aditama-labs/Docker-OSX
1
0
Fork 0
mirror of https://github.com/sickcodes/Docker-OSX.git synced 2024-09-20 05:36:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #155 from sickcodes/custom-identity

Browse Source 
Custom Serial Numbers (iMessage/iCloud security analysis)
This commit is contained in:
sickcodes 2021-02-26 17:34:41 +00:00 committed by GitHub
commit 27efe6658d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 1960 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -1,5 +1,7 @@
|Version|Date|Notes| |Version|Date|Notes|
|---|---|---| |---|---|---|
| |2021-02-26|Change `-e NOPICKER=true` to simply do `sed -i '/^.*InstallMedia.*/d' Launch.sh` and `export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2`.|
|3.2|2021-02-25|Add a script to generate unique machine serial numbers. Add a script to generate a bootdisk from given serial numbers. Add Linux for libguestfs which allows the docker container to make QEMU bootdisks with specific serial numbers.|
| |2021-02-21|Add NOPICKER environment variable to ALL images.| | |2021-02-21|Add NOPICKER environment variable to ALL images.|
|3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.| |3.1|2021-02-21|Remove testing repos. Switch to base-devel. We shouldn't be using testing repos in a Dockerfile for light increase in stability. Add the mandatory glibc patch to every pacman until someone upstream fixes it.|
| |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.| | |2021-02-07|Add NOPICKER environment variable to :naked image for effortless boot toggling.|

89
Dockerfile
View File

@ -8,7 +8,7 @@
# Repo: https://github.com/sickcodes/Docker-OSX/ # Repo: https://github.com/sickcodes/Docker-OSX/
# Title: Mac on Docker (Docker-OSX) # Title: Mac on Docker (Docker-OSX)
# Author: Sick.Codes https://sick.codes/ # Author: Sick.Codes https://sick.codes/
# Version: 3.1 # Version: 3.2
# License: GPLv3+ # License: GPLv3+
# #
# All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm # All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm
@ -52,7 +52,7 @@
FROM archlinux:base-devel FROM archlinux:base-devel
MAINTAINER 'https://sick.codes' <https://sick.codes> MAINTAINER 'https://twitter.com/sickcodes' <https://sick.codes>
SHELL ["/bin/bash", "-c"] SHELL ["/bin/bash", "-c"]
@ -91,7 +91,7 @@ RUN if [[ "${RANKMIRRORS}" ]]; then \
# RUN tee -a /etc/pacman.conf <<< '[community-testing]' \ # RUN tee -a /etc/pacman.conf <<< '[community-testing]' \
# && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist' # && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist'
RUN pacman -Syu git vim nano alsa-utils openssh --noconfirm \ RUN pacman -Syu git zip vim nano alsa-utils openssh --noconfirm \
&& ln -s /bin/vim /bin/vi \ && ln -s /bin/vim /bin/vi \
&& useradd arch -p arch \ && useradd arch -p arch \
&& tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \ && tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \
@ -174,6 +174,19 @@ RUN python fetch-macOS.py --version "${VERSION}" \
WORKDIR /home/arch/OSX-KVM WORKDIR /home/arch/OSX-KVM
ARG LINUX=true
# required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly
RUN if [[ "${LINUX}" == true ]]; then \
sudo pacman -Syu linux libguestfs --noconfirm \
&& patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst \
&& curl -LO "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/${patched_glibc}" \
&& bsdtar -C / -xvf "${patched_glibc}" || echo "Everything is fine." \
; fi
# temporary branch, remove in final PR
RUN git clone --branch custom-identity https://github.com/sickcodes/Docker-OSX.git
RUN touch Launch.sh \ RUN touch Launch.sh \
&& chmod +x ./Launch.sh \ && chmod +x ./Launch.sh \
&& tee -a Launch.sh <<< '#!/bin/sh' \ && tee -a Launch.sh <<< '#!/bin/sh' \
@ -183,7 +196,7 @@ RUN touch Launch.sh \
&& tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-8}000 \' \ && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-8}000 \' \
&& tee -a Launch.sh <<< '-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \' \ && tee -a Launch.sh <<< '-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \' \
&& tee -a Launch.sh <<< '-machine q35,accel=kvm:tcg \' \ && tee -a Launch.sh <<< '-machine q35,accel=kvm:tcg \' \
&& tee -a Launch.sh <<< '-smp ${SMP:-4},cores=${CORES:-4} \' \ && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \
&& tee -a Launch.sh <<< '-usb -device usb-kbd -device usb-tablet \' \ && tee -a Launch.sh <<< '-usb -device usb-kbd -device usb-tablet \' \
&& tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \ && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \
&& tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \ && tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \
@ -191,7 +204,7 @@ RUN touch Launch.sh \
&& tee -a Launch.sh <<< '-smbios type=2 \' \ && tee -a Launch.sh <<< '-smbios type=2 \' \
&& tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \ && tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \
&& tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \ && tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \
&& tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \' \ && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2} \' \
&& tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \
&& tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \
&& tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \' \ && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \' \
@ -204,6 +217,8 @@ RUN touch Launch.sh \
&& tee -a Launch.sh <<< '${EXTRA:-}' && tee -a Launch.sh <<< '${EXTRA:-}'
# docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh # docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh
# This is now a legacy command.
# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk
RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \ RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \
&& chmod +x ./Launch-nopicker.sh \ && chmod +x ./Launch-nopicker.sh \
&& sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh
@ -212,8 +227,12 @@ USER arch
ENV USER arch ENV USER arch
ENV BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2
ENV DISPLAY=:0.0 ENV DISPLAY=:0.0
ENV ENV=/env
ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img
ENV NETWORKING=e1000-82545em ENV NETWORKING=e1000-82545em
@ -221,13 +240,65 @@ ENV NETWORKING=e1000-82545em
ENV NOPICKER=false ENV NOPICKER=false
ENV UNIQUE=false
# Boolean for generating a bootdisk with new serials.
VOLUME ["/tmp/.X11-unix"] VOLUME ["/tmp/.X11-unix"]
CMD case "$(file --brief /image)" in \ # check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image
QEMU*) export IMAGE_PATH=/image && sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true;; \ # NOPICKER is used to skip the disk selection screen
directory*) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img;; \ # GENERATE_UNIQUE is used to generate serial numbers on boot.
# /env is a file that you can generate and save using -v source.sh:/env
# the env file is a file that you can carry to the next container which will supply the serials numbers.
# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using:
# -e DEVICE_MODEL="iMacPro1,1" \
# -e SERIAL="C02TW0WAHX87" \
# -e BOARD_SERIAL="C027251024NJG36UE" \
# -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
# -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
# the output will be /bootdisk.
# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk.
# if you don't set any of the above:
# the default serial numbers are already contained in ./OpenCore-Catalina/OpenCore.qcow2
# And the default serial numbers
CMD sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; case "$(file --brief /image)" in \
QEMU\ QCOW2\ Image* ) export IMAGE_PATH=/image \
;; \
directory* ) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img \
;; \
esac \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 \
; } \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" || exit 1 \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" \
|| ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" || exit 1 \
; } \
; case "$(file --brief /bootdisk)" in \
QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \
;; \
directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
;; \
esac \ esac \
; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \
; ./enable-ssh.sh && envsubst < ./Launch.sh | bash ; ./enable-ssh.sh && envsubst < ./Launch.sh | bash
# virt-manager mode: eta son # virt-manager mode: eta son

