + TimerResolution + 50000 + + Output + + ClearScreenOnModeSwitch + + ConsoleMode + + DirectGopRendering + + IgnoreTextInGraphics + + ProvideConsoleGop + + ReconnectOnResChange + + ReplaceTabWithSpace + + Resolution + 1920x1080@32 + SanitiseClearScreen + + TextRenderer + BuiltinGraphics + UgaPassThrough + + + ProtocolOverrides + + AppleAudio + + AppleBootPolicy + + AppleDebugLog + + AppleEvent + + AppleFramebufferInfo + + AppleImageConversion + + AppleImg4Verification + + AppleKeyMap + + AppleRtcRam + + AppleSecureBoot + + AppleSmcIo + + AppleUserInterfaceTheme + + DataHub + + DeviceProperties + + FirmwareVolume + + HashServices + + OSInfo + + UnicodeCollation + + + Quirks + + ExitBootServicesDelay + 0 + IgnoreInvalidFlexRatio + + ReleaseUsbOwnership + + RequestBootVarRouting + + TscSyncTimeout + 0 + UnblockFsConnect + + ConnectDrivers + + + + + \ No newline at end of file diff --git a/custom/generate-specific-bootdisk.sh b/custom/generate-specific-bootdisk.sh new file mode 100755 index 0000000..146abbc --- /dev/null +++ b/custom/generate-specific-bootdisk.sh @@ -0,0 +1,290 @@ +#!/bin/bash +# ___ _____ __ ___ _ _ ___ _ +# / _ \/ __\ \/ / / __| ___ _ _(_)__ _| | / __|___ _ _ ___ _ _ __ _| |_ ___ _ _ +# | (_) \__ \> < \__ \/ -_) '_| / _` | | | (_ / -_) ' \/ -_) '_/ _` | _/ _ \ '_| +# \___/|___/_/\_\ |___/\___|_| |_\__,_|_| \___\___|_||_\___|_| \__,_|\__\___/_| +# +# Repo: https://github.com/sickcodes/osx-serial-generator/ +# Title: OSX Serial Generator +# Author: Sick.Codes https://sick.codes/ +# Version: 3.1 +# License: GPLv3+ + +set -e + +help_text="Usage: ./generate-specific-bootdisk.sh + +Required options: + --model Device model, e.g. 'iMacPro1,1' + --serial Device Serial number + --board-serial Main Logic Board Serial number (MLB) + --uuid SMBIOS UUID (SmUUID) + --mac-address Used for both the MAC address and to set ROM + ROM is lowercased sans any colons +Optional options: + --width Resolution x axis length in px, default 1920 + --height Resolution y axis length in px, default 1080 + --kernel-args Additional boot-args + --input-plist-url Specify an alternative master plist, via URL + --master-plist-url Same as above. + --custom-plist Optionally change the input plist. + --master-plist Same as above. + --output-bootdisk Optionally change the bootdisk filename + --output-plist Optionally change the output plist filename + --help, -h, help Display this help and exit + +Placeholders: {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, {{UUID}}, + {{ROM}}, {{WIDTH}}, {{HEIGHT}} + +Example: + ./generate-specific-bootdisk.sh \\ + --model iMacPro1,1 \\ + --serial C02TW0WAHX87 \\ + --board-serial C027251024NJG36UE \\ + --uuid 5CCB366D-9118-4C61-A00A-E5BAF3BED451 \\ + --mac-address A8:5C:2C:9A:46:2F \\ + --output-bootdisk ./OpenCore-nopicker.qcow2 \\ + --width 1920 \\ + --height 1080 + +Author: Sick.Codes https://sick.codes/ +Project: https://github.com/sickcodes/osx-serial-generator/ +License: GPLv3+ +" + +OPENCORE_IMAGE_MAKER_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/opencore-image-ng.sh' +MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' + +# gather arguments +while (( "$#" )); do + case "${1}" in + + --help | -h | h | help ) + echo "${help_text}" && exit 0 + ;; + + --model=* | -m=* ) + export DEVICE_MODEL="${1#*=}" + shift + ;; + + --model* | -m* ) + export DEVICE_MODEL="${2}" + shift + shift + ;; + + --serial=* ) + export SERIAL="${1#*=}" + shift + ;; + + --serial* ) + export SERIAL="${2}" + shift + shift + ;; + + --board-serial=* ) + export BOARD_SERIAL="${1#*=}" + shift + ;; + + --board-serial* ) + export BOARD_SERIAL="${2}" + shift + shift + ;; + + --uuid=* ) + export UUID="${1#*=}" + shift + ;; + + --uuid* ) + export UUID="${2}" + shift + shift + ;; + + --mac-address=* ) + export MAC_ADDRESS="${1#*=}" + shift + ;; + + --mac-address* ) + export MAC_ADDRESS="${2}" + shift + shift + ;; + + --width=* ) + export WIDTH="${1#*=}" + shift + ;; + + --width* ) + export WIDTH="${2}" + shift + shift + ;; + + --height=* ) + export HEIGHT="${1#*=}" + shift + ;; + + --height* ) + export HEIGHT="${2}" + shift + shift + ;; + + --output-bootdisk=* ) + export OUTPUT_QCOW="${1#*=}" + shift + ;; + + --output-bootdisk* ) + export OUTPUT_QCOW="${2}" + shift + shift + ;; + + --output-plist=* ) + export OUTPUT_PLIST="${1#*=}" + shift + ;; + + --output-plist* ) + export OUTPUT_PLIST="${2}" + shift + shift + ;; + + --master-plist-url=* | --input-plist-url=* | --custom-plist-url=* ) + export MASTER_PLIST_URL="${1#*=}" + shift + ;; + + --master-plist-url* | --input-plist-url* | --custom-plist-url* ) + export MASTER_PLIST_URL="${2}" + shift + shift + ;; + + --master-plist=* | --input-plist=* | --custom-plist=* ) + export MASTER_PLIST="${1#*=}" + shift + ;; + + --master-plist* | --input-plist* | --custom-plist* ) + export MASTER_PLIST="${2}" + shift + shift + ;; + + *) + echo "Invalid option ${1}. Running with default values..." + shift + ;; + esac +done + + +download_qcow_efi_folder () { + + export EFI_FOLDER=./OpenCore/EFI + export RESOURCES_FOLDER=./resources/OcBinaryData/Resources + + # check if we are inside OSX-KVM already + # if not, download OSX-KVM locally + [ -d ./OpenCore/EFI/ ] || { + [ -d ./OSX-KVM/ ] || git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git + export EFI_FOLDER="./OSX-KVM/${EFI_FOLDER}" + } + + [ -d ./resources/OcBinaryData/Resources/ ] || { + export RESOURCES_FOLDER="./OSX-KVM/${RESOURCES_FOLDER}" + } + + # EFI Shell commands + touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh + + cp -a "${EFI_FOLDER}" . + + mkdir -p ./EFI/OC/Resources + + # copy Apple drivers into EFI/OC/Resources + cp -a "${RESOURCES_FOLDER}"/* ./EFI/OC/Resources +} + +generate_bootdisk () { + + # need a config.plist + if [ "${MASTER_PLIST}" ]; then + [ -e "${MASTER_PLIST}" ] || echo "Could not find: ${MASTER_PLIST}" + elif [ "${MASTER_PLIST}" ] && [ "${MASTER_PLIST_URL}" ]; then + echo 'You specified both a custom plist FILE & custom plist URL.' + echo 'Use only one of those options.' + elif [ "${MASTER_PLIST_URL}" ]; then + wget -O "${MASTER_PLIST:=./config-custom.plist}" "${MASTER_PLIST_URL}" + else + # default is config-nopicker-custom.plist from OSX-KVM with placeholders used in Docker-OSX + wget -O "${MASTER_PLIST:=./config-nopicker-custom.plist}" "${MASTER_PLIST_URL}" + fi + + [ -e ./opencore-image-ng.sh ] \ + || { wget "${OPENCORE_IMAGE_MAKER_URL}" \ + && chmod +x opencore-image-ng.sh ; } + + # plist required for bootdisks, so create anyway. + if [ "${DEVICE_MODEL}" ] \ + && [ "${SERIAL}" ] \ + && [ "${BOARD_SERIAL}" ] \ + && [ "${UUID}" ] \ + && [ "${MAC_ADDRESS}" ]; then + ROM="${MAC_ADDRESS//\:/}" + ROM="${ROM,,}" + sed -e s/\{\{DEVICE_MODEL\}\}/"${DEVICE_MODEL}"/g \ + -e s/\{\{SERIAL\}\}/"${SERIAL}"/g \ + -e s/\{\{BOARD_SERIAL\}\}/"${BOARD_SERIAL}"/g \ + -e s/\{\{UUID\}\}/"${UUID}"/g \ + -e s/\{\{ROM\}\}/"${ROM}"/g \ + -e s/\{\{WIDTH\}\}/"${WIDTH:-1920}"/g \ + -e s/\{\{HEIGHT\}\}/"${HEIGHT:-1080}"/g \ + -e s/\{\{KERNEL_ARGS\}\}/"${KERNEL_ARGS:-}"/g \ + "${MASTER_PLIST}" > ./tmp.config.plist || exit 1 + else + cat < < \__ \/ -_) '_| / _` | | | (_ / -_) ' \/ -_) '_/ _` | _/ _ \ '_| +# \___/|___/_/\_\ |___/\___|_| |_\__,_|_| \___\___|_||_\___|_| \__,_|\__\___/_| +# +# Repo: https://github.com/sickcodes/osx-serial-generator/ +# Title: OSX Serial Generator +# Author: Sick.Codes https://sick.codes/ +# Version: 3.1 +# License: GPLv3+ + +set -e + +help_text="Usage: ./generate-unique-machine-values.sh + +General options: + --count, -n, -c Number of serials to generate + --model, -m Device model, e.g. 'iMacPro1,1' + --csv Optionally change the CSV output filename + --tsv Optionally change the TSV output filename + --output-dir Optionally change the script output location + --width Resolution x axis length in px, default 1920 + --height Resolution y axis length in px, default 1080 + --kernel-args Additional boot-args + --input-plist-url Specify an alternative master plist, via URL + --master-plist-url Same as above. + --custom-plist Optionally change the input plist. + --master-plist Same as above. + --output-bootdisk Optionally change the bootdisk filename + --create-envs, --envs Create all corresponding sourcable envs + --create-plists, --plists Create all corresponding config.plists + --create-bootdisks, --bootdisks Create all corresponding bootdisks [SLOW] + --help, -h, help Display this help and exit + +Additional options only if you are creating ONE serial set: + --output-bootdisk Optionally change the bootdisk filename + --output-env Optionally change the serials env filename + +Custom plist placeholders: + {{DEVICE_MODEL}}, {{SERIAL}}, {{BOARD_SERIAL}}, + {{UUID}}, {{ROM}}, {{WIDTH}}, {{HEIGHT}}, {{KERNEL_ARGS}} + +Example: + ./generate-unique-machine-values.sh --count 1 --plists --bootdisks --envs + +Defaults: + - One serial, for 'iMacPro1,1', in the current working directory + - CSV and TSV output + - plists in ./plists/ & bootdisks in ./bootdisks/ & envs in ./envs + - if you set --bootdisk name, --bootdisks is assumed + - if you set --custom-plist, --plists is assumed + - if you set --output-env, --envs is assumed + +Author: Sick.Codes https://sick.codes/ +Project: https://github.com/sickcodes/osx-serial-generator/ +License: GPLv3+ +" + +OPENCORE_IMAGE_MAKER_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/opencore-image-ng.sh' +MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' + +# gather arguments +while (( "$#" )); do + case "${1}" in + + --help | -h | h | help ) + echo "${help_text}" && exit 0 + ;; + + --count=* | -c=* | -n=* ) + export SERIAL_SET_COUNT="${1#*=}" + shift + ;; + + --count* | -c* | -n* ) + export SERIAL_SET_COUNT="${2}" + shift + shift + ;; + + --csv=* ) + export CSV_OUTPUT_FILENAME="${1#*=}" + shift + ;; + + --csv* ) + export CSV_OUTPUT_FILENAME="${2}" + shift + shift + ;; + + --tsv=* ) + export TSV_OUTPUT_FILENAME="${1#*=}" + shift + ;; + + --tsv* ) + export TSV_OUTPUT_FILENAME="${2}" + shift + shift + ;; + + --output-dir=* ) + export OUTPUT_DIRECTORY="${1#*=}" + shift + ;; + + --output-dir* ) + export OUTPUT_DIRECTORY="${2}" + shift + shift + ;; + + --output-bootdisk=* ) + export OUTPUT_BOOTDISK="${1#*=}" + shift + ;; + + --output-bootdisk* ) + export OUTPUT_BOOTDISK="${2}" + shift + shift + ;; + + --output-env=* ) + export OUTPUT_ENV="${1#*=}" + shift + ;; + + --output-env* ) + export OUTPUT_ENV="${2}" + shift + shift + ;; + + --model=* | -m=* ) + export DEVICE_MODEL="${1#*=}" + shift + ;; + + --model* | -m* ) + export DEVICE_MODEL="${2}" + shift + shift + ;; + + --width=* ) + export WIDTH="${1#*=}" + shift + ;; + + --width* ) + export WIDTH="${2}" + shift + shift + ;; + + --height=* ) + export HEIGHT="${1#*=}" + shift + ;; + + --height* ) + export HEIGHT="${2}" + shift + shift + ;; + + --master-plist-url=* | --input-plist-url=* | --custom-plist-url=* ) + export MASTER_PLIST_URL="${1#*=}" + shift + ;; + + --master-plist-url* | --input-plist-url* | --custom-plist-url* ) + export MASTER_PLIST_URL="${2}" + shift + shift + ;; + + --master-plist=* | --input-plist=* | --custom-plist=* ) + export MASTER_PLIST="${1#*=}" + shift + ;; + + --master-plist* | --input-plist* | --custom-plist* ) + export MASTER_PLIST="${2}" + shift + shift + ;; + + --create-plists | --plists ) + export CREATE_PLISTS=1 + shift + ;; + + --create-bootdisks | --bootdisks ) + export CREATE_BOOTDISKS=1 + shift + ;; + + --create-envs | --envs ) + export CREATE_ENVS=1 + shift + ;; + + *) + echo "Invalid option. Running with default values..." + shift + ;; + esac +done + + +build_mac_serial () { + [ -d ./OpenCorePkg ] || git clone --depth 1 https://github.com/acidanthera/OpenCorePkg.git + make -C ./OpenCorePkg/Utilities/macserial/ + mv ./OpenCorePkg/Utilities/macserial/macserial . + chmod +x ./macserial + stat ./macserial +} + +download_vendor_mac_addresses () { + # download the MAC Address vendor list + [ -e "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" ] || wget -O "${MAC_ADDRESSES_FILE}" https://gitlab.com/wireshark/wireshark/-/raw/master/manuf +} + +download_qcow_efi_folder () { + + export EFI_FOLDER=./OpenCore/EFI + export RESOURCES_FOLDER=./resources/OcBinaryData/Resources + + # check if we are inside OSX-KVM already + # if not, download OSX-KVM locally + [ -d ./OpenCore/EFI/ ] || { + [ -d ./OSX-KVM/ ] || git clone --recurse-submodules --depth 1 https://github.com/kholia/OSX-KVM.git + export EFI_FOLDER="./OSX-KVM/${EFI_FOLDER}" + } + + [ -d ./resources/OcBinaryData/Resources/ ] || { + export RESOURCES_FOLDER="./OSX-KVM/${RESOURCES_FOLDER}" + } + + # EFI Shell commands + touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh + + cp -a "${EFI_FOLDER}" . + + mkdir -p ./EFI/OC/Resources + + # copy Apple drivers into EFI/OC/Resources + cp -a "${RESOURCES_FOLDER}"/* ./EFI/OC/Resources +} + + +generate_serial_sets () { + + + + if [ "${CSV_OUTPUT_FILENAME}" ]; then + [ "${CSV_OUTPUT_FILENAME}" ] && export CSV_SERIAL_SETS_FILE="${CSV_OUTPUT_FILENAME}" + else + export CSV_SERIAL_SETS_FILE="${OUTPUT_DIRECTORY}/serial_sets-${DATE_NOW}.csv" + fi + + if [ "${TSV_OUTPUT_FILENAME}" ]; then + [ "${TSV_OUTPUT_FILENAME}" ] && export TSV_SERIAL_SETS_FILE="${TSV_OUTPUT_FILENAME}" + else + export TSV_SERIAL_SETS_FILE="${OUTPUT_DIRECTORY}/serial_sets-${DATE_NOW}.tsv" + fi + + + ./macserial \ + --num "${SERIAL_SET_COUNT}" \ + --model "${DEVICE_MODEL}" \ + | while IFS='\ \|\ ' read -r SERIAL BOARD_SERIAL; do + # make a uuid... + UUID="$(uuidgen)" + # bash 3-5 compatible + # UUID="${UUID^^}" + UUID="$(tr '[:lower:]' '[:upper:]' <<< "${UUID}")" + + # get a random vendor specific MAC address. + RANDOM_MAC_PREFIX="$(grep -e "${VENDOR_REGEX}" < "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" | sort --random-sort | head -n1)" + RANDOM_MAC_PREFIX="$(cut -d$'\t' -f1 <<< "${RANDOM_MAC_PREFIX}")" + MAC_ADDRESS="$(printf "${RANDOM_MAC_PREFIX}:%02X:%02X:%02X" "$((RANDOM%256))" "$((RANDOM%256))" "$((RANDOM%256))")" + + [ -z "${WIDTH}" ] && WIDTH=1920 + [ -z "${HEIGHT}" ] && HEIGHT=1080 + + # append to csv file + tee -a "${CSV_SERIAL_SETS_FILE}" < "${OUTPUT_ENV_FILE}" +export DEVICE_MODEL="${DEVICE_MODEL}" +export SERIAL="${SERIAL}" +export BOARD_SERIAL="${BOARD_SERIAL}" +export UUID="${UUID}" +export MAC_ADDRESS="${MAC_ADDRESS}" +export WIDTH="${WIDTH}" +export HEIGHT="${HEIGHT}" +EOF + + fi + + # plist required for bootdisks, so create anyway. + if [ "${CREATE_PLISTS}" ] || [ "${CREATE_BOOTDISKS}" ]; then + + # need a config.plist + if [ "${MASTER_PLIST}" ]; then + [ -e "${MASTER_PLIST}" ] || echo "Could not find: ${MASTER_PLIST}" + elif [ "${MASTER_PLIST}" ] && [ "${MASTER_PLIST_URL}" ]; then + echo 'You specified both a custom plist FILE & custom plist URL.' + echo 'Use only one of those options.' + elif [ "${MASTER_PLIST_URL}" ]; then + wget -O "${MASTER_PLIST:=./config-custom.plist}" "${MASTER_PLIST_URL}" + else + # default is config-nopicker-custom.plist from OSX-KVM with placeholders used in Docker-OSX + wget -O "${MASTER_PLIST:=./config-nopicker-custom.plist}" "${MASTER_PLIST_URL}" + fi + + mkdir -p "${OUTPUT_DIRECTORY}/plists" + source "${OUTPUT_ENV_FILE}" + ROM="${MAC_ADDRESS//\:/}" + ROM="${ROM,,}" + sed -e s/\{\{DEVICE_MODEL\}\}/"${DEVICE_MODEL}"/g \ + -e s/\{\{SERIAL\}\}/"${SERIAL}"/g \ + -e s/\{\{BOARD_SERIAL\}\}/"${BOARD_SERIAL}"/g \ + -e s/\{\{UUID\}\}/"${UUID}"/g \ + -e s/\{\{ROM\}\}/"${ROM}"/g \ + -e s/\{\{WIDTH\}\}/"${WIDTH}"/g \ + -e s/\{\{HEIGHT\}\}/"${HEIGHT}"/g \ + -e s/\{\{KERNEL_ARGS\}\}/"${KERNEL_ARGS:-}"/g \ + "${MASTER_PLIST}" > "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" || exit 1 + fi + + # make bootdisk qcow2 format if --bootdisks, but also if you set the bootdisk filename + if [ "${CREATE_BOOTDISKS}" ] || [ "${OUTPUT_BOOTDISK}" ]; then + [ -e ./opencore-image-ng.sh ] \ + || { wget "${OPENCORE_IMAGE_MAKER_URL}" \ + && chmod +x opencore-image-ng.sh ; } + mkdir -p "${OUTPUT_DIRECTORY}/bootdisks" + ./opencore-image-ng.sh \ + --cfg "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" \ + --img "${OUTPUT_BOOTDISK:-${OUTPUT_DIRECTORY}/bootdisks/${SERIAL}.OpenCore-nopicker.qcow2}" || exit 1 + fi + + done + + [ -e "${CSV_SERIAL_SETS_FILE}" ] && \ + cat <(echo "DEVICE_MODEL,SERIAL,BOARD_SERIAL,UUID,MAC_ADDRESS,WIDTH,HEIGHT,KERNEL_ARGS") "${CSV_SERIAL_SETS_FILE}" + + + [ -e "${TSV_SERIAL_SETS_FILE}" ] && \ + cat <(printf "DEVICE_MODEL\tSERIAL\tBOARD_SERIAL\tUUID\tMAC_ADDRESS\tWIDTH\tHEIGHT\tKERNEL_ARGS\n") "${TSV_SERIAL_SETS_FILE}" + +} + +main () { + # setting default variables if there are no options + export DATE_NOW="$(date +%F-%T)" + export DEVICE_MODEL="${DEVICE_MODEL:=iMacPro1,1}" + export VENDOR_REGEX="${VENDOR_REGEX:=Apple, Inc.}" + export SERIAL_SET_COUNT="${SERIAL_SET_COUNT:=1}" + export OUTPUT_DIRECTORY="${OUTPUT_DIRECTORY:=.}" + cat </dev/null 2>&1 || true + fi + sudo rm -rf "$WORK" +} + +WORK="${TMPDIR-/var/tmp}/${0##*/}-$$" +mkdir "$WORK" || exit 1 +trap 'do_cleanup' EXIT + +BASE="$(dirname $0)" + +###################################################################### +# parse args + +function print_help() { +cat < + --img + --cfg +EOF +} + +while test "$1" != ""; do + case "$1" in + --iso) + iso="$2" + shift; shift + ;; + --img) + img="$2" + shift; shift + ;; + --cfg) + cfg="$2" + shift; shift + ;; + esac +done + +###################################################################### +# guestfish script helpers + +function fish() { + echo "#" "$@" + guestfish --remote -- "$@" || exit 1 +} + +function fish_init() { + local format + + case "$img" in + *.raw) format="raw" ;; + *) format="qcow2";; + esac + + msg "creating and adding disk image" + fish disk-create $img $format 384M + fish add $img + fish run +} + +function fish_fini() { + fish umount-all +} + +# disabled by @sickcodes to allow unattended image overwrites +###################################################################### +# sanity checks + +# if test ! -f "$cfg"; then +# echo "ERROR: cfg not found: $cfg" +# exit 1 +# fi +# if test -f "$img"; then +# if test "$allow_override" = "yes"; then +# rm -f "$img" +# else +# echo "ERROR: image exists: $img" +# exit 1 +# fi +# fi + +###################################################################### +# go! + +msg "copy files from local folder" +BASE="$(dirname $0)" +cp -a $BASE/EFI $WORK +find "$WORK" + +#msg "[debug] list drivers in EFI/OC" +#(cd $WORK/EFI/OC; find driver* -print) + +export LIBGUESTFS_BACKEND=direct +eval $(guestfish --listen) +if test "$GUESTFISH_PID" = ""; then + echo "ERROR: starting guestfish failed" + exit 1 +fi + +fish_init + +msg "partition disk image" +fish part-init /dev/sda gpt +fish part-add /dev/sda p 2048 300000 +fish part-add /dev/sda p 302048 -2048 +fish part-set-gpt-type /dev/sda 1 C12A7328-F81F-11D2-BA4B-00A0C93EC93B +fish part-set-bootable /dev/sda 1 true +fish mkfs vfat /dev/sda1 label:EFI +fish mkfs vfat /dev/sda2 label:OpenCore +fish mount /dev/sda2 / +fish mkdir /ESP +fish mount /dev/sda1 /ESP + +msg "copy files to disk image" +cp -v "$cfg" $WORK/config.plist +fish mkdir /ESP/EFI +fish mkdir /ESP/EFI/OC +fish mkdir /ESP/EFI/OC/Kexts +fish mkdir /ESP/EFI/OC/ACPI +fish mkdir /ESP/EFI/OC/Resources +fish mkdir /ESP/EFI/OC/Tools +fish copy-in $WORK/EFI/BOOT /ESP/EFI +fish copy-in $WORK/EFI/OC/OpenCore.efi /ESP/EFI/OC +fish copy-in $WORK/EFI/OC/Drivers /ESP/EFI/OC/ +fish copy-in $WORK/EFI/OC/Kexts /ESP/EFI/OC/ +fish copy-in $WORK/EFI/OC/ACPI /ESP/EFI/OC/ +fish copy-in $BASE/resources/OcBinaryData/Resources /ESP/EFI/OC/ +fish copy-in $WORK/EFI/OC/Tools /ESP/EFI/OC/ + +# Note +fish copy-in startup.nsh / + +BASE="$(dirname $0)" +fish copy-in "$WORK/config.plist" /ESP/EFI/OC/ + +fish find /ESP/ +fish_fini diff --git a/discord-logo.svg b/discord-logo.svg new file mode 100644 index 0000000..c871f7e --- /dev/null +++ b/discord-logo.svg @@ -0,0 +1,14 @@ + + + + + + + + + + \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..9a8eb42 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,26 @@ +version: '3.4' + +services: + osx: + container_name: docker-osx + build: + context: . + args: + - SIZE=200G + - VERSION=10.15.5 + image: sickcodes/docker-osx + privileged: true + environment: + - DISPLAY=${DISPLAY:-:0.0} + network_mode: "host" + cap_add: + - ALL + volumes: + - /tmp/.X11-unix:/tmp/.X11-unix + - /dev:/dev + - /lib/modules:/lib/modules + - docker-osx_data:/home + +volumes: + docker-osx_data: + name: docker-osx_data diff --git a/fetch-macOS.py b/fetch-macOS.py new file mode 100755 index 0000000..c8d9a57 --- /dev/null +++ b/fetch-macOS.py @@ -0,0 +1,447 @@ +#!/usr/bin/env python3 +# encoding: utf-8 +# +# https://github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py +# +# Copyright 2017 Greg Neagle. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Thanks to Tim Sutton for ideas, suggestions, and sample code. +# +# Updated in May of 2019 by Dhiru Kholia. + +'''installinstallmacos.py +A tool to download the parts for an Install macOS app from Apple's +softwareupdate servers and install a functioning Install macOS app onto an +empty disk image''' + +# https://github.com/foxlet/macOS-Simple-KVM/blob/master/tools/FetchMacOS/fetch-macos.py +# is pretty similar. + + +# Bad hack +import warnings + +warnings.filterwarnings("ignore", category=DeprecationWarning) + +import os +import gzip +import argparse +import plistlib +import subprocess + +from xml.dom import minidom +from xml.parsers.expat import ExpatError + + +import sys + +if sys.version_info[0] < 3: + import urlparse as urlstuff +else: + import urllib.parse as urlstuff +# Quick fix for python 3.9 and above +if sys.version_info[0] == 3 and sys.version_info[1] >= 9: + from types import MethodType + + def readPlist(self,filepath): + with open(filepath, 'rb') as f: + p = plistlib._PlistParser(dict) + rootObject = p.parse(f) + return rootObject + # adding the method readPlist() to plistlib + plistlib.readPlist = MethodType(readPlist, plistlib) + +# https://github.com/foxlet/macOS-Simple-KVM/blob/master/tools/FetchMacOS/fetch-macos.py (unused) +# https://github.com/munki/macadmin-scripts +catalogs = { + "CustomerSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16customerseed-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", + "DeveloperSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16seed-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", + "PublicSeed": "https://swscan.apple.com/content/catalogs/others/index-10.16beta-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", + "PublicRelease": "https://swscan.apple.com/content/catalogs/others/index-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog", + "20": "https://swscan.apple.com/content/catalogs/others/index-11-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog" +} + + +def get_default_catalog(): + '''Returns the default softwareupdate catalog for the current OS''' + return catalogs["20"] + # return catalogs["PublicRelease"] + # return catalogs["DeveloperSeed"] + + +class ReplicationError(Exception): + '''A custom error when replication fails''' + pass + + +def cmd_exists(cmd): + return subprocess.Popen("type " + cmd, shell=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + +def replicate_url(full_url, + root_dir='/tmp', + show_progress=False, + ignore_cache=False, + attempt_resume=False, installer=False, product_title=""): + '''Downloads a URL and stores it in the same relative path on our + filesystem. Returns a path to the replicated file.''' + + # hack + print("[+] Fetching %s" % full_url) + if installer and "BaseSystem.dmg" not in full_url and "Big Sur" not in product_title: + return + if "Big Sur" in product_title and "InstallAssistant.pkg" not in full_url: + return + attempt_resume = True + # path = urllib.parse.urlsplit(full_url)[2] + path = urlstuff.urlsplit(full_url)[2] + relative_url = path.lstrip('/') + relative_url = os.path.normpath(relative_url) + # local_file_path = os.path.join(root_dir, relative_url) + local_file_path = relative_url + # print("Downloading %s..." % full_url) + + if