41
Dockerfile.auto
View File

@ -7,7 +7,7 @@
# #
# Title: Mac on Docker (Docker-OSX) [AUTOINSTALL] # Title: Mac on Docker (Docker-OSX) [AUTOINSTALL]
# Author: Sick.Codes https://twitter.com/sickcodes # Author: Sick.Codes https://twitter.com/sickcodes
# Version: 3.1 # Version: 3.2
# License: GPLv3+ # License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX # Repository: https://github.com/sickcodes/Docker-OSX
# #
@ -128,10 +128,12 @@ RUN if [[ "${COMPLETE}" ]]; then \
&& wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \
; fi ; fi
RUN mv ./Launch-nopicker.sh ./Launch.sh ENV BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2
ENV DISPLAY=:99 ENV DISPLAY=:99
ENV ENV=/env
ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img
ENV NOPICKER=true ENV NOPICKER=true
@ -141,15 +143,44 @@ ENV TERMS_OF_USE=i_agree
ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree"
CMD echo "${BOILERPLATE}" \ CMD echo "${BOILERPLATE}" \
&& [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \
; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \ ; echo "Disk is being copied between layers... Please wait a minute..." \
; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; [[ "${NOPICKER}" == true ]] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
&& export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 \
; } \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" || exit 1 \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" \
|| ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" || exit 1 \
; } \
; case "$(file --brief /bootdisk)" in \
QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \
;; \
directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
;; \
esac \
; [[ "${DISPLAY}" = ':99' ]] && { \ ; [[ "${DISPLAY}" = ':99' ]] && { \
nohup Xvfb :99 -screen 0 1920x1080x16 \ nohup Xvfb :99 -screen 0 1920x1080x16 \
& until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 0.1 ; done \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 0.1 ; done \
; } \ ; } \
; echo "Checking whether /image is a directory or a QEMU disk." \ ; echo "Checking whether /image is a directory or a QEMU disk." \
; case "$(file --brief /image)" in \ ; case "$(file --brief /image)" in \
QEMU*) export IMAGE_PATH=/image && sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true;; \ QEMU*) export IMAGE_PATH=/image;; \
directory*) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img;; \ directory*) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img;; \
esac \ esac \
; stat "${IMAGE_PATH}" \ ; stat "${IMAGE_PATH}" \

44
Dockerfile.naked
View File

@ -7,7 +7,7 @@
# #
# Title: Mac on Docker (Docker-OSX) [AUTOINSTALL] # Title: Mac on Docker (Docker-OSX) [AUTOINSTALL]
# Author: Sick.Codes https://twitter.com/sickcodes # Author: Sick.Codes https://twitter.com/sickcodes
# Version: 3.1 # Version: 3.2
# License: GPLv3+ # License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX # Repository: https://github.com/sickcodes/Docker-OSX
# #
@ -101,17 +101,47 @@ RUN mkdir -p ~/.ssh \
&& tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
&& tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null'
ENV NOPICKER=true ENV BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2
ENV DISPLAY=:99 ENV DISPLAY=:99
ENV ENV=/env
ENV IMAGE_PATH=/image ENV IMAGE_PATH=/image
CMD [[ "${DISPLAY}" = ':99' ]] && { \ ENV NOPICKER=true
CMD sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
; [[ "${DISPLAY}" = ':99' ]] && { \
nohup Xvfb :99 -screen 0 1920x1080x16 \ nohup Xvfb :99 -screen 0 1920x1080x16 \
& until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \
; } \ ; } \
; sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true \ ; [[ "${NOPICKER}" == true ]] && { \
; ./enable-ssh.sh \ sed -i '/^.*InstallMedia.*/d' Launch.sh \
; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \ && export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 \
; envsubst < ./Launch.sh | bash ; } \
; [[ "${GENERATE_UNIQUE}" == true ]] && { \
./Docker-OSX/custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
--output-env "${ENV:=/env}" || exit 1 \
; } \
; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
source "${ENV:=/env}" \
|| ./Docker-OSX/custom/generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" || exit 1 \
; } \
; case "$(file --brief /bootdisk)" in \
QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \
;; \
directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
;; \
esac \
; ./enable-ssh.sh && envsubst < ./Launch.sh | bash

344
README.md
View File

@ -3,10 +3,12 @@
![Running mac osx in a docker container](/running-mac-inside-docker-qemu.png?raw=true "OSX KVM DOCKER") ![Running mac osx in a docker container](/running-mac-inside-docker-qemu.png?raw=true "OSX KVM DOCKER")
Run Mac in a Docker container! Run near native OSX-KVM in Docker! X11 Forwarding! Run Mac in a Docker container! Run near native OSX-KVM in Docker! X11 Forwarding! iMessage security research!
Author: Sick.Codes https://sick.codes/ & https://twitter.com/sickcodes Author: Sick.Codes https://sick.codes/ & https://twitter.com/sickcodes
Documentation: everything is on this page!
### PR & Contributor Credits ### PR & Contributor Credits
https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md
@ -21,7 +23,9 @@ Docker Hub: https://hub.docker.com/r/sickcodes/docker-osx
## Professional Support Available! ## Professional Support Available!
Enquire at https://sick.codes/contact Small questions & issues: open an issue!
For big projects, DM on Twitter [@sickcodes on Twitter](https://twitter.com/sickcodes) or write to us at https://sick.codes/contact.
- Enterprise support, Business support, or casual support. - Enterprise support, Business support, or casual support.
- Custom images, custom scripts, consulting (per hour available!) - Custom images, custom scripts, consulting (per hour available!)
@ -31,11 +35,50 @@ Enquire at https://sick.codes/contact
Kubernetes Helm Chart & Documentation [available at ./helm](https://github.com/sickcodes/Docker-OSX/tree/master/helm) Kubernetes Helm Chart & Documentation [available at ./helm](https://github.com/sickcodes/Docker-OSX/tree/master/helm)
Thank you to @cephasara for this major contribution.
[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx)
#### Follow [@sickcodes on Twitter](https://twitter.com/sickcodes) for updates or feature requests! #### Follow [@sickcodes on Twitter](https://twitter.com/sickcodes) for updates or feature requests!
# Quick Start Docker-OSX # How to use
### There are 3 images: **latest**, **auto** and **naked**.
`sickcodes/docker-osx:latest` - [I want to try it out.](https://github.com/sickcodes/Docker-OSX#quick-start-175gb-pre-made-image)
`sickcodes/docker-osx:latest` - [I want to use Docker-OSX to develop/secure Apps in Xcode (sign into Xcode, Transporter)](https://github.com/sickcodes/Docker-OSX#quick-start-docker-osx)
`sickcodes/docker-osx:naked` - [I want to use Docker-OSX in CI/CD (sign into Xcode, Transporter)](https://github.com/sickcodes/Docker-OSX#fully-headless-using-my-own-image-for-cicd)
Create your personal image using `:latest`. And then pull your image out. And then use duplicate that image again & again for use in `:naked`.
`sickcodes/docker-osx:auto` - [I want to boot into command line only. (compile software, homebrew headless).](https://github.com/sickcodes/Docker-OSX#pre-built-image-arbitrary-command-line-arguments)
`sickcodes/docker-osx:naked` - [I need iMessage/iCloud for security research.](https://github.com/sickcodes/Docker-OSX#serial-numbers)
#### I need a screen.
**KEEP** these two lines are in your command. Works in ANY of the machines:
```dockerfile
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
```
#### I need headless.
**REMOVE** these two lines from ANY of the machines:
```dockerfile
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
```
#### I have used it already, and want to copy this image.
Use `docker commit`, copy the ID, and then `docker start ID`
**OR**
[Pull out the .img file](https://github.com/sickcodes/Docker-OSX#backup-the-disk-wheres-my-disk), and then use that [.img file with :naked](https://github.com/sickcodes/Docker-OSX#quick-start-own-image-naked-container-image)
# Basic Quick Start Docker-OSX
```bash ```bash
@ -52,18 +95,26 @@ docker run -it \
``` ```
# Quick Start 17.5GB Pre-Made Image # Quick Start Large Pre-Made Image
Current large image size: 17.5GB
You will need around 50GB of space: half for the base image + half for your runtime image. This starts a container with an existing installation. This special auto image was made by @sickcodes:
If you run out of space, you can nuke your Docker images/history/cache by simply deleting `/var/lib/docker` - SSH enabled
- username is `user`
- password is `alpine`
- auto-updates off
You will need around *50GB* of space to run this image: half for the base image + half for your runtime image.
If you run out of space, you can delete all your old Docker images/history/cache by simply deleting `/var/lib/docker`, and restarting `dockerd`.
```bash ```bash
docker pull sickcodes/docker-osx:auto docker pull sickcodes/docker-osx:auto
# boot straight to OSX shell with no display (19GB) # boot directly into a real OSX shell with no display (Xvfb) [HEADLESS]
docker run -it \ docker run -it \
--device /dev/kvm \ --device /dev/kvm \
-p 50922:10022 \ -p 50922:10022 \
@ -76,7 +127,7 @@ docker run -it \
docker pull sickcodes/docker-osx:auto docker pull sickcodes/docker-osx:auto
# boot to OSX shell + display (19GB) # boot directly into a real OSX shell with a visual display [NOT HEADLESS]
docker run -it \ docker run -it \
--device /dev/kvm \ --device /dev/kvm \
-p 50922:10022 \ -p 50922:10022 \
@ -85,12 +136,13 @@ docker run -it \
sickcodes/docker-osx:auto sickcodes/docker-osx:auto
``` ```
### Pre-built Image + Arbitrary Command Line Arguments.
```bash ```bash
docker pull sickcodes/docker-osx:auto docker pull sickcodes/docker-osx:auto
# boot to OSX shell + display (19GB) + commands to run inside OSX # boot to OSX shell + display + specify commands to run inside OSX!
docker run -it \ docker run -it \
--device /dev/kvm \ --device /dev/kvm \
-p 50922:10022 \ -p 50922:10022 \
@ -104,6 +156,8 @@ docker run -it \
``` ```
### Restart an auto container ### Restart an auto container
Containers that use `sickcodes/docker-osx:auto` can be stopped at started.
```bash ```bash
# find last container # find last container
docker ps -a docker ps -a
@ -113,18 +167,20 @@ docker start -i containerid
``` ```
# Quick Start Own Image # Quick Start Own Image (naked container image)
This is my favourite container. You can supply an existing disk image as a docker command line argument.
Supply your own local image with `-v "${PWD}/mac_hdd_ng.img:/image"` and use `sickcodes/docker-osx:naked` Supply your own local image with `-v "${PWD}/mac_hdd_ng.img:/image"` and use `sickcodes/docker-osx:naked`
- Naked image is for booting any existing .img file. - Naked image is for booting any existing .img file.
- By default, this image has a variable called `NOPICKER` which is `"true"`. Use `-e NOPICKER=false` or any other string than the word `true` to enter the boot menu. This lets you use other disks instead of skipping the boot menu, e.g. recovery disk. - By default, this image has a variable called `NOPICKER` which is `"true"`. This skips the disk selection menu. Use `-e NOPICKER=false` or any other string than the word `true` to enter the boot menu. This lets you use other disks instead of skipping the boot menu, e.g. recovery disk or disk utility.
```bash ```bash
docker pull sickcodes/docker-osx:naked docker pull sickcodes/docker-osx:naked
# run your own image + SSH # run your own image + SSH
# change mac_hdd_ng.img
docker run -it \ docker run -it \
--device /dev/kvm \ --device /dev/kvm \
-p 50922:10022 \ -p 50922:10022 \
@ -144,6 +200,9 @@ docker run -it \
sickcodes/docker-osx:naked sickcodes/docker-osx:naked
``` ```
### Fully Headless, using my own image, for CI/CD
```bash ```bash
# run your own image headless + SSH # run your own image headless + SSH
docker run -it \ docker run -it \
@ -153,24 +212,25 @@ docker run -it \
sickcodes/docker-osx:naked sickcodes/docker-osx:naked
``` ```
# Features In Docker-OSX v3.1 # Features In Docker-OSX v3.2
- Full auto mode: boot straight to OSX shell. - Serial number generators. [See below or ./custom](https://github.com/sickcodes/Docker-OSX/tree/master/custom)
- sickcodes/docker-osx:latest - original base recovery image (safe) - Full auto mode: boot straight to OSX shell and even run commands as runtime arguments!
- sickcodes/docker-osx:naked - supply your own .img file (safe) - `sickcodes/docker-osx:latest` - original base recovery image (safe)
- sickcodes/docker-osx:auto - 17.5GB image boot to OSX shell (must trust @sickcodes) - `sickcodes/docker-osx:naked` - supply your own .img file (safe)
- Supply your own image using -v $PWD/disk.img:/image - `sickcodes/docker-osx:auto` - Large docker image that boots to OSX shell (must trust @sickcodes)
- Supply your own image using `-v "${PWD}/disk.img:/image"`
- Kubernetes Helm Chart. [See ./helm](https://github.com/sickcodes/Docker-OSX/tree/master/helm) - Kubernetes Helm Chart. [See ./helm](https://github.com/sickcodes/Docker-OSX/tree/master/helm)
- OSX-KVM - [OSX-KVM](https://github.com/kholia/OSX-KVM) inside a Docker container!
- X11 Forwarding - X11 Forwarding
- SSH on localhost:50922 - SSH on `localhost:50922`
- QEMU - QEMU + KVM!
- VNC on localhost:8888 [vnc version is inside a separate directory](https://github.com/sickcodes/Docker-OSX/blob/master/vnc-version/Dockerfile) - VNC version on `localhost:8888` [vnc version is inside a separate directory, there are security risks involved with using VNC, see insid the Dockerfile](https://github.com/sickcodes/Docker-OSX/blob/master/vnc-version/Dockerfile)
- Create an ARMY using `docker commit` - Create an ARMY of the same exact container using `docker commit`