cmd_exists('wget'): + if not installer: + download_cmd = ['wget', "-c", "--quiet", "-x", "-nH", full_url] + # this doesn't work as there are multiple metadata files with the same name! + # download_cmd = ['wget', "-c", "--quiet", full_url] + else: + download_cmd = ['wget', "-c", full_url] + else: + if not installer: + download_cmd = ['curl', "--silent", "--show-error", "-o", local_file_path, "--create-dirs", full_url] + else: + local_file_path = os.path.basename(local_file_path) + download_cmd = ['curl', "-o", local_file_path, full_url] + + try: + subprocess.check_call(download_cmd) + except subprocess.CalledProcessError as err: + raise ReplicationError(err) + return local_file_path + + +def parse_server_metadata(filename): + '''Parses a softwareupdate server metadata file, looking for information + of interest. + Returns a dictionary containing title, version, and description.''' + title = '' + vers = '' + try: + md_plist = plistlib.readPlist(filename) + except (OSError, IOError, ExpatError) as err: + print('Error reading %s: %s' % (filename, err), file=sys.stderr) + return {} + vers = md_plist.get('CFBundleShortVersionString', '') + localization = md_plist.get('localization', {}) + preferred_localization = (localization.get('English') or + localization.get('en')) + if preferred_localization: + title = preferred_localization.get('title', '') + + metadata = {} + metadata['title'] = title + metadata['version'] = vers + + """ + {'title': 'macOS Mojave', 'version': '10.14.5'} + {'title': 'macOS Mojave', 'version': '10.14.6'} + """ + return metadata + + +def get_server_metadata(catalog, product_key, workdir, ignore_cache=False): + '''Replicate ServerMetaData''' + try: + url = catalog['Products'][product_key]['ServerMetadataURL'] + try: + smd_path = replicate_url( + url, root_dir=workdir, ignore_cache=ignore_cache) + return smd_path + except ReplicationError as err: + print('Could not replicate %s: %s' % (url, err), file=sys.stderr) + return None + except KeyError: + # print('Malformed catalog.', file=sys.stderr) + return None + + +def parse_dist(filename): + '''Parses a softwareupdate dist file, returning a dict of info of + interest''' + dist_info = {} + try: + dom = minidom.parse(filename) + except ExpatError: + print('Invalid XML in %s' % filename, file=sys.stderr) + return dist_info + except IOError as err: + print('Error reading %s: %s' % (filename, err), file=sys.stderr) + return dist_info + + titles = dom.getElementsByTagName('title') + if titles: + dist_info['title_from_dist'] = titles[0].firstChild.wholeText + + auxinfos = dom.getElementsByTagName('auxinfo') + if not auxinfos: + return dist_info + auxinfo = auxinfos[0] + key = None + value = None + children = auxinfo.childNodes + # handle the possibility that keys from auxinfo may be nested + # within a 'dict' element + dict_nodes = [n for n in auxinfo.childNodes + if n.nodeType == n.ELEMENT_NODE and + n.tagName == 'dict'] + if dict_nodes: + children = dict_nodes[0].childNodes + for node in children: + if node.nodeType == node.ELEMENT_NODE and node.tagName == 'key': + key = node.firstChild.wholeText + if node.nodeType == node.ELEMENT_NODE and node.tagName == 'string': + value = node.firstChild.wholeText + if key and value: + dist_info[key] = value + key = None + value = None + return dist_info + + +def download_and_parse_sucatalog(sucatalog, workdir, ignore_cache=False): + '''Downloads and returns a parsed softwareupdate catalog''' + try: + localcatalogpath = replicate_url( + sucatalog, root_dir=workdir, ignore_cache=ignore_cache) + except ReplicationError as err: + print('Could not replicate %s: %s' % (sucatalog, err), file=sys.stderr) + exit(-1) + if os.path.splitext(localcatalogpath)[1] == '.gz': + with gzip.open(localcatalogpath) as the_file: + content = the_file.read() + try: + catalog = plistlib.readPlistFromString(content) + return catalog + except ExpatError as err: + print('Error reading %s: %s' % (localcatalogpath, err), file=sys.stderr) + exit(-1) + else: + try: + catalog = plistlib.readPlist(localcatalogpath) + return catalog + except (OSError, IOError, ExpatError) as err: + print('Error reading %s: %s' % (localcatalogpath, err), file=sys.stderr) + exit(-1) + + +def find_mac_os_installers(catalog): + '''Return a list of product identifiers for what appear to be macOS + installers''' + mac_os_installer_products = [] + if 'Products' in catalog: + for product_key in catalog['Products'].keys(): + product = catalog['Products'][product_key] + try: + if product['ExtendedMetaInfo'][ + 'InstallAssistantPackageIdentifiers']: + mac_os_installer_products.append(product_key) + except KeyError: + continue + + return mac_os_installer_products + + +def os_installer_product_info(catalog, workdir, ignore_cache=False): + '''Returns a dict of info about products that look like macOS installers''' + product_info = {} + installer_products = find_mac_os_installers(catalog) + for product_key in installer_products: + product_info[product_key] = {} + filename = get_server_metadata(catalog, product_key, workdir) + if filename: + product_info[product_key] = parse_server_metadata(filename) + else: + # print('No server metadata for %s' % product_key) + product_info[product_key]['title'] = None + product_info[product_key]['version'] = None + + product = catalog['Products'][product_key] + product_info[product_key]['PostDate'] = product['PostDate'] + distributions = product['Distributions'] + dist_url = distributions.get('English') or distributions.get('en') + try: + dist_path = replicate_url( + dist_url, root_dir=workdir, ignore_cache=ignore_cache) + except ReplicationError as err: + print('Could not replicate %s: %s' % (dist_url, err), + file=sys.stderr) + else: + dist_info = parse_dist(dist_path) + product_info[product_key]['DistributionPath'] = dist_path + product_info[product_key].update(dist_info) + if not product_info[product_key]['title']: + product_info[product_key]['title'] = dist_info.get('title_from_dist') + if not product_info[product_key]['version']: + product_info[product_key]['version'] = dist_info.get('VERSION') + + return product_info + + +def replicate_product(catalog, product_id, workdir, ignore_cache=False, product_title=""): + '''Downloads all the packages for a product''' + product = catalog['Products'][product_id] + for package in product.get('Packages', []): + # TO-DO: Check 'Size' attribute and make sure + # we have enough space on the target + # filesystem before attempting to download + if 'URL' in package: + try: + replicate_url( + package['URL'], root_dir=workdir, + show_progress=True, ignore_cache=ignore_cache, + attempt_resume=(not ignore_cache), installer=True, product_title=product_title) + except ReplicationError as err: + print('Could not replicate %s: %s' % (package['URL'], err), file=sys.stderr) + exit(-1) + if 'MetadataURL' in package: + try: + replicate_url(package['MetadataURL'], root_dir=workdir, + ignore_cache=ignore_cache, installer=True) + except ReplicationError as err: + print('Could not replicate %s: %s' % (package['MetadataURL'], err), file=sys.stderr) + exit(-1) + + +def find_installer_app(mountpoint): + '''Returns the path to the Install macOS app on the mountpoint''' + applications_dir = os.path.join(mountpoint, 'Applications') + for item in os.listdir(applications_dir): + if item.endswith('.app'): + return os.path.join(applications_dir, item) + return None + + +def determine_version(version, product_info): + if version: + if version == 'latest': + from distutils.version import StrictVersion + latest_version = StrictVersion('0.0.0') + for index, product_id in enumerate(product_info): + d = product_info[product_id]['version'] + if d > latest_version: + latest_version = d + + if latest_version == StrictVersion("0.0.0"): + print("Could not find latest version {}") + exit(1) + + version = str(latest_version) + + for index, product_id in enumerate(product_info): + v = product_info[product_id]['version'] + if v == version: + return product_id, product_info[product_id]['title'] + + print("Could not find version {}. Versions available are:".format(version)) + for _, pid in enumerate(product_info): + print("- {}".format(product_info[pid]['version'])) + + exit(1) + + # display a menu of choices (some seed catalogs have multiple installers) + print('%2s %12s %10s %11s %s' % ('#', 'ProductID', 'Version', + 'Post Date', 'Title')) + for index, product_id in enumerate(product_info): + print('%2s %12s %10s %11s %s' % ( + index + 1, + product_id, + product_info[product_id]['version'], + product_info[product_id]['PostDate'].strftime('%Y-%m-%d'), + product_info[product_id]['title'] + )) + + answer = input( + '\nChoose a product to download (1-%s): ' % len(product_info)) + try: + index = int(answer) - 1 + if index < 0: + raise ValueError + product_id = list(product_info.keys())[index] + return product_id, product_info[product_id]['title'] + except (ValueError, IndexError): + pass + + print('Invalid input provided.') + exit(0) + + +def main(): + '''Do the main thing here''' + """ + if os.getuid() != 0: + sys.exit('This command requires root (to install packages), so please ' + 'run again with sudo or as root.') + """ + parser = argparse.ArgumentParser() + parser.add_argument('--workdir', metavar='path_to_working_dir', + default='.', + help='Path to working directory on a volume with over ' + '10G of available space. Defaults to current working ' + 'directory.') + parser.add_argument('--version', metavar='version', + default=None, + help='The version to download in the format of ' + '"$major.$minor.$patch", e.g. "10.15.4". Can ' + 'be "latest" to download the latest version.') + parser.add_argument('--compress', action='store_true', + help='Output a read-only compressed disk image with ' + 'the Install macOS app at the root. This is now the ' + 'default. Use --raw to get a read-write sparse image ' + 'with the app in the Applications directory.') + parser.add_argument('--raw', action='store_true', + help='Output a read-write sparse image ' + 'with the app in the Applications directory. Requires ' + 'less available disk space and is faster.') + parser.add_argument('--ignore-cache', action='store_true', + help='Ignore any previously cached files.') + args = parser.parse_args() + + su_catalog_url = get_default_catalog() + if not su_catalog_url: + print('Could not find a default catalog url for this OS version.', file=sys.stderr) + exit(-1) + + # download sucatalog and look for products that are for macOS installers + catalog = download_and_parse_sucatalog( + su_catalog_url, args.workdir, ignore_cache=args.ignore_cache) + product_info = os_installer_product_info( + catalog, args.workdir, ignore_cache=args.ignore_cache) + + if not product_info: + print('No macOS installer products found in the sucatalog.', file=sys.stderr) + exit(-1) + + product_id, product_title = determine_version(args.version, product_info) + print(product_id, product_title) + + # download all the packages for the selected product + replicate_product(catalog, product_id, args.workdir, ignore_cache=args.ignore_cache, product_title=product_title) + + +if __name__ == '__main__': + main() diff --git a/glibc-linux4-2.33-4-x86_64.pkg.tar.zst b/glibc-linux4-2.33-4-x86_64.pkg.tar.zst new file mode 100644 index 0000000..d2f9914 Binary files /dev/null and b/glibc-linux4-2.33-4-x86_64.pkg.tar.zst differ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..e22b41d --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +appVersion: "0.0.1.0" +description: "Containerized OSX! Run OSX in a pod, headlessly, or with Xvfb. Test your Apps and master CI/CD processes." +name: docker-osx +version: 0.2.0 +keywords: +- docker-osx +- mac +- macos +- qemu +- cicd +- ios +- xnu +- darwin +- apple +- osx \ No newline at end of file diff --git a/helm/Dockerfile b/helm/Dockerfile new file mode 100644 index 0000000..55c0e52 --- /dev/null +++ b/helm/Dockerfile @@ -0,0 +1,72 @@ +#!