- XFVB HEADLESS (use vnc) - Xfvb headless mode
### All Pull Requests Welcome! ### All Pull Requests Welcome!
Docker-OSX is a GPLv3+ Dockerfile and we need contributors just like you :). Docker-OSX is a GPLv3+ Dockerfile and we need contributors just like you :)
Upstream: https://github.com/kholia/OSX-KVM && the great guy [@kholia](https://twitter.com/kholia) Upstream: https://github.com/kholia/OSX-KVM && the great guy [@kholia](https://twitter.com/kholia)
@ -178,6 +238,10 @@ Upstream Credits (OSX-KVM project) among many others: https://github.com/kholia/
# Download The Image for sickcodes/docker-osx:naked # Download The Image for sickcodes/docker-osx:naked
This is the current automated image. Username is `user`, passsword is `alpine`, SSH is on, and auto-updates are off.
If the download is slow, just get the image from `docker pull sickcodes/docker-osx:auto` and find it in `/var/lib/docker`.
```bash ```bash
wget https://images2.sick.codes/mac_hdd_ng_auto.img wget https://images2.sick.codes/mac_hdd_ng_auto.img
@ -191,14 +255,6 @@ docker run -it \
``` ```
# Internet Speeds
### Slow internet but iMessage & iCloud compatability
`-e NETWORKING=e1000-82545em`
### FAST internet but not compatable with iMessage & iCloud
`-e NETWORKING=vmxnet3`
### Other cool Docker-QEMU based projects: ### Other cool Docker-QEMU based projects:
[Run iOS in a Docker with Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [https://github.com/sickcodes/Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) [Run iOS in a Docker with Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [https://github.com/sickcodes/Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS)
@ -243,6 +299,10 @@ ssh fullname@localhost -p 50922
# Autoboot into OSX after you've installed everything # Autoboot into OSX after you've installed everything
You can use `-e NOPICKER=true`.
Old machines:
```bash ```bash
# find you containerID # find you containerID
docker ps docker ps
@ -289,7 +349,9 @@ sudo modprobe kvm
# Start the same container later (persistent disk) # Start the same container later (persistent disk)
This is for when you want to run the SAME container again later. 1. You can now pull the `.img` file out of the container, which is stored in `/var/lib/docker`, and supply it as a runtime argument to the `:naked` Docker image. See above.
2. This is for when you want to run the SAME container again later.
If you don't run this you will have a new image every time. If you don't run this you will have a new image every time.
@ -499,30 +561,16 @@ sudo mv somedir/mac_hdd_ng.img .
# Use an Old Docker-OSX Disk in a Fresh Container (Replication) # Use an Old Docker-OSX Disk in a Fresh Container (Replication)
You do not have to reinstall everything, you can simply: [Use the sickcodes/docker-osx:naked image.](https://github.com/sickcodes/Docker-OSX/tree/master#quick-start-own-image)
- start a new container # Internet Speeds
- overwrite the .img in the new container with your big old one ### Slow internet but iMessage & iCloud compatability
`-e NETWORKING=e1000-82545em`
```bash ### FAST internet but not compatable with iMessage & iCloud
`-e NETWORKING=vmxnet3`
# start a new docker-osx container
# you can start with ssh, without, or vnc, because they are all interchangable.
# get the NEW container id
docker ps
# docker cp your OLD disk into the NEW container
docker cp ./mac_hdd_ng.img newcontainerid:/home/arch/OSX-KVM/mac_hdd_ng.img
# kill the NEW container
docker kill newcontainerid
# start the NEW container and it just works
docker start newcontainerid
```
# DESTROY: Wipe old images to free disk space # DESTROY: Wipe old images to free disk space
@ -539,15 +587,6 @@ docker system prune --all
docker image prune --all docker image prune --all
``` ```
# INSTANT OSX-KVM in a BOX!
This Dockerfile automates the installation of OSX-KVM inside a docker container.
It will build a Catalina Disk with up to 200GB of space.
You can change the size and version using build arguments (see below).
This file builds on top of the work done by Dhiru Kholia and many others on the OSX-KVM project.
# CI/CD Related Improvements # CI/CD Related Improvements
## How to reduce the size of the image ## How to reduce the size of the image
* Start up the container as usual, and remove unnecessary files. A useful way * Start up the container as usual, and remove unnecessary files. A useful way
@ -647,6 +686,185 @@ docker run \
``` ```
# Serial Numbers
The easiest way to show you is by these examples.
For serial numbers, generate them in `./custom` OR make docker generate them at runtime (see below).
At any time, verify your serial number before logging in iCloud, etc.
```bash
ioreg -l | grep IOPlatformSerialNumber
# or from the host
sshpass -p alpine ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber'
```
```bash
# proof of concept only, generates random serial numbers, headlessly, and quits right after.
docker run --rm -it \
--device /dev/kvm \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_UNIQUE=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
sickcodes/docker-osx:auto
```
```bash
# run the same as above 17gb auto image, with SSH, with nopicker, and save the bootdisk for later.
# you don't need to save the bootdisk IF you supply specific serial numbers!
touch ./C02TW0WAHX87.qcow
docker run -it \
--device /dev/kvm \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
-e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \
sickcodes/docker-osx:auto
```
```bash
# run an existing image in current directory, with a screen, with SSH, with nopicker, and save the bootdisk for later.
stat mac_hdd_ng.img # make sure you have an image if you're using :naked
touch ./mynewbootdisk.qcow
docker run -it \
--device /dev/kvm \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
-e BOOTDISK=/bootdisk \
-v "${PWD}/mynewbootdisk.qcow:/bootdisk" \
-v "${PWD}/mac_hdd_ng.img:/image" \
sickcodes/docker-osx:naked
```
If you want to generate serial numbers, either make them at runtime using
` -e GENERATE_UNIQUE=true \`
Or you can generate them inside the `./custom` folder. And then use:
```bash
-e GENERATE_SPECIFIC=true \
-e SERIAL="" \
-e BOARD_SERIAL="" \
-e UUID="" \
-e MAC_ADDRESS="" \
```
#### Persistence from generating serial numbers is obviously ideal:
```bash
stat mac_hdd_ng_testing.img
touch ./output.qcow
touch ./output.env
# generate fresh random serial numbers, with a screen, using my own image, and save the bootdisk AND env file with my new serial numbers for later.
docker run -it \
--device /dev/kvm \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_UNIQUE=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e BOOTDISK=/bootdisk \
-v "${PWD}/output.qcow:/bootdisk" \
-v "${PWD}/output.env:/env" \
-v "${PWD}/mac_hdd_ng_testing.img:/image" \
sickcodes/docker-osx:naked
```
To use iMessage or iCloud you need to change `5` values.
`SERIAL`
`BOARD_SERIAL`
`UUID`
`MAC_ADDRESS`
_`ROM` is just the lowercased mac address, without `:` between each word._
You can tell the container to generate them for you using `-e GENERATE_UNIQUE=true`
Or tell the container to use specific ones using `-e GENERATE_UNIQUE=true`
```bash
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
```
### Where do you get the serial numbers?
```bash
apt install libguestfs -y
pacman -S libguestfs
yum install libguestfs -y
```
Inside the `./custom` folder you will find `4` scripts.
- `config-nopicker-custom.plist`
- `opencore-image-ng.sh`
These two files are from OSX-KVM.
You don't need to touch these two files.
The config.plist has 5 values replaced with placeholders. [Click here to see those values for no reason.](https://github.com/sickcodes/Docker-OSX/blob/master/custom/config-nopicker-custom.plist#L705)
- `generate-unique-machine-values.sh`
This script will generate serial numbers, with Mac Addresses, plus output to CSV/TSV, plus make a `bootdisk image`.
You can create hundreds, `./custom/generate-unique-machine-values.sh --help`
```bash
./custom/generate-unique-machine-values.sh \
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--output-bootdisk OpenCore.qcow2 \
--output-env source.env.sh
```
Or if you have some specific serial numbers...
- `generate-specific-bootdisk.sh`
```bash
generate-specific-bootdisk.sh \
--model "${DEVICE_MODEL}" \
--serial "${SERIAL}" \
--board-serial "${BOARD_SERIAL}" \
--uuid "${UUID}" \
--mac-address "${MAC_ADDRESS}" \
--output-bootdisk OpenCore-nopicker.qcow2
```
# Allow USB passthrough # Allow USB passthrough
The simplest way to do this is the following: The simplest way to do this is the following:
@ -736,7 +954,7 @@ The directory that we are letting the Docker container use is a X server display
If we let the Docker container use the same display socket as our own environment, then any applications you run inside the Docker container will show up on your screen too! [https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html](https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html) If we let the Docker container use the same display socket as our own environment, then any applications you run inside the Docker container will show up on your screen too! [https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html](https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html)
## Todo: ## TODO:
``` ```
- Security Documentation - Security Documentation
- GPU Acceleration: Coming Soon - GPU Acceleration: Coming Soon

885
custom/config-nopicker-custom.plist Normal file
View File

@ -0,0 +1,885 @@
<!-- This file is modified from https://github.com/kholia/OSX-KVM/tree/master/OpenCore-Catalina -->
<!-- All credit for this file https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ACPI</key>
<dict>
<key>Add</key>
<array>
<dict>
<key>Comment</key>
<string>add DTGP method</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-DTGP.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>Fake EC and USBX Power</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-EC.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>USB 2.0 Injection</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-EHCI.aml</string>
</dict>
<dict>
<key>Comment</key>
<string>CPU AGPM Plugin=1</string>
<key>Enabled</key>
<true/>
<key>Path</key>
<string>SSDT-PLUG.aml</string>
</dict>
</array>
<key>Delete</key>
<array>
<dict>
<key>All</key>
<false/>
<key>Comment</key>
<string>Delete CpuPm</string>
<key>Enabled</key>
<false/>
<key>OemTableId</key>
<data>Q3B1UG0AAAA=</data>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data>U1NEVA==</data>
</dict>
<dict>
<key>All</key>
<false/>
<key>Comment</key>
<string>Delete Cpu0Ist</string>
<key>Enabled</key>
<false/>
<key>OemTableId</key>
<data>Q3B1MElzdAA=</data>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data>U1NEVA==</data>
</dict>
</array>
<key>Patch</key>
<array>
<dict>
<key>Comment</key>
<string>_Q11 to XQ11</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<false/>
<key>Find</key>
<data>X1ExMQ==</data>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data></data>
<key>OemTableId</key>
<data></data>
<key>Replace</key>
<data>WFExMQ==</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data></data>
</dict>
<dict>
<key>Comment</key>
<string>_Q12 to XQ12</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<false/>
<key>Find</key>
<data>X1ExMg==</data>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data></data>
<key>OemTableId</key>
<data></data>
<key>Replace</key>
<data>WFExMg==</data>
<key>ReplaceMask</key>
<data></data>
<key>Skip</key>
<integer>0</integer>
<key>TableLength</key>
<integer>0</integer>
<key>TableSignature</key>
<data></data>
</dict>
</array>
<key>Quirks</key>
<dict>
<key>FadtEnableReset</key>
<false/>
<key>NormalizeHeaders</key>
<false/>
<key>RebaseRegions</key>
<false/>
<key>ResetHwSig</key>
<false/>
<key>ResetLogoStatus</key>
<false/>
</dict>
</dict>
<key>Booter</key>
<dict>
<key>MmioWhitelist</key>
<array/>
<key>Quirks</key>
<dict>
<key>AvoidRuntimeDefrag</key>
<true/>
<key>DevirtualiseMmio</key>
<false/>
<key>DisableSingleUser</key>
<false/>
<key>DisableVariableWrite</key>
<false/>
<key>DiscardHibernateMap</key>
<false/>
<key>EnableSafeModeSlide</key>
<true/>
<key>EnableWriteUnprotector</key>
<true/>
<key>ForceExitBootServices</key>
<false/>
<key>ProtectMemoryRegions</key>
<false/>
<key>ProtectSecureBoot</key>
<false/>
<key>ProtectUefiServices</key>
<false/>
<key>ProvideCustomSlide</key>
<true/>
<key>ProvideMaxSlide</key>
<integer>0</integer>
<key>RebuildAppleMemoryMap</key>
<false/>
<key>SetupVirtualMap</key>
<false/>
<key>SignalAppleOS</key>
<false/>
<key>SyncRuntimePermissions</key>
<false/>
</dict>
</dict>
<key>DeviceProperties</key>
<dict>
<key>Add</key>
<dict>
<key>PciRoot(0x1)/Pci(0x1F,0x0)</key>
<dict>
<key>compatible</key>
<string>pci8086,2916</string>
<key>device-id</key>
<data>
FikA
</data>
<key>name</key>
<string>pci8086,2916</string>
</dict>
</dict>
<key>Delete</key>
<dict>
<key>PciRoot(0x0)/Pci(0x1b,0x0)</key>
<array>
<string>MaximumBootBeepVolume</string>
</array>
</dict>
</dict>
<key>Kernel</key>
<dict>
<key>Add</key>
<array>
<dict>
<key>Arch</key>
<string>Any</string>
<key>BundlePath</key>
<string>VoodooHDA.kext</string>
<key>Comment</key>
<string></string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string>Contents/MacOS/VoodooHDA</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string></string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
<dict>
<key>Arch</key>
<string>x86_64</string>
<key>BundlePath</key>
<string>Lilu.kext</string>
<key>Comment</key>
<string>Patch engine</string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string>Contents/MacOS/Lilu</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string>12.0.0</string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
<dict>
<key>Arch</key>
<string>x86_64</string>
<key>BundlePath</key>
<string>VirtualSMC.kext</string>
<key>Comment</key>
<string>SMC emulator</string>
<key>Enabled</key>
<false/>
<key>ExecutablePath</key>
<string>Contents/MacOS/VirtualSMC</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string>12.0.0</string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
<dict>
<key>Arch</key>
<string>x86_64</string>
<key>BundlePath</key>
<string>WhateverGreen.kext</string>
<key>Comment</key>
<string>Video patches</string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string>Contents/MacOS/WhateverGreen</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string>12.0.0</string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
<dict>
<key>BundlePath</key>
<string>AGPMInjector.kext</string>
<key>Comment</key>
<string></string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string></string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string></string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
<dict>
<key>BundlePath</key>
<string>USBPorts.kext</string>
<key>Comment</key>