/usr/bin/docker +# +# This Dockerfile is to be consumed with the docker_osx helm templates. It consumes the +# Ubuntu image so that OpenCore.qcow2 can be re-generated (which happens in Kube itself), +# not to mention that OSX-KVM was written for Ubuntu. This was not designed to be run in Docker +# by itself.. very well anyway. +# + +FROM ubuntu:21.04 + +SHELL ["/bin/bash", "-c"] + +# this has to match .Values.image.userName in helm template +ARG USER=ubuntu +# this installs the kvm linux kernel in the docker container so that OpenCore.qcow2 boot images +# can be built. +ARG DOCKER_KERNEL_VERSION=linux-image-kvm + +ENV TZ=America/Los_Angeles +ARG DEBIAN_FRONTEND=noninteractive + +RUN DEBCONF_FRONTEND=noninteractive apt update \ + && apt install \ + bridge-utils \ + fish \ + git wget \ + libguestfs-tools \ + libvirt-daemon-system \ + $DOCKER_KERNEL_VERSION \ + p7zip-full \ + qemu \ + sudo \ + uml-utilities \ + virt-manager \ + -y + +# Configure SSH +RUN apt install git vim nano alsa-utils openssh-server -y + +# Create user and grant sudo privledges +RUN adduser --disabled-password \ + --gecos '' $USER \ + && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \ + && chmod 0440 /etc/sudoers.d/$USER + +# Configure VNC for user +RUN apt install \ + dbus-x11 \ + openbox \ + tigervnc-common \ + tigervnc-standalone-server \ + xfce4 \ + xfce4-goodies \ + x11-xserver-utils \ + xdotool \ + xorg \ + xterm \ + ufw \ + -y + +USER $USER + +# only create ~/.vnc as helm will build out ~/.vnc/config +RUN mkdir -p ${HOME}/.vnc + +RUN git clone --depth 1 https://github.com/kholia/OSX-KVM.git /home/$USER/OSX-KVM + +VOLUME ["/tmp/.X11-unix"] + +WORKDIR /home/$USER/OSX-KVM +# helm will build out ./Launch_custom.sh +CMD envsubst < ./Launch_custom.sh | bash diff --git a/helm/INSTALL-QEMU-AND-GPU-IOMMU.md b/helm/INSTALL-QEMU-AND-GPU-IOMMU.md new file mode 100644 index 0000000..2b2fd50 --- /dev/null +++ b/helm/INSTALL-QEMU-AND-GPU-IOMMU.md @@ -0,0 +1,283 @@ +# Install macOS Docker Virtualization +## Setup +This walks through setting up QEMU virtualization for running macOS in Docker & Kubernetes + +Please note, this guide assumes the host operation system is running Centos 7 (or ClearOS 7 more specifically). These commands can mostly be transferred to other distros, but there are a few areas that need commands (i.e. updating ) + +### Host configuration + +## Build QEMU and libvirt from source + +Since there is no official QEMU 5.X repo it appears, build from source. + +### QEMU Requirements + +Python, glib2-devel, and pixman + +``` +sudo yum install python glib2-devel cairo-devel -y +``` + +Ninja + +``` +pip3 install ninja +``` + +### Build QEMU from source steps + +Clone the offical QEMU repo and build from source: + +``` +git clone git://git.qemu-project.org/qemu.git +cd qemu +mkdir -p bin/debug/native +cd bin/debug/native +../../../configure --enable-debug +make -j24 +make install +``` + +_Note: adjust make to use the desired number of threads avaliable on your system_ + +### libvirt Requirements + +Configure repo: + +``` +yum-config-manager --nogpgcheck --add-repo http://mirror.centos.org/centos/7/virt/x86_64/libvirt-latest/ +``` + +### Install libvirt + +``` +yum install libvirt -y +``` + +### Update permissions + +``` +chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm +usermod -a -G kvm root +``` + +_Note: these may not be required_ + +### Verification + +Ensure latest version installed + +``` +virsh -c qemu:///system version --daemon +``` + +* For example, should output something like: + + ``` + [root@server repos]# virsh -c qemu:///system version --daemon + Compiled against library: libvirt 5.0.0 + Using library: libvirt 5.0.0 + Using API: QEMU 5.0.0 + Running hypervisor: QEMU 5.2.50 + Running against daemon: 5.0.0 + ``` + +## Install IMMO for GPU passthrough + +1. Modify GRUB boot args: + + Add the following to `/etc/default/grub` to the end of the `GRUB_CMDLINE_LINUX` parameter: + + ``` + GRUB_CMDLINE_LINUX="... iommu=pt intel_iommu=on" + ``` + +1. Update GRUB2: + + ``` + grub2-mkconfig -o /boot/efi/EFI/clearos/grub.cfg + ``` + + _Note: this command may vary based on location of the grub.cfg for the boot entry_ + +1. Reboot system + +1. Ensure that the kernel parameter changes worked: + + ``` + cat /proc/cmdline + ``` + +1. Find GPU hardware ids with `lspci` + + Example: + ``` + lspci -nn | grep -i nvidia + ``` + +1. Add the hardware ids to `/etc/modprobe.d/vfio.conf` + + Example: + ``` + options vfio-pci ids=10de:1b81,10de:10f0 + ``` + + _Note: this is for the NVIDIA GTX 1070_ + +1. Enable `vfio-pci` + + ``` + echo 'vfio-pci' > /etc/modules-load.d/vfio-pci.conf + ``` + + Make backup and rebuild `initramfs`: + + ``` + cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak + dracut -f + ``` + + _Note: `dracut -f` may take awhile.._ + +1. Increase ulimits + + _This is done to avoid memory issues like `VFIO_MAP_DMA: -12` and etc_ + + Append the following to `/etc/security/limits.conf`: + + ``` + @kvm soft memlock unlimited + @kvm hard memlock unlimited + ``` + + Append the following to `/etc/docker/daemon.json`: + + ``` + { + "default-ulimits": { + "nofile": { + "name": "nofile", + "hard": 65536, + "soft": 1024 + }, + "memlock": + { + "name": "memlock", + "soft": -1, + "hard": -1 + } + } + } + ``` + + Add `LimitMEMLOCK` to `/etc/systemd/system/multi-user.target.wants/libvirtd.service` like: + + ``` + [Unit] + Description=Virtualization daemon + ... + + [Service] + ... + LimitMEMLOCK=infinity + ``` + +1. Reload systemd after changing config + + ``` + systemctl daemon-reload + ``` + +1. Reboot system + +1. Ensure that `vfio` worked + + ``` + dmesg | grep -i vfio + ``` + +# Issues + +Many issues can rise up as a result of adding the complexity layers involved here. Some of the main areas are improperly loading the `vfio-pci` driver for the GPU and permission issues. + +## Modules for vfio not loading + +When `vfio` does not load, errors such as the following can be seen: + +``` +error getting device from group *: No such device +Verify all devices in group * are bound to vfio- or pci-stub and not already in use +``` + +This can show up when `vfio-pci` driver is not loaded for the peripheral. Ensure that `vfio-pci` is loaded. + +``` +dmesg | grep -i vfio +``` + +If so, explicitly tell `vfio` modules to start + +``` +echo 'vfio +vfio_iommu_type1 +vfio_pci +vfio_virqfd' > /etc/modules +``` + +Make backup and rebuild `initramfs`: + +``` +cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak +dracut -f +``` + +_Note: `dracut -f` may take awhile.._ + +Do a system reboot + +After rebooting, check on the gpu with `lspci` utilizing your gpu hardware id: + +I.E. + +``` +[root@server docker-docker-osx]# lspci -vvv -s 09:00.0 +09:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] (rev c7) (prog-if 00 [VGA controller]) + Subsystem: Advanced Micro Devices, Inc. [AMD/ATI] Radeon RX 480 + Physical Slot: 5 + Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx- + Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- `. If permission errors are seen, try the following commands: + +``` +chmod 660 -R /dev/kvm && chown 1000:1000 /dev/kvm +chmod 777 -R /dev/vfio && chown 1000:1000 -R /dev/vfio +``` + +# References + +https://gist.github.com/dghubble/c2dc319249b156db06aff1d49c15272e + +`Configure IOMMU and vfio` +https://www.server-world.info/en/note?os=CentOS_7&p=kvm&f=10 + +`Configuring GPU driver with vfio-pci binding` +https://github.com/intel/nemu/wiki/Testing-VFIO-with-GPU + +`IOMMU Interrupt Mapping` +https://pve.proxmox.com/wiki/Pci_passthrough#IOMMU_Interrupt_Remapping + +`Manual Graphics Driver Binding` +https://lwn.net/Articles/143397/ + +`QEMU Stdio Example` +https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04521.html \ No newline at end of file diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 0000000..da53b23 --- /dev/null +++ b/helm/README.md @@ -0,0 +1,87 @@ +# docker-osx + +Docker-OSX Helm Chart for Kubernetes. + +Project page: https://github.com/sickcodes/docker-osx + +Available now on Artifact HUB +[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx) + +## Information + +This installs `docker-osx` in Kubernetes. + +## Features + +### What works +1) Setting cpu/memory options +1) Setting VNC password +1) Persistance +1) Setting SMBIOS +1) QEMU/virtio cpu/software gpu changes +1) Toggling Audio +1) Additional port forwarding +1) Kubernetes resource requests/limits +1) Defining version of macOS to install +1) Defining install partition size +1) Defining a different version of macOS +1) Additional QEMU parameters +1) GPU support + +### What doesn't +1) Simultaneous VNC + GPU IOMMU (this is a limitation of QEMU :( unfortunately) + +## Requirements + +* Install [host machine requirements](#INSTALL-QEMU-AND-GPU-IOMMU.md) + * Ensure you are running QEMU 5.X +* Kubernetes +* Helm v2 +* `sickcodes/docker-osx-vnc` Docker image + +### Build `sickcodes/docker-osx-vnc` + +1) Go back to the root directory +1) Build docker image + + ``` + docker build \ + -t sickcodes/docker-osx-vnc:latest \ + -f helm/Dockerfile . + ``` + + _Please ensure you are using the Dockerfile in the `helm` folder_ + +_Do not worry about passing `CPU`, `RAM`, etc as they are handled in `values.yaml` now._ + +### Installation + +If planning on using a GPU with IOMMU passthrough it is recommended to configure it first and install macOS--otherwise installing may take a very long time depending on your hardware. Please see `qemu.systemInstaller.downloadDelay`, `qemu.systemInstaller.cache`, `qemu.systemDisk.downloadDelay`, and `qemu.systemDisk.cache` for possibly reducing installation time. It has taken me over three hours to install on some occasions with a NVMe secondary disk without GPU passthrough configured.. + +In `values.yaml`.. + +1) Set a unique password for `vnc.password`. +1) Re-generate SMBIOS `configPlist.MLB`, `configPlist.SystemSerialNumber`, and `configPlist.SystemUUID` for iServices to work. +1) Update `serverName` to reflect the unique name (in the case more than one deployment is required). +1) Configure `qemu.systemInstaller.downloadDelay` (in a period of seconds) that reflects how long your internet connection will download + around 500MB (BaseSystem.dmg) + uncompress the file (which took about the same time for me to download on a 1gig internet connection). +1) Set `service.ip` to reflect an IP address of your choice, or use ingress. +1) Update `extraVolumes.hostPath.path` to something useful for you. + +Optionally.. +1) Install kexts to `kexts.path` and enable. +1) Adjust `openCore.boot.timeout` if desire for macOS to load automatically. +1) Add usb devices with `qemu.usb` or `qemu.extraArgs` if desired. +1) Add more ports for portforwarding services if needed. + +Afterwards.. + +1) Launch your VNC viewer of choice and connect to the IP/hostname you defined + the port `8888` with the password specified + for `vnc.password`. +1) Install macOS like usual. + +_Please note, after you have installed macOS feel free to set `qemu.systemInstaller.downloadDelay` to nothing, as BaseSystem.dmg will be stored in the path defined for `extraVolumes.hostPath.path`_ + +#### Resources + +Please note, resource limits may vary based on hardware. The ones currently defined are ones that worked for me personally. diff --git a/helm/artifacthub-repo.yml b/helm/artifacthub-repo.yml new file mode 100644 index 0000000..1da78a2 --- /dev/null +++ b/helm/artifacthub-repo.yml @@ -0,0 +1,5 @@ +# Artifact Hub repository metadata file +repositoryID: 7b2e9eeb-620a-43e8-b2cc-24ca33125bfc +owners: # (optional, used to claim repository ownership) + - name: sickcodes + email: info@sick.codes diff --git a/helm/docker-osx-0.2.0.tgz b/helm/docker-osx-0.2.0.tgz new file mode 100644 index 0000000..897ef02 Binary files /dev/null and b/helm/docker-osx-0.2.0.tgz differ diff --git a/helm/helm-chart-generate.sh b/helm/helm-chart-generate.sh new file mode 100755 index 0000000..14c4610 --- /dev/null +++ b/helm/helm-chart-generate.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +# Author: sick.codes +# License: GPLv3+ +# Repo: https://github.com/sickcodes/Docker-OSX/ +# cd ../helm + +rm -f docker-osx-*.tgz +helm package . +helm repo index . --url https://sickcodes.github.io/Docker-OSX/helm/ diff --git a/helm/index.yaml b/helm/index.yaml new file mode 100644 index 0000000..61f5ddf --- /dev/null +++ b/helm/index.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +entries: + docker-osx: + - apiVersion: v1 + appVersion: 0.0.1.0 + created: "2021-02-27T04:15:48.784861502Z" + description: Containerized OSX! Run OSX in a pod, headlessly, or with Xvfb. Test your Apps and master CI/CD processes. + digest: 5a62a9291b1494b9cfaa0708ab7bab9d13cca30adbeaced3d29a5bb6935caac9 + keywords: + - docker-osx + - mac + - macos + - qemu + - cicd + - ios + - xnu + - darwin + - apple + - osx + name: docker-osx + urls: + - https://sickcodes.github.io/Docker-OSX/helm/docker-osx-0.2.0.tgz + version: 0.2.0 +generated: "2021-02-27T04:15:48.782073839Z" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000..d4a1b13 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "docker-osx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "docker-osx.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "docker-osx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml new file mode 100644 index 0000000..c00d13d --- /dev/null +++ b/helm/templates/configmap.yaml @@ -0,0 +1,1299 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "docker-osx.fullname" . }}-boot-components +data: + config.plist: |- + + + + + ACPI + + Add + + + Comment + add DTGP method + Enabled + + Path + SSDT-DTGP.aml + + + Comment + Fake EC and USBX Power + Enåabled + + Path + SSDT-EC.aml + + + Comment + USB 2.0 Injection + Enabled + + Path + SSDT-EHCI.aml + + + Comment + CPU AGPM Plugin=1 + Enabled + + Path + SSDT-PLUG.aml + + + Delete + + + All + + Comment + Delete CpuPm + Enabled + + OemTableId + Q3B1UG0AAAA= + TableLength + 0 + TableSignature + U1NEVA== + + + All + + Comment + Delete Cpu0Ist + Enabled + + OemTableId + Q3B1MElzdAA= + TableLength + 0 + TableSignature + U1NEVA== + + + Patch + + + Comment + _Q11 to XQ11 + Count + 1 + Enabled + + Find + X1ExMQ== + Limit + 0 + Mask + + OemTableId + + Replace + WFExMQ== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Comment + _Q12 to XQ12 + Count + 1 + Enabled + + Find + X1ExMg== + Limit + 0 + Mask + + OemTableId + + Replace + WFExMg== + ReplaceMask + + Skip + 0 + TableLength + 0 + TableSignature + + + + Quirks + + FadtEnableReset + + NormalizeHeaders + + RebaseRegions + + ResetHwSig + + ResetLogoStatus + + + + Booter + + MmioWhitelist + + Quirks + + AvoidRuntimeDefrag + + DevirtualiseMmio + + DisableSingleUser + + DisableVariableWrite + + DiscardHibernateMap + + EnableSafeModeSlide + + EnableWriteUnprotector + + ForceExitBootServices + + ProtectMemoryRegions + + ProtectSecureBoot + + ProtectUefiServices + + ProvideCustomSlide + + ProvideMaxSlide + 0 + RebuildAppleMemoryMap + + SetupVirtualMap + + SignalAppleOS + + SyncRuntimePermissions + + + + DeviceProperties + + Add + + PciRoot(0x1)/Pci(0x1F,0x0) + + compatible + pci8086,2916 + device-id + + FikA + + name + pci8086,2916 + + + Delete + + PciRoot(0x0)/Pci(0x1b,0x0) + + MaximumBootBeepVolume + + + + Kernel + + Add + + {{- if .Values.qemu.hardwareGpu.enabled }} + + BundlePath + mXHCD.kext + Comment + Hello There + Enabled + + ExecutablePath + Contents/MacOS/mXHCD + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + {{- end }} + + Arch + x86_64 + BundlePath + VoodooHDA.kext + Comment + Patch engine + {{- if .Values.qemu.audio.enabled }} + Enabled + {{- else -}} + Disabled + {{- end }} + + ExecutablePath + Contents/MacOS/VoodooHDA + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + Lilu.kext + Comment + Patch engine + Enabled + + ExecutablePath + Contents/MacOS/Lilu + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + VirtualSMC.kext + Comment + SMC emulator + Enabled + + ExecutablePath + Contents/MacOS/VirtualSMC + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + WhateverGreen.kext + Comment + Video patches + Enabled + + ExecutablePath + Contents/MacOS/WhateverGreen + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + AppleALC.kext + Comment + Audio patches + Enabled + + ExecutablePath + Contents/MacOS/AppleALC + MaxKernel + + MinKernel + 12.0.0 + PlistPath + Contents/Info.plist + + + BundlePath + AGPMInjector.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + BundlePath + USBPorts.kext + Comment + + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + + PlistPath + Contents/Info.plist + + + Arch + x86_64 + BundlePath + MCEReporterDisabler.kext + Comment + AppleMCEReporter disabler + Enabled + + ExecutablePath + + MaxKernel + + MinKernel + 19.0.0 + PlistPath + Contents/Info.plist + + {{- if .Values.macos.kexts.add }} + {{- range .Values.macos.kexts.kextsToAdd }} + + Arch + Any + BundlePath + {{ .name }} + Comment + + Enabled + + ExecutablePath + {{ .executablePath }} + MaxKernel + + MinKernel + + PlistPath + {{ .plistPath }} + + {{- end }} + {{- end }} + + Block + + + Arch + Any + Comment + + Enabled + + Identifier + com.apple.driver.AppleTyMCEDriver + MaxKernel + + MinKernel + + + + Emulate + + {{- if .Values.qemu.hardwareGpu.enabled }} + Cpuid1Data + + VwYFAAAAAAAAAAAAAAAAAA== + + Cpuid1Mask + + /////wAAAAAAAAAAAAAAAA== + + {{- else -}} + Cpuid1Data + + VAYFAAAAAAAAAAAAAAAAAA== + + Cpuid1Mask + + ////AAAAAAAAAAAAAAAAAA== + + {{- end }} + + Force + + {{- if .Values.qemu.hardwareGpu.enabled }} + + Base + + Comment + algrey - cpuid_set_generic_info - disable check to allow leaf7 + Count + 1 + Enabled + + Find + ADoPgg== + Identifier + kernel + Limit + 0 + Mask + + MaxKernel + 19.99.99 + MinKernel + 17.0.0 + Replace + AAAPgg== + ReplaceMask + + Skip + 0 + + {{- else -}} + + Arch + Any + BundlePath + System/Library/Extensions/IONetworkingFamily.kext + Comment + Patch engine + Enabled + + Identifier + com.apple.iokit.IONetworkingFamily + ExecutablePath + Contents/MacOS/IONetworkingFamily + MaxKernel + 13.99.99 + MinKernel + + PlistPath + Contents/Info.plist + + {{- end }} + + Patch + + {{- if .Values.qemu.hardwareGpu.enabled }} + + Base + _cpu_topology_sort + Comment + algrey - cpu_topology_sort -disable _x86_validate_topology + Count + 1 + Enabled + + Find + 6AAA//8= + Identifier + kernel + Limit + 0 + Mask + /wAA//8= + MaxKernel + 19.99.99 + MinKernel + 17.0.0 + Replace + Dx9EAAA= + ReplaceMask + + Skip + 0 + + {{- else -}} + + Base + _cpu_topology_sort + Comment + algrey - cpu_topology_sort -disable _x86_validate_topology + Count + 1 + Enabled + + Find + + 6AAA//8= + + Identifier + kernel + Limit + 0 + Mask + + /wAA//8= + + MaxKernel + 20.99.99 + MinKernel + 17.0.0 + Replace + + Dx9EAAA= + + ReplaceMask + + + Skip + 0 + + {{- end }} + + Base + + Comment + algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN + Count + 1 + Enabled + + {{- if .Values.qemu.hardwareGpu.enabled }} + Find + + MduAPQAAAAAGdQA= + + Identifier + kernel + Limit + 0 + Mask + + /////wAAAP///wA= + + {{- else -}} + Find + + MduAPQAAAAAGdQA= + + Identifier + kernel + Limit + 0 + Mask + + /////wAAAP///wA= + + {{- end }} + MaxKernel + 20.99.99 + MinKernel + 17.0.0 + Replace + + u7xP6njpXQAAAJA= + + ReplaceMask + + + Skip + 0 + + {{- if .Values.qemu.hardwareGpu.enabled }} + + Base + + Comment + algrey - - skip cpuid_cores_per_package test -10.15 + Count + 0 + Enabled + + Find + gz0AAAAAAA8AAAAAAItdvA== + Identifier + kernel + Limit + 0 + Mask + //8AAAD///8AAAAA/////w== + MaxKernel + 19.99.99 + MinKernel + 19.0.0 + Replace + AAAAAAAAAQAAAAAAAAAAAA== + ReplaceMask + AAAAAAAADwAAAAAAAAAAAA== + Skip + 0 + + + Base + + Comment + algrey - - skip cpuid_cores_per_package test + Count + 0 + Enabled + + Find + gz0AAAAAAHQAi128 + Identifier + kernel + Limit + 0 + Mask + //8AAAD///8A//// + MaxKernel + 18.99.99 + MinKernel + 17.0.0 + Replace + AAAAAAAAAQAAAAAA + ReplaceMask + AAAAAAAADwAAAAAA + Skip + 0 + + {{- end }} + + Quirks + + AppleCpuPmCfgLock + + AppleXcpmCfgLock + + AppleXcpmExtraMsrs + + AppleXcpmForceBoost + + CustomSMBIOSGuid + + DisableIoMapper + + DisableLinkeditJettison + + DisableRtcChecksum + + DummyPowerManagement + + ExternalDiskIcons + + IncreasePciBarSize + + LapicKernelPanic + + PanicNoKextDump + + PowerTimeoutKernelPanic + + ThirdPartyDrives + + XhciPortLimit + + + Scheme + {{- if not .Values.qemu.hardwareGpu.enabled }} + + FuzzyMatch + + KernelArch + x86_64 + KernelCache + Auto + + {{- end }} + + Misc + + BlessOverride + + Boot + + ConsoleAttributes + 0 + HibernateMode + Auto + HideAuxiliary + + PickerAttributes + 1 + PickerVariant + Modern + PickerAudioAssist + + PickerMode + External + PollAppleHotKeys + + ShowPicker + + TakeoffDelay + 0 + Timeout + {{ .Values.macos.openCore.boot.timeout }} + + Debug + + AppleDebug + + ApplePanic + + DisableWatchDog + + DisplayDelay + 0 + DisplayLevel + 2147483650 + SerialInit + + SysReport + + Target + 3 + + Entries + + Security + + AllowNvramReset + + AllowSetDefault + + ApECID + 0 + AuthRestart + + BootProtect + None + DmgLoading + Signed + EnablePassword + + ExposeSensitiveData + 6 + HaltLevel + 2147483648 + PasswordHash + + PasswordSalt + + ScanPolicy + 0 + SecureBootModel + Disabled + Vault + Optional + + Tools + + + Arguments + + Auxiliary + + Comment + Not signed for security reasons + Enabled + + Name + UEFI Shell + Path + OpenShell.efi + + + Arguments + Shutdown + Auxiliary + + Comment + Perform shutdown + Enabled + + Name + Shutdown + Path + ResetSystem.efi + + + + NVRAM + + Add + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + DefaultBackgroundColor + AAAAAA== + UIScale + AQ== + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + SystemAudioVolume + Rg== + boot-args + {{ .Values.macos.configPlist.bootArgs }} + run-efi-updater + No + csr-active-config + ZwAAAA== + prev-lang:kbd + ZW4tVVM6MA== + + + Delete + + 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14 + + UIScale + DefaultBackgroundColor + + 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102 + + rtc-blacklist + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + boot-args + + + LegacyEnable + + LegacyOverwrite + + LegacySchema + + 7C436110-AB2A-4BBB-A880-FE41995C9F82 + + EFILoginHiDPI + EFIBluetoothDelay + LocationServicesEnabled + SystemAudioVolume + SystemAudioVolumeDB + SystemAudioVolumeSaved + bluetoothActiveControllerInfo + bluetoothInternalControllerInfo + flagstate + fmm-computer-name + nvda_drv + prev-lang:kbd + + 8BE4DF61-93CA-11D2-AA0D-00E098032B8C + + Boot0080 + Boot0081 + Boot0082 + BootNext + BootOrder + + + WriteFlash + + + PlatformInfo + + Automatic + + Generic + + AdviseWindows + + MLB + {{ .Values.macos.configPlist.MLB }} + ROM + + m7zhIYfl + + SpoofVendor + + SystemProductName + {{ .Values.macos.configPlist.SystemProductName }} + SystemSerialNumber + {{ .Values.macos.configPlist.SystemSerialNumber }} + SystemUUID + {{ .Values.macos.configPlist.SystemUUID }} + + UpdateDataHub + + UpdateNVRAM + + UpdateSMBIOS + + UpdateSMBIOSMode + Create + + UEFI + + APFS + + EnableJumpstart + + GlobalConnect + + HideVerbose + + JumpstartHotPlug + + MinDate + -1 + MinVersion + -1 + + Audio + + AudioCodec + 0 + AudioDevice + PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1) + AudioOut + 0 + AudioSupport + + MinimumVolume + 20 + PlayChime + + VolumeAmplifier + 0 + + ConnectDrivers + + Drivers + + VBoxHfs.efi + OpenRuntime.efi + OpenCanopy.efi + #AudioDxe.efi + #OpenUsbKbDxe.efi + #UsbMouseDxe.efi + #Ps2KeyboardDxe.efi + #Ps2MouseDxe.efi + #HiiDatabase.efi + #NvmExpressDxe.efi + #XhciDxe.efi + #ExFatDxe.efi + #PartitionDxe.efi + #CrScreenshotDxe.efi + + Input + + KeyFiltering + + KeyForgetThreshold + 5 + KeyMergeThreshold + 2 + KeySupport + + KeySupportMode + Auto + KeySwap + + PointerSupport + + PointerSupportMode + ASUS + TimerResolution + 50000 + + Output + + ClearScreenOnModeSwitch + + ConsoleMode + + DirectGopRendering + + IgnoreTextInGraphics + + ProvideConsoleGop + + ReconnectOnResChange + + ReplaceTabWithSpace + + Resolution + {{ .Values.vnc.resolution }} + SanitiseClearScreen + + TextRenderer + BuiltinGraphics + UgaPassThrough + + + ProtocolOverrides + + AppleAudio + + AppleBootPolicy + + AppleDebugLog + + AppleEvent + + AppleFramebufferInfo + + AppleImageConversion + + AppleImg4Verification + + AppleKeyMap + + AppleRtcRam + + AppleSecureBoot + + AppleSmcIo + + AppleUserInterfaceTheme + + DataHub + + DeviceProperties + + FirmwareVolume + + HashServices + + OSInfo + + UnicodeCollation + + + Quirks + + DeduplicateBootOrder + + ExitBootServicesDelay + 0 + IgnoreInvalidFlexRatio + + ReleaseUsbOwnership + + RequestBootVarRouting + + TscSyncTimeout + 0 + UnblockFsConnect + + + + + + Launch_custom.sh: |- + #/bin/sh + + # Add extra kexts to EFI/OC/kexts + {{- if .Values.macos.kexts.add }} + {{- range .Values.macos.kexts.kextsToAdd }} + {{- $rangeItem := . -}} + {{- with $ }} + echo 'Installing kext {{ $rangeItem.name }}..' + cp -r "{{ .Values.macos.kexts.path }}/{{ $rangeItem.name }}" /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/ + sudo chmod 755 /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/EFI/OC/Kexts/{{ $rangeItem.name }} + {{- end }} + {{- end }} + {{- end }} + + # Rebuild Opencore.qcow2 after making changes to config.plist and etc.. + {{- if .Values.macos.openCore.rebuild }} + echo 'Building new Opencore.qcow2..' + pushd OpenCore-Catalina/ + mkdir -p EFI/OC/Resources + rm -f OpenCore.qcow2 + sudo ./opencore-image-ng.sh \ + --cfg config.plist \ + --img OpenCore.qcow2 + sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} OpenCore.qcow2 + popd + {{- end }} + + if ! [ -d "{{ .Values.macos.installerSettings.path }}" ]; then + mkdir -p {{ .Values.macos.installerSettings.path }} + fi + + if ! [ -d "/system_image/{{ .Values.serverName }}" ]; then + mkdir -p "/system_image/{{ .Values.serverName }}" + fi + + # Download and build installer image if no system drive found.. + if ! [ -f "{{ .Values.macos.installerSettings.path }}/BaseSystem{{ .Values.macos.installerSettings.version }}.img" ]; then + echo "Downloading {{ .Values.macos.installerSettings.version }} base image.." + python fetch-macOS.py --version {{ .Values.macos.installerSettings.version }} + echo 'Converting downloaded BaseSystem.dmg into BaseSystem{{ .Values.macos.installerSettings.version }}.img and saving in {{ .Values.qemu.systemInstaller.path }}' + qemu-img convert BaseSystem.dmg -O qcow2 -p -c {{ .Values.macos.installerSettings.path }}/BaseSystem{{ .Values.qemu.systemInstaller.version }}.img + rm -f BaseSystem.dmg + else + echo 'Base Image downloaded and converted into img already..' + fi + + if ! [ -f "/system_image/{{ .Values.serverName }}/mac_hdd_ng.img" ]; then + echo "Creating a {{ .Values.qemu.systemDisk.size }} /system_image/{{ .Values.serverName }}/mac_hdd_ng.img for system partition.." + qemu-img create -f qcow2 /system_image/{{ .Values.serverName }}/mac_hdd_ng.img "{{ .Values.qemu.systemDisk.size }}" + echo 'Finished creating system partition!' + else + echo 'Image already created. Skipping creation..' + fi + + # # Fix permissions on usb devices.. + # {{- if .Values.qemu.usb }} + # {{- range .Values.qemu.usb }} + # echo "Updating permissions to r/w for /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4).." + # sudo chmod 666 /dev/bus/usb/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Bus.{0,4}' | tail -c 4)/$(lsusb | grep {{ .vendorId}}:{{ .productId }} | grep -o -P 'Device.{0,4}' | tail -c 4) + # {{- end }} + # {{- end }} + + # Start VNC.. + {{- if .Values.vnc.enabled }} + echo 'geometry={{ .Values.vnc.resolution }} + localhost + alwaysshared' > ~/.vnc/config + + sudo rm -f /tmp/.X99-lock + export DISPLAY=:99 + vncpasswd -f < vncpasswd_file > ${HOME}/.vnc/passwd + /usr/bin/Xvnc -geometry {{ .Values.vnc.resolution }} -rfbauth "${HOME}/.vnc/passwd" :99 &\ + sudo chmod 600 ~/.vnc/passwd + {{- end }} + + sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} /dev/kvm + {{- if .Values.qemu.hardwareGpu.enabled }} + sudo chown {{ .Values.image.userName }}:{{ .Values.image.userName }} -R /dev/vfio + {{- end }} + + # Start QEMU.. + echo 'Starting QEMU..' + set -eu + sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true + sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true + exec qemu-system-x86_64 -m {{ .Values.resources.requests.memory | trimSuffix "i" }} \ + -cpu {{ .Values.qemu.cpu }} \ + -machine q35,accel=kvm:tcg \ + {{- if .Values.qemu.hardwareGpu.enabled }} + -device pcie-root-port,bus=pcie.0,multifunction=on,port=1,chassis=1,id=port.1 \ + {{- if .Values.qemu.hardwareGpu.romfile }} + -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,bus=port.1,multifunction=on,romfile={{ .Values.qemu.hardwareGpu.romfile}} \ + {{- else -}} + -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.0,multifunction=on \ + {{- end }} + -device vfio-pci,host={{ .Values.qemu.hardwareGpu.hardwareId }}.1,bus=port.1 \ + {{- else -}} + -vga {{ .Values.qemu.softwareGpu }} \ + {{- end }} + -smp {{ .Values.resources.requests.cpu }},cores={{ .Values.resources.requests.cpu }} \ + {{- if .Values.vnc.enabled }} + -usb -device usb-kbd -device usb-tablet \ + {{- else -}} + -vga none \ + -display none \ + {{- end }} + -device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \ + -drive if=pflash,format=raw,readonly,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_CODE.fd \ + -drive if=pflash,format=raw,file=/home/{{ .Values.image.userName }}/OSX-KVM/OVMF_VARS-1024x768.fd \ + -smbios type=2 \ + {{- if .Values.qemu.audio.enabled }} + -audiodev {{ .Values.qemu.audio.driver }},id=hda \ + -device ich9-intel-hda \ + -device hda-duplex,audiodev=hda \ + {{- end }} + -device ich9-ahci,id=sata \ + -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \ + -device ide-hd,bus=sata.2,drive=OpenCoreBoot \ + {{- if .Values.qemu.systemInstaller.enabled }} + -device ide-hd,bus=sata.3,drive=InstallMedia \ + -drive id=InstallMedia,if=none,file={{ .Values.macos.installerSettings.path }}/BaseSystem{{ .Values.macos.installerSettings.version }}.img,format=qcow2 \ + {{- end }} + -drive id=MacHDD,if=none,file=/system_image/{{ .Values.serverName }}/mac_hdd_ng.img,format=qcow2 \ + -device ide-hd,bus=sata.4,drive=MacHDD \ + -netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,{{ .Values.qemu.netdev.extraPortForwarding }} \ + -device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:09:49:17 \ + {{- range .Values.qemu.usb }} + -usb -device usb-host,productid=0x{{ .productId }},vendorid=0x{{ .vendorId }} \ + {{- end }} + {{- range .Values.qemu.extraArgs }} + {{ . }} \ + {{- end }} + ${EXTRA:-} + vncpasswd_file: |- + {{ .Values.vnc.password }} + limits.conf: |- + #This file sets the resource limits for the users logged in via PAM. + #It does not affect resource limits of the system services. + # + #Also note that configuration files in /etc/security/limits.d directory, + #which are read in alphabetical order, override the settings in this + #file in case the domain is the same or more specific. + #That means, for example, that setting a limit for wildcard domain here + #can be overriden with a wildcard setting in a config file in the + #subdirectory, but a user specific setting here can be overriden only + #with a user specific setting in the subdirectory. + # + #Each line describes a limit for a user in the form: + # + # + # + #Where: + # can be: + # - a user name + # - a group name, with @group syntax + # - the wildcard *, for default entry + # - the wildcard %, can be also used with %group syntax, + # for maxlogin limit + # + # can have the two values: + # - "soft" for enforcing the soft limits + # - "hard" for enforcing hard limits + # + # can be one of the following: + # - core - limits the core file size (KB) + # - data - max data size (KB) + # - fsize - maximum filesize (KB) + # - memlock - max locked-in-memory address space (KB) + # - nofile - max number of open file descriptors + # - rss - max resident set size (KB) + # - stack - max stack size (KB) + # - cpu - max CPU time (MIN) + # - nproc - max number of processes + # - as - address space limit (KB) + # - maxlogins - max number of logins for this user + # - maxsyslogins - max number of logins on the system + # - priority - the priority to run user process with + # - locks - max number of file locks the user can hold + # - sigpending - max number of pending signals + # - msgqueue - max memory used by POSIX message queues (bytes) + # - nice - max nice priority allowed to raise to values: [-20, 19] + # - rtprio - max realtime priority + # + # + # + + #* soft core 0 + #* hard rss 10000 + #@student hard nproc 20 + #@faculty soft nproc 20 + #@faculty hard nproc 50 + #ftp hard nproc 0 + #@student - maxlogins 4 + @{{ .Values.image.userName }} soft memlock unlimited + @{{ .Values.image.userName }} hard memlock unlimited + + # End of file diff --git a/helm/templates/data-pvc.yaml b/helm/templates/data-pvc.yaml new file mode 100644 index 0000000..b637eb6 --- /dev/null +++ b/helm/templates/data-pvc.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.persistence.data.enabled (not .Values.persistence.data.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "docker-osx.fullname" . }}-config + labels: + app: {{ template "docker-osx.name" . }} + chart: {{ template "docker-osx.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + - {{ .Values.persistence.config.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.config.size | quote }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000..4062414 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "docker-osx.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "docker-osx.name" . }} + helm.sh/chart: {{ include "docker-osx.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "docker-osx.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "docker-osx.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: true + readOnlyRootFilesystem: false + privileged: true + capabilities: + add: + - net_raw + - NET_ADMIN + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + tcpSocket: + port: http + {{- if .Values.qemu.systemInstaller.downloadDelay }} + initialDelaySeconds: {{ .Values.qemu.systemInstaller.downloadDelay }} + {{- end }} + readinessProbe: + tcpSocket: + port: http + {{- if .Values.qemu.systemInstaller.downloadDelay }} + initialDelaySeconds: {{ .Values.qemu.systemInstaller.downloadDelay }} + {{- end }} + env: + - name: CORES + value: "{{ .Values.resources.requests.cpu }}" + - name: SMP + value: "{{ .Values.resources.requests.cpu }}" + - name: RAM + value: "{{ .Values.resources.requests.memory | trimSuffix "Mi" }}" + - name: TZ + value: "{{ .Values.tz }}" + - name: DISPLAY + value: ':0.0' + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/OpenCore-Catalina/config.plist + subPath: config.plist + name: boot-components + - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/Launch_custom.sh + subPath: Launch_custom.sh + name: boot-components + - mountPath: /home/{{ .Values.image.userName }}/OSX-KVM/vncpasswd_file + subPath: vncpasswd_file + name: boot-components + - mountPath: /dev/kvm + name: kvm + - mountPath: /dev/net/tun + name: tun + {{- if .Values.qemu.hardwareGpu.enabled }} + - mountPath: /etc/security/limits.conf + subPath: limits.conf + name: boot-components + - mountPath: /dev/vfio/vfio + name: vfio + - mountPath: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }} + name: vfio-group + - mountPath: /lib/modules + name: lib-modules + {{- end }} + - mountPath: /dev/snd + name: snd + - mountPath: /tmp/.X11-unix + name: x11 + {{- if .Values.persistence.data.enabled }} + - name: data + mountPath: /mnt/data + {{- end }} + {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }}{{ end }} + # args: + # - + volumes: + - name: boot-components + configMap: + name: {{ template "docker-osx.fullname" . }}-boot-components + items: + - key: config.plist + path: config.plist + - key: Launch_custom.sh + path: Launch_custom.sh + - key: vncpasswd_file + path: vncpasswd_file + {{- if .Values.qemu.hardwareGpu.enabled }} + - key: limits.conf + path: limits.conf + {{- end }} + - name: tun + hostPath: + path: /dev/net/tun + - name: kvm + hostPath: + path: /dev/kvm + {{- if .Values.qemu.hardwareGpu.enabled }} + - name: vfio + hostPath: + path: /dev/vfio/vfio + - name: vfio-group + hostPath: + path: /dev/vfio/{{ .Values.qemu.hardwareGpu.vfioGroup }} + - name: lib-modules + hostPath: + path: /lib/modules + {{- end }} + - name: snd + hostPath: + path: /dev/snd + - name: x11 + hostPath: + path: /dev/ssd_data/default/{{ .Release.Name }}/.X11-unix + {{- if .Values.persistence.data.enabled }} + - name: data + persistentVolumeClaim: + claimName: {{ if .Values.persistence.data.existingClaim }}{{ .Values.persistence.data.existingClaim }}{{- else }}{{ template "docker-osx.fullname" . }}-data{{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 6 }}{{ end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml new file mode 100644 index 0000000..0220524 --- /dev/null +++ b/helm/templates/ingress.yaml @@ -0,0 +1,39 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "docker-osx.