<string></string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string></string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string></string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
<dict>
<key>Arch</key>
<string>x86_64</string>
<key>BundlePath</key>
<string>MCEReporterDisabler.kext</string>
<key>Comment</key>
<string>AppleMCEReporter disabler</string>
<key>Enabled</key>
<true/>
<key>ExecutablePath</key>
<string></string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string>19.0.0</string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
</array>
<key>Block</key>
<array>
<dict>
<key>Arch</key>
<string>Any</string>
<key>Comment</key>
<string></string>
<key>Enabled</key>
<false/>
<key>Identifier</key>
<string>com.apple.driver.AppleTyMCEDriver</string>
<key>MaxKernel</key>
<string></string>
<key>MinKernel</key>
<string></string>
</dict>
</array>
<key>Emulate</key>
<dict>
<key>Cpuid1Data</key>
<data>
VAYFAAAAAAAAAAAAAAAAAA==
</data>
<key>Cpuid1Mask</key>
<data>
////AAAAAAAAAAAAAAAAAA==
</data>
</dict>
<key>Force</key>
<array>
<dict>
<key>Arch</key>
<string>Any</string>
<key>BundlePath</key>
<string>System/Library/Extensions/IONetworkingFamily.kext</string>
<key>Comment</key>
<string>Patch engine</string>
<key>Enabled</key>
<false/>
<key>Identifier</key>
<string>com.apple.iokit.IONetworkingFamily</string>
<key>ExecutablePath</key>
<string>Contents/MacOS/IONetworkingFamily</string>
<key>MaxKernel</key>
<string>13.99.99</string>
<key>MinKernel</key>
<string></string>
<key>PlistPath</key>
<string>Contents/Info.plist</string>
</dict>
</array>
<key>Patch</key>
<array>
<dict>
<key>Base</key>
<string>_cpu_topology_sort</string>
<key>Comment</key>
<string>algrey - cpu_topology_sort -disable _x86_validate_topology</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>
6AAA//8=
</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data>
/wAA//8=
</data>
<key>MaxKernel</key>
<string>20.99.99</string>
<key>MinKernel</key>
<string>17.0.0</string>
<key>Replace</key>
<data>
Dx9EAAA=
</data>
<key>ReplaceMask</key>
<data>
</data>
<key>Skip</key>
<integer>0</integer>
</dict>
<dict>
<key>Base</key>
<string></string>
<key>Comment</key>
<string>algrey - cpuid_set_cpufamily - force CPUFAMILY_INTEL_PENRYN</string>
<key>Count</key>
<integer>1</integer>
<key>Enabled</key>
<true/>
<key>Find</key>
<data>
MduAPQAAAAAGdQA=
</data>
<key>Identifier</key>
<string>kernel</string>
<key>Limit</key>
<integer>0</integer>
<key>Mask</key>
<data>
/////wAAAP///wA=
</data>
<key>MaxKernel</key>
<string>20.99.99</string>
<key>MinKernel</key>
<string>17.0.0</string>
<key>Replace</key>
<data>
u7xP6njpXQAAAJA=
</data>
<key>ReplaceMask</key>
<data>
</data>
<key>Skip</key>
<integer>0</integer>
</dict>
</array>
<key>Quirks</key>
<dict>
<key>AppleCpuPmCfgLock</key>
<false/>
<key>AppleXcpmCfgLock</key>
<false/>
<key>AppleXcpmExtraMsrs</key>
<false/>
<key>AppleXcpmForceBoost</key>
<false/>
<key>CustomSMBIOSGuid</key>
<false/>
<key>DisableIoMapper</key>
<false/>
<key>DisableLinkeditJettison</key>
<true/>
<key>DisableRtcChecksum</key>
<false/>
<key>DummyPowerManagement</key>
<true/>
<key>ExternalDiskIcons</key>
<false/>
<key>IncreasePciBarSize</key>
<false/>
<key>LapicKernelPanic</key>
<false/>
<key>PanicNoKextDump</key>
<false/>
<key>PowerTimeoutKernelPanic</key>
<false/>
<key>ThirdPartyDrives</key>
<false/>
<key>XhciPortLimit</key>
<false/>
</dict>
<key>Scheme</key>
<dict>
<key>FuzzyMatch</key>
<true/>
<key>KernelArch</key>
<string>x86_64</string>
<key>KernelCache</key>
<string>Auto</string>
</dict>
</dict>
<key>Misc</key>
<dict>
<key>BlessOverride</key>
<array/>
<key>Boot</key>
<dict>
<key>ConsoleAttributes</key>
<integer>0</integer>
<key>HibernateMode</key>
<string>Auto</string>
<key>HideAuxiliary</key>
<false/>
<key>PickerAttributes</key>
<integer>1</integer>
<key>PickerAudioAssist</key>
<false/>
<key>PickerMode</key>
<string>External</string>
<key>PollAppleHotKeys</key>
<true/>
<key>ShowPicker</key>
<false/>
<key>TakeoffDelay</key>
<integer>0</integer>
<key>Timeout</key>
<integer>0</integer>
</dict>
<key>Debug</key>
<dict>
<key>AppleDebug</key>
<false/>
<key>ApplePanic</key>
<false/>
<key>DisableWatchDog</key>
<false/>
<key>DisplayDelay</key>
<integer>0</integer>
<key>DisplayLevel</key>
<integer>2147483650</integer>
<key>SerialInit</key>
<false/>
<key>SysReport</key>
<false/>
<key>Target</key>
<integer>3</integer>
</dict>
<key>Entries</key>
<array/>
<key>Security</key>
<dict>
<key>AllowNvramReset</key>
<true/>
<key>AllowSetDefault</key>
<false/>
<key>ApECID</key>
<integer>0</integer>
<key>AuthRestart</key>
<false/>
<key>BootProtect</key>
<string>None</string>
<key>DmgLoading</key>
<string>Signed</string>
<key>EnablePassword</key>
<false/>
<key>ExposeSensitiveData</key>
<integer>6</integer>
<key>HaltLevel</key>
<integer>2147483648</integer>
<key>PasswordHash</key>
<data></data>
<key>PasswordSalt</key>
<data></data>
<key>ScanPolicy</key>
<integer>0</integer>
<key>SecureBootModel</key>
<string>Disabled</string>
<key>Vault</key>
<string>Optional</string>
</dict>
<key>Tools</key>
<array>
<dict>
<key>Arguments</key>
<string></string>
<key>Auxiliary</key>
<false/>
<key>Comment</key>
<string>Not signed for security reasons</string>
<key>Enabled</key>
<true/>
<key>Name</key>
<string>UEFI Shell</string>
<key>Path</key>
<string>OpenShell.efi</string>
</dict>
<dict>
<key>Arguments</key>
<string>Shutdown</string>
<key>Auxiliary</key>
<true/>
<key>Comment</key>
<string>Perform shutdown</string>
<key>Enabled</key>
<true/>
<key>Name</key>
<string>Shutdown</string>
<key>Path</key>
<string>ResetSystem.efi</string>
</dict>
</array>
</dict>
<key>NVRAM</key>
<dict>
<key>Add</key>