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app.kubernetes.io/name: {{ include "docker-osx.name" . }} + helm.sh/chart: {{ include "docker-osx.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.ingress.annotations }} + annotations: + {{ toYaml . | indent 4 }} + {{- end }} + +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000..a6383e3 --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "docker-osx.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "docker-osx.name" . }} + helm.sh/chart: {{ include "docker-osx.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: http + - port: 8888 + targetPort: 5999 + protocol: TCP + name: vnc + {{- range .Values.service.extraPorts }} + - port: {{ .port }} + targetPort: {{ .targetPort }} + protocol: {{ .protocol }} + name: {{ .name }} + {{- end }} + selector: + app.kubernetes.io/name: {{ include "docker-osx.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.service.ip }} + loadBalancerIP: {{ .Values.service.ip }} + {{- end }} \ No newline at end of file diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000..bbf416a --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,203 @@ +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: sickcodes/docker-osx-vnc + tag: latest + pullPolicy: IfNotPresent + userName: ubuntu + +# Please note, this must be a directory name within `/system_image` mounted at the bottom in extraVolumeMounts +serverName: server + +macos: + # add kexts to EFI/OC/kexts and update config.plist + # make sure your kexts are in kexts.path + kexts: + add: false + path: /system_image/kexts + kextsToAdd: {} + # - name: BrcmBluetoothInjector.kext + # executablePath: Contents/MacOS/BrcmBluetoothInjector + # plistPath: Contents/Info.plist + # - name: BrcmFirmwareData.kext + # executablePath: Contents/MacOS/BrcmFirmwareData + # plistPath: Contents/Info.plist + # - name: BrcmPatchRAM3.kext + # executablePath: Contents/MacOS/BrcmPatchRAM3 + # plistPath: Contents/Info.plist + # SMBIOS settings + configPlist: + SystemProductName: iMacPro1,1 + MLB: D25338500GUF8YLJA + SystemSerialNumber: D25LF7ZEF8JC + SystemUUID: 139C94D6-A533-47D2-874F-D365BFD8B047 + bootArgs: '-v keepsyms=1 tlbto_us=0 vti=9 -wegoff agdpmod=pikera' + openCore: + # Rebuild OpenCore.qcow2: this can be disabled if none of the above parameters in kexts, configPlist changes, and changing the + # resolution are not desired, utilizing gpu passthrough and a few other things. Disabling is not recommended + rebuild: true + boot: + # set to zero to have OpenCore stay at boot menu + timeout: 0 + installerSettings: + # if using more than one deployment, a write lock will be put on the system installer dmg, so this will need to be disabled + # for other pods + version: 10.15.7 + path: /system_image/installers + +# This section defines QEMU and virtlo parameters +# +# Note: +# *) Increase downloadDelay if the pod gets killed for readiness/liveliness check. The first time the pod is started, +# it will download the BaseSystem image and create a data partition to install the OS. If this value is really long, +# the pod will take very long to allow VNC connections if it is rebooted/killed. +# *) Big Sur (11.X) is currently broken, as it seems Apple reworked the packaging so that will have to be something fixed in +# https://github.com/kholia/OSX-KVM/blob/master/fetch-macOS-v2.py +# *) VNC and IOMMU GPU passthrough do not play together well. Disable one if using the other. This is a limitation of QEMU +# unfortunately, so this means VNC from macOS will have to be used to view the VM when not using a physical GPU. +# *) If using GPU passthrough, it is recommended to configure it first, as the installer will take way longer (several hours) +# to install macOS with a software GPU configured. +# +qemu: + cpu: Penryn,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+avx2,+aes,+xsave,+xsaveopt,check + softwareGpu: vmware + hardwareGpu: + # when enabled, qemu.softwareGpu will be disabled automatically. disabling this will rely on softwareGpu instead + enabled: false + hardwareId: 09:00 + # slot can be found with `lspci -v -s ` + slot: 05 + # vfioGroup can be found with lsgroup.sh: + # https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh + vfioGroup: 50 + # leave romfile blank if not using one to disable + romfile: /system_image/vbios/Sapphire.RX480.8192.160603.rom + systemInstaller: + # if using more than one deployment, a write lock will be put on the system installer dmg, so this will need to be disabled + # for other pods + enabled: false + downloadDelay: 15 + # can be `writethrough`, `writeback`, or `none` + cache: none + # can be `native` or `threads` + io: threads + systemDisk: + size: 128G + # can be `writethrough`, `writeback`, or `none` + cache: writeback + # can be `native` or `threads` + io: threads + audio: + # this enables onboard audio, hdmi audio is handled with qemu.hardwareGpu + enabled: false + driver: alsa + netdev: + extraPortForwarding: hostfwd=tcp::5901-:5900 + # for usb, pass host adapters like such: + # usb: + # - vendorId: 0a5c + # productId: 21e8 + # + # please use lsgroup.sh to find your host ids: + # https://github.com/kholia/OSX-KVM/blob/master/scripts/lsgroup.sh + # + # for usb, may need to fix permissions: + # sudo chmod 666 /dev/bus/usb// + # + # if need to add a usb controller via vfio-pci, use qemu.extraArgs + # + usb: {} + # use the following formatting + # extraArgs: + # - -parallel none + # - -boot order=dc + extraArgs: {} + +# Password for accessing vm over vnc +vnc: + enabled: true + resolution: 1920x1080 + password: a5aeQbaPd4$jR80Q43 + +nameOverride: "" +fullnameOverride: "" + +service: + type: LoadBalancer + ip: 192.168.1.10 + targetPort: 50922 + port: 10022 + extraPorts: + - port: 5901 + targetPort: 5901 + protocol: TCP + name: os-level-vnc + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + paths: + - / + hosts: + - docker-osx.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# Note: Resources can vary dramatically depending on disk caching and software GPU rendering. With disk +# caching and software rendering up to x5 the cpu and x9 memory can be consumed. With disk cache off +# and GPU passthrough enabled up to x3 the cpu and x1.5 memory can be consumed. Therefore, these settings +# really depend on hardware and configuration choices. Note, these values used a 1080p video resolution +# as well. +# +# Warning: do not perform unit conversion on cpu and memory requests, as these units +# are tied qemu and virtio settings. Also, only use intergers for cpu requests. +resources: + limits: + cpu: 15 + memory: 32768Mi + requests: + cpu: 4 + memory: 16384Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +persistence: + data: + enabled: false + ## configuration data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + existingClaim: docker-osx + accessMode: ReadWriteOnce + size: 5Gi + +# Any extra volumes to define for the pod +extraVolumes: + - name: data + hostPath: + path: /mnt/data/default/docker_osx/ + type: DirectoryOrCreate + +# Any extra volume mounts to define for the containers +extraVolumeMounts: + - name: data + mountPath: /system_image diff --git a/rankmirrors b/rankmirrors new file mode 100755 index 0000000..1bd9d4b --- /dev/null +++ b/rankmirrors @@ -0,0 +1,244 @@ +#!/usr/bin/bash +# +# rankmirrors - read a list of mirrors from a file and rank them by speed +# Generated from rankmirrors.sh.in; do not edit by hand. +# +# Copyright (c) 2009 Matthew Bruenig +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# traps interrupt key to spit out pre-interrupt info +trap finaloutput INT + +declare -r myname='rankmirrors' +declare -r myver='1.4.0' + +usage() { + echo "${myname} v${myver}" + echo + echo "Ranks pacman mirrors by their connection and opening speed. Pacman mirror" + echo "files are located in /etc/pacman.d/. It can also rank one mirror if the URL is" + echo "provided." + echo + echo "Usage: ${myname} [options] MIRRORFILE | URL" + echo + echo "Options:" + echo " --version show program's version number and exit" + echo " -h, --help show this help message and exit" + echo " -n NUM number of servers to output, 0 for all" + echo " -m, --max-time NUM specify a ranking operation timeout, can be decimal number" + echo " -t, --times only output mirrors and their response times" + echo " -u, --url test a specific URL" + echo " -v, --verbose be verbose in output" + echo " -r, --repo specify a repository name instead of guessing" + exit 0 +} + +version() { + echo "${myname} (pacman) ${myver}" + echo "Copyright (c) 2009 Matthew Bruenig ." + echo + echo "This is free software; see the source for copying conditions." + echo "There is NO WARRANTY, to the extent permitted by law." + exit 0 +} + +err() { + echo "$1" >&2 + exit 1 +} + +# gettime fetchurl (e.g gettime http://foo.com/core/os/i686/core.db.tar.gz) +# returns the fetching time, or timeout, or unreachable +gettime() { + IFS=' ' output=( $(curl -s -m $MAX_TIME -w "%{time_total} %{http_code}" "$1" -o/dev/null) ) + (( $? == 28 )) && echo timeout && return + (( ${output[1]} >= 400 || ! ${output[1]} )) && echo unreachable && return + echo "${output[0]}" +} + +# getfetchurl serverurl (e.g. getturl http://foo.com/core/os/i686) +# if $repo is in the line, then assumes core +# if $arch is in the line, then assumes $(uname -m) +# returns a fetchurl (e.g. http://foo.com/core/os/i686/core.db.tar.gz) +ARCH="$(uname -m)" +getfetchurl() { + local strippedurl="${1%/}" + + local replacedurl="${strippedurl//'$arch'/$ARCH}" + if [[ ! $TARGETREPO ]]; then + replacedurl="${replacedurl//'$repo'/core}" + local tmp="${replacedurl%/*}" + tmp="${tmp%/*}" + + local reponame="${tmp##*/}" + else + replacedurl="${replacedurl//'$repo'/$TARGETREPO}" + local reponame="$TARGETREPO" + fi + + if [[ -z $reponame || $reponame = $replacedurl ]]; then + echo "fail" + else + local fetchurl="${replacedurl}/$reponame.db" + echo "$fetchurl" + fi +} + +# This exists to remove the need for a separate interrupt function +finaloutput() { + IFS=$'\n' read -r -d '' -a sortedarray < \ + <(printf '%s\n' "${timesarray[@]}" | LC_COLLATE=C sort) + + # Final output for mirrorfile + numiterator="0" + if [[ $TIMESONLY ]]; then + echo + echo " Servers sorted by time (seconds):" + for line in "${sortedarray[@]}"; do + echo "${line#* } : ${line% *}" + ((numiterator++)) + (( NUM && numiterator >= NUM )) && break + done + else + for line in "${sortedarray[@]}"; do + echo "Server = ${line#* }" + ((numiterator++)) + (( NUM && numiterator >= NUM )) && break + done + fi + exit 0 +} + + +# Argument parsing +[[ $1 ]] || usage +while [[ $1 ]]; do + if [[ ${1:0:2} = -- ]]; then + case "${1:2}" in + help) usage ;; + version) version ;; + max-time) + [[ $2 ]] || err "Must specify number."; + MAX_TIME="$2" + shift 2;; + times) TIMESONLY=1 ; shift ;; + verbose) VERBOSE=1 ; shift ;; + url) + CHECKURL=1; + [[ $2 ]] || err "Must specify URL."; + URL="$2"; + shift 2;; + repo) + [[ $2 ]] || err "Must specify repository name."; + TARGETREPO="$2"; + shift 2;; + *) err "'$1' is an invalid argument." + esac + elif [[ ${1:0:1} = - ]]; then + + if [[ ! ${1:1:1} ]]; then + [[ -t 0 ]] && err "Stdin is empty." + IFS=$'\n' linearray=( $( ./"${TEST}_master.txt" + + # run until the screen matches the expected screen + while :; do + sleep 5 + # screenshot the Xvfb + scrotcat > ./"${TEST}.txt" + # diff the low res txt files created from imcat + diff "./${TEST}.txt" ./"${TEST}_master.txt" && break + scrotcat + done + + # kill any containers + docker kill "$(docker ps --format "{{.ID}}")" + + # ensure all containers are dead + until [[ "$(docker ps | wc -l)" = 1 ]]; do + sleep 1 + docker ps | xargs docker kill + done + +done + +exit 0 diff --git a/tests/catalina_master.png b/tests/catalina_master.png new file mode 100644 index 0000000..9749507 Binary files /dev/null and b/tests/catalina_master.png differ diff --git a/tests/high-sierra_master.png b/tests/high-sierra_master.png new file mode 100644 index 0000000..9a5a8c7 Binary files /dev/null and b/tests/high-sierra_master.png differ diff --git a/tests/mojave_master.png b/tests/mojave_master.png new file mode 100644 index 0000000..4a9c8b6 Binary files /dev/null and b/tests/mojave_master.png differ diff --git a/tests/monterey_master.png b/tests/monterey_master.png new file mode 100644 index 0000000..15c33b6 Binary files /dev/null and b/tests/monterey_master.png differ diff --git a/tests/sonoma_master.png b/tests/sonoma_master.png new file mode 100644 index 0000000..fb1c34f Binary files /dev/null and b/tests/sonoma_master.png differ diff --git a/tests/test.sh b/tests/test.sh new file mode 100644 index 0000000..8c0bb31 --- /dev/null +++ b/tests/test.sh @@ -0,0 +1,349 @@ +#!/usr/bin/bash +# ____ __ ____ ______ __ +# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / +# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / +# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | +# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| TESTS +# +# Title: Docker-OSX (Mac on Docker) +# Author: Sick.Codes https://twitter.com/sickcodes +# Version: 4.2 +# License: GPLv3+ +# Repository: https://github.com/sickcodes/Docker-OSX +# Website: https://sick.codes +# +# Status: Used internally to auto build, run and test images on DO. +# + +help_text="Usage: ./test.sh --branch --repo + +General options: + --branch, -b Git branch, default is master + --repo, -r Alternative link to build + --mirror-country, -m Two letter country code for Arch mirrors + --docker-username, -u Docker hub username + --docker-password, -p Docker hub password + --vnc-password, -v Choose a VNC passwd. + +Flags + --no-cache, -n Enable --no-cache (default already) + --no-no-cache, -nn Disable --no-cache docker builds + --help, -h, help Display this help and exit +" + +# set -xeuf -o pipefail + + +# gather arguments +while (( "$#" )); do + case "${1}" in + + --help | -h | h | help ) + echo "${help_text}" && exit 0 + ;; + + --branch=* | -b=* ) + export BRANCH="${1#*=}" + shift + ;; + --branch* | -b* ) + export BRANCH="${2}" + shift + shift + ;; + --repo=* | -r=* ) + export REPO="${1#*=}" + shift + ;; + --repo* | -r* ) + export REPO="${2}" + shift + shift + ;; + --mirror-country=* | -m=* ) + export MIRROR_COUNTRY="${1#*=}" + shift + ;; + --mirror-country* | -m* ) + export MIRROR_COUNTRY="${2}" + shift + shift + ;; + --vnc-password=* | -v=* | --vnc-passwd=* ) + export VNC_PASSWORD="${1#*=}" + shift + ;; + --vnc-password* | -v* | --vnc-passwd* ) + export VNC_PASSWORD="${2}" + shift + shift + ;; + --docker-username=* | -u=* ) + export DOCKER_USERNAME="${1#*=}" + shift + ;; + --docker-username* | -u* ) + export DOCKER_USERNAME="${2}" + shift + shift + ;; + --docker-password=* | -p=* ) + export DOCKER_PASSWORD="${1#*=}" + shift + ;; + --docker-password* | -p* ) + export DOCKER_PASSWORD="${2}" + shift + shift + ;; + --no-cache | -n ) + export NO_CACHE='--no-cache' + shift + ;; + --no-no-cache | -nn ) + export NO_CACHE= + shift + ;; + *) + echo "Invalid option: ${1}" + exit 1 + ;; + + esac +done + +BRANCH="${BRANCH:=master}" +REPO="${REPO:=https://github.com/sickcodes/Docker-OSX.git}" +VNC_PASSWORD="${VNC_PASSWORD:=testing}" +MIRROR_COUNTRY="${MIRROR_COUNTRY:=US}" +NO_CACHE="${NO_CACHE:=--no-cache}" + + +TEST_BUILDS=( + 'docker-osx:naked' + 'docker-osx:naked-auto' + 'docker-osx:auto' +) + +TEST_BUILDS=( + 'docker-osx:naked' + 'docker-osx:naked-auto' + 'docker-osx:auto' +) + +VERSION_BUILDS=( + 'high-sierra' + 'mojave' + 'catalina' + 'big-sur' + 'monterey' + 'ventura' + 'sonoma' +) + +warning () { + clear + for j in {15..1}; do + echo "############# WARNING: THIS SCRIPT IS NOT INTENDED FOR USE BY ################" + echo "############# IT IS USED BY THE PROJECT TO BUILD AND PUSH TO DOCKERHUB #######" + echo "" + echo " Press Ctrl C to stop. " + MAX_COLS=$((${COLUMNS}/2)) + printf "$j %.0s" {1..20} + echo + sleep 1 + done +} + +install_docker () { + apt remove docker docker-engine docker.io containerd runc -y \ + ; apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y \ + && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ + && apt-key fingerprint 0EBFCD88 \ + && > /etc/apt/sources.list.d/docker.list \ + && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ + && apt update -y \ + && apt install docker-ce docker-ce-cli containerd.io -y \ + && usermod -aG docker "${USER}" \ + && su hook docker run --rm hello-world +} + +install_vnc () { + apt update -y \ + && apt install xorg openbox tigervnc-standalone-server tigervnc-common tigervnc-xorg-extension tigervnc-viewer -y \ + && mkdir -p ${HOME}/.vnc \ + && touch ~/.vnc/config \ + && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ + && tee -a ~/.vnc/config <<< 'localhost' \ + && tee -a ~/.vnc/config <<< 'alwaysshared' \ + && touch ./vnc.sh \ + && printf '\n%s\n' \ + 'sudo rm -f /tmp/.X99-lock' \ + 'export DISPLAY=:99' \ + '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth ~/.vnc/passwd :99 &' > ./vnc.sh \ + && tee vncpasswd_file <<< "${VNC_PASSWORD:=testing}" && echo "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd \ + && chmod 600 ~/.vnc/passwd \ + && apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager -y \ + && sudo systemctl enable libvirtd.service \ + && sudo systemctl enable virtlogd.service \ + && echo 1 | sudo tee /sys/module/kvm/parameters/ignore_msrs \ + && sudo modprobe kvm \ + && echo 'export DISPLAY=:99' >> ~/.bashrc \ + && printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$( + +USER root + +# OPTIONAL: Arch Linux server mirrors for super fast builds +# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true +ARG RANKMIRRORS +ARG MIRROR_COUNTRY=US +ARG MIRROR_COUNT=10 +RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ + ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors" \ + ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ + | sed -e 's/^#Server/Server/' -e '/^#/d' \ + | head -n "$((${MIRROR_COUNT:-10}+1))" \ + | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && cat /etc/pacman.d/mirrorlist ; fi + +# Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys +RUN pacman -Sy archlinux-keyring --noconfirm && rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate + +USER arch + +RUN yes | sudo pacman -Syyuu --noconfirm \ + && yes | sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm \ + && mkdir -p ${HOME}/.vnc \ + && touch ~/.vnc/config \ + && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ + && tee -a ~/.vnc/config <<< 'localhost' \ + && tee -a ~/.vnc/config <<< 'alwaysshared' + +# this won't work if you have 99 monitors, 98 monitors is fine though +# don't forget to remove the lock file incase you shut down incorrectly or create an image. +RUN printf '\n%s\n' \ +'sudo rm -f /tmp/.X99-lock' \ +'export DISPLAY=:99' \ +'/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &' > vnc.sh + +RUN cat vnc.sh Launch.sh > Launch_custom.sh + +RUN chmod +x Launch_custom.sh + +RUN tee vncpasswd_file <<< "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd + +RUN chmod 600 ~/.vnc/passwd +RUN printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$( + +USER root + +WORKDIR /root + +RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img + +# OPTIONAL: Arch Linux server mirrors for super fast builds +# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true +ARG RANKMIRRORS +ARG MIRROR_COUNTRY=US +ARG MIRROR_COUNT=10 +RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ + ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors" \ + ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ + | sed -e 's/^#Server/Server/' -e '/^#/d' \ + | head -n "$((${MIRROR_COUNT:-10}+1))" \ + | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' \ + && cat /etc/pacman.d/mirrorlist ; fi + +# For taking screenshots of the Xfvb screen, useful during development. +ARG SCROT + +RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \ + && if [[ "${SCROT}" ]]; then \ + pacman -Syu scrot base-devel --noconfirm \ + && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ + && cd imcat \ + && make \ + && sudo cp imcat /usr/bin/imcat \ + && touch /usr/bin/scrotcat \ + && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ + && chmod +x /usr/bin/scrotcat \ + ; else \ + touch /usr/bin/scrotcat \ + && echo echo >> /usr/bin/scrotcat \ + && chmod +x /usr/bin/scrotcat \ + ; fi \ + ; yes | pacman -Scc + +USER arch + +WORKDIR /home/arch/OSX-KVM + +RUN mkdir -p ~/.ssh \ + && touch ~/.ssh/authorized_keys \ + && touch ~/.ssh/config \ + && chmod 700 ~/.ssh \ + && chmod 600 ~/.ssh/config \ + && chmod 600 ~/.ssh/authorized_keys \ + && tee -a ~/.ssh/config <<< 'Host *' \ + && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ + && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' + +#### SPECIAL RUNTIME ARGUMENTS BELOW + +ENV ADDITIONAL_PORTS= + +# add additional QEMU boot arguments +ENV BOOT_ARGS= + +ENV BOOTDISK= + +# edit the CPU that is beign emulated +ENV CPU=Penryn + +ENV DISPLAY=:99 + +ENV HEADLESS=false + +ENV ENV=/env + +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + +ENV IMAGE_PATH=/image +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + +ENV NOPICKER=true + +# dynamic RAM options for runtime +ENV RAM=8 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + +# libguestfs verbose +ENV LIBGUESTFS_DEBUG=1 +ENV LIBGUESTFS_TRACE=1 + +CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ + nohup Xvfb :99 -screen 0 1920x1080x16 \ + & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ + ; } \ + ; [[ "${NOPICKER}" == true ]] && { \ + sed -i '/^.*InstallMedia.*/d' Launch.sh \ + && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2}" \ + ; } \ + || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ + ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + || exit 1 ; } \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ + source "${ENV:=/env}" 2>/dev/null \ + ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + || exit 1 ; } \ + # ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh + +WORKDIR /home/arch/OSX-KVM + +RUN yes | sudo pacman -Syyuu --noconfirm \ + && yes | sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm \ + && mkdir -p ${HOME}/.vnc \ + && touch ~/.vnc/config \ + && tee -a ~/.vnc/config <<< 'geometry=1920x1080' \ + && tee -a ~/.vnc/config <<< 'localhost' \ + && tee -a ~/.vnc/config <<< 'alwaysshared' + +RUN printf '\n%s\n' \ +'sudo rm -f /tmp/.X99-lock' \ +'export DISPLAY=:99' \ +'/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &' > vnc.sh + +RUN cat vnc.sh Launch.sh > Launch_custom.sh + +RUN chmod +x Launch_custom.sh + +RUN tee vncpasswd_file <<< "${VNC_PASSWORD:="$(tr -dc '[:graph:]' ${HOME}/.vnc/passwd + +RUN chmod 600 ~/.vnc/passwd +RUN printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$(