<dict>
<key>4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14</key>
<dict>
<key>DefaultBackgroundColor</key>
<data>AAAAAA==</data>
<key>UIScale</key>
<data>AQ==</data>
</dict>
<key>4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102</key>
<dict>
<key>rtc-blacklist</key>
<data></data>
</dict>
<key>7C436110-AB2A-4BBB-A880-FE41995C9F82</key>
<dict>
<key>SystemAudioVolume</key>
<data>Rg==</data>
<key>boot-args</key>
<string>-v keepsyms=1 tlbto_us=0 vti=9</string>
<key>run-efi-updater</key>
<string>No</string>
<key>csr-active-config</key>
<data>ZwAAAA==</data>
<key>prev-lang:kbd</key>
<data>ZW4tVVM6MA==</data>
</dict>
</dict>
<key>Delete</key>
<dict>
<key>4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14</key>
<array>
<string>UIScale</string>
<string>DefaultBackgroundColor</string>
</array>
<key>4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102</key>
<array>
<string>rtc-blacklist</string>
</array>
<key>7C436110-AB2A-4BBB-A880-FE41995C9F82</key>
<array>
<string>boot-args</string>
</array>
</dict>
<key>LegacyEnable</key>
<false/>
<key>LegacyOverwrite</key>
<false/>
<key>LegacySchema</key>
<dict>
<key>7C436110-AB2A-4BBB-A880-FE41995C9F82</key>
<array>
<string>EFILoginHiDPI</string>
<string>EFIBluetoothDelay</string>
<string>LocationServicesEnabled</string>
<string>SystemAudioVolume</string>
<string>SystemAudioVolumeDB</string>
<string>SystemAudioVolumeSaved</string>
<string>bluetoothActiveControllerInfo</string>
<string>bluetoothInternalControllerInfo</string>
<string>flagstate</string>
<string>fmm-computer-name</string>
<string>nvda_drv</string>
<string>prev-lang:kbd</string>
</array>
<key>8BE4DF61-93CA-11D2-AA0D-00E098032B8C</key>
<array>
<string>Boot0080</string>
<string>Boot0081</string>
<string>Boot0082</string>
<string>BootNext</string>
<string>BootOrder</string>
</array>
</dict>
<key>WriteFlash</key>
<true/>
</dict>
<key>PlatformInfo</key>
<dict>
<key>Automatic</key>
<true/>
<key>Generic</key>
<dict>
<key>AdviseWindows</key>
<false/>
<key>MLB</key>
<string>{{BOARD_SERIAL}}</string>
<key>ROM</key>
<data>
{{ROM}}
</data>
<key>SpoofVendor</key>
<true/>
<key>SystemProductName</key>
<string>{{DEVICE_MODEL}}</string>
<key>SystemSerialNumber</key>
<string>{{SERIAL}}</string>
<key>SystemUUID</key>
<string>{{UUID}}</string>
</dict>
<key>UpdateDataHub</key>
<true/>
<key>UpdateNVRAM</key>
<true/>
<key>UpdateSMBIOS</key>
<true/>
<key>UpdateSMBIOSMode</key>
<string>Create</string>
</dict>
<key>UEFI</key>
<dict>
<key>APFS</key>
<dict>
<key>EnableJumpstart</key>
<true/>
<key>GlobalConnect</key>
<false/>
<key>HideVerbose</key>
<false/>
<key>JumpstartHotPlug</key>
<true/>
<key>MinDate</key>
<integer>0</integer>
<key>MinVersion</key>
<integer>0</integer>
</dict>
<key>Audio</key>
<dict>
<key>AudioCodec</key>
<integer>0</integer>
<key>AudioDevice</key>
<string>PciRoot(0x1)/Pci(0x1,0x0)/Pci(0x0,0x1)</string>
<key>AudioOut</key>
<integer>0</integer>
<key>AudioSupport</key>
<false/>
<key>MinimumVolume</key>
<integer>20</integer>
<key>PlayChime</key>
<false/>
<key>VolumeAmplifier</key>
<integer>0</integer>
</dict>
<key>ConnectDrivers</key>
<true/>
<key>Drivers</key>
<array>
<string>VBoxHfs.efi</string>
<string>OpenRuntime.efi</string>
<string>OpenCanopy.efi</string>
<string>#AudioDxe.efi</string>
<string>#OpenUsbKbDxe.efi</string>
<string>#UsbMouseDxe.efi</string>
<string>#Ps2KeyboardDxe.efi</string>
<string>#Ps2MouseDxe.efi</string>
<string>#HiiDatabase.efi</string>
<string>#NvmExpressDxe.efi</string>
<string>#XhciDxe.efi</string>
<string>#ExFatDxe.efi</string>
<string>#PartitionDxe.efi</string>
<string>#CrScreenshotDxe.efi</string>
</array>
<key>Input</key>
<dict>
<key>KeyFiltering</key>
<false/>
<key>KeyForgetThreshold</key>
<integer>5</integer>
<key>KeyMergeThreshold</key>
<integer>2</integer>
<key>KeySupport</key>
<true/>
<key>KeySupportMode</key>
<string>Auto</string>
<key>KeySwap</key>
<false/>
<key>PointerSupport</key>
<false/>
<key>PointerSupportMode</key>
<string>ASUS</string>
<key>TimerResolution</key>
<integer>50000</integer>
</dict>
<key>Output</key>
<dict>
<key>ClearScreenOnModeSwitch</key>
<false/>
<key>ConsoleMode</key>
<string></string>
<key>DirectGopRendering</key>
<false/>
<key>IgnoreTextInGraphics</key>
<false/>
<key>ProvideConsoleGop</key>
<true/>
<key>ReconnectOnResChange</key>
<false/>
<key>ReplaceTabWithSpace</key>
<false/>
<key>Resolution</key>
<string>1920x1080@32</string>
<key>SanitiseClearScreen</key>
<false/>
<key>TextRenderer</key>
<string>BuiltinGraphics</string>
<key>UgaPassThrough</key>
<false/>
</dict>
<key>ProtocolOverrides</key>
<dict>
<key>AppleAudio</key>
<false/>
<key>AppleBootPolicy</key>
<false/>
<key>AppleDebugLog</key>
<false/>
<key>AppleEvent</key>
<false/>
<key>AppleFramebufferInfo</key>
<false/>
<key>AppleImageConversion</key>
<false/>
<key>AppleImg4Verification</key>
<false/>
<key>AppleKeyMap</key>
<false/>
<key>AppleRtcRam</key>
<false/>
<key>AppleSecureBoot</key>
<false/>
<key>AppleSmcIo</key>
<false/>
<key>AppleUserInterfaceTheme</key>
<false/>
<key>DataHub</key>
<false/>
<key>DeviceProperties</key>
<false/>
<key>FirmwareVolume</key>
<false/>
<key>HashServices</key>
<false/>
<key>OSInfo</key>
<false/>
<key>UnicodeCollation</key>
<false/>
</dict>
<key>Quirks</key>
<dict>
<key>ExitBootServicesDelay</key>
<integer>0</integer>
<key>IgnoreInvalidFlexRatio</key>
<false/>
<key>ReleaseUsbOwnership</key>
<false/>
<key>RequestBootVarRouting</key>
<true/>
<key>TscSyncTimeout</key>
<integer>0</integer>
<key>UnblockFsConnect</key>
<true/>
<key>ConnectDrivers</key>
<true/>
</dict>
</dict>
</dict>
</plist>

184
custom/generate-specific-bootdisk.sh Executable file
View File

@ -0,0 +1,184 @@
#!/bin/bash
# ____ __ ____ ______ __
# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ /
# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| /
# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / |
# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| GEN BOOT DISK
#
# Repo: https://github.com/sickcodes/Docker-OSX/
# Title: Mac on Docker (Docker-OSX)
# Author: Sick.Codes https://sick.codes/
# Version: 3.1
# License: GPLv3+
help_text="Usage: generate-specific-bootdisk.sh
General options:
--model <string> Device model, e.g. 'iMacPro1,1'
--serial <filename> Device Serial number.
--board-serial <filename> Board Serial number.
--uuid <filename> SmUUID.
--mac-address <string> Used to set the ROM value; lowercased and without a colon.
--output-bootdisk <filename> Optionally change the bootdisk output filename.
--custom-plist <filename> Optionally change the input plist.
--help, -h, help Display this help and exit
Example:
./generate-specific-bootdisk.sh \
--model iMacPro1,1 \
--serial C02TW0WAHX87 \
--board-serial C027251024NJG36UE \
--uuid 5CCB366D-9118-4C61-A00A-E5BAF3BED451 \
--mac-address A8:5C:2C:9A:46:2F \
--output-bootdisk OpenCore-nopicker.qcow2
Author: Sick.Codes https://sick.codes/
Project: https://github.com/sickcodes/Docker-OSX/
"
PLIST_MASTER=config-nopicker-custom.plist
# gather arguments
while (( "$#" )); do
case "${1}" in
--help | -h | h | help )
echo "${help_text}" && exit 0
;;
--model=* | -m=* )
export DEVICE_MODEL="${1#*=}"
shift
;;
--model* | -m* )
export DEVICE_MODEL="${2}"
shift
shift
;;
--serial=* )
export SERIAL="${1#*=}"
shift
;;
--serial* )
export SERIAL="${2}"
shift
shift
;;
--board-serial=* )
export BOARD_SERIAL="${1#*=}"
shift
;;
--board-serial* )
export BOARD_SERIAL="${2}"
shift
shift
;;
--uuid=* )
export UUID="${1#*=}"
shift
;;
--uuid* )
export UUID="${2}"
shift
shift
;;
--mac-address=* )
export MAC_ADDRESS="${1#*=}"
shift
;;
--mac-address* )
export MAC_ADDRESS="${2}"
shift
shift
;;
--output-bootdisk=* )
export OUTPUT_QCOW="${1#*=}"
shift
;;
--output-bootdisk* )
export OUTPUT_QCOW="${2}"
shift
shift
;;
--custom-plist=* )
export INPUT_PLIST="${1#*=}"
shift
;;
--custom-plist* )
export INPUT_PLIST="${2}"
shift
shift
;;
*)
echo "Invalid option. Running with default values..."
shift
;;
esac
done
download_qcow_efi_folder () {
git clone --depth 1 https://github.com/kholia/OSX-KVM.git
cp -ra ./OSX-KVM/OpenCore-Catalina/EFI .
mkdir -p ./EFI/OC/Resources
# clone some Apple drivers
git clone --depth 1 https://github.com/acidanthera/OcBinaryData.git
# copy said drivers into EFI/OC/Resources
cp -a ./OcBinaryData/Resources/* ./EFI/OC/Resources
# EFI Shell commands
touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh
}
generate_bootdisk () {
[[ -e ./config-nopicker-custom.plist ]] || wget https://raw.githubusercontent.com/sickcodes/Docker-OSX/custom-identity/custom/config-nopicker-custom.plist
[[ -e ./opencore-image-ng.sh ]] || wget https://raw.githubusercontent.com/sickcodes/Docker-OSX/custom-identity/custom/opencore-image-ng.sh && chmod +x opencore-image-ng.sh
# plist required for bootdisks, so create anyway.
if [[ "${DEVICE_MODEL}" ]] \
&& [[ "${SERIAL}" ]] \
&& [[ "${BOARD_SERIAL}" ]] \
&& [[ "${UUID}" ]] \
&& [[ "${MAC_ADDRESS}" ]]; then
ROM="${MAC_ADDRESS//\:/}"
ROM="${ROM,,}"
sed -e s/{{DEVICE_MODEL}}/"${DEVICE_MODEL}"/g \
-e s/{{SERIAL}}/"${SERIAL}"/g \
-e s/{{BOARD_SERIAL}}/"${BOARD_SERIAL}"/g \
-e s/{{UUID}}/"${UUID}"/g \
-e s/{{ROM}}/"${ROM}"/g \
"${PLIST_MASTER}" > ./tmp.config.plist || exit 1
else
cat <<EOF
Error: one of the following values is missing:
--model "${DEVICE_MODEL:-MISSING}"
--serial "${SERIAL:-MISSING}"
--board-serial "${BOARD_SERIAL:-MISSING}"
--uuid "${UUID:-MISSING}"
--mac-address "${MAC_ADDRESS:-MISSING}"
EOF
exit 1
fi
./opencore-image-ng.sh \
--cfg "${INPUT_PLIST:-./tmp.config.plist}" \
--img "${OUTPUT_QCOW:-./${SERIAL}.OpenCore-nopicker.qcow2}" || exit 1
rm ./tmp.config.plist
}
main () {
download_qcow_efi_folder
generate_bootdisk
}
main

287
custom/generate-unique-machine-values.sh Executable file
View File

@ -0,0 +1,287 @@
#!/bin/bash
# ____ __ ____ ______ __
# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ /
# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| /
# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / |
# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| SERIALIZER
#
# Repo: https://github.com/sickcodes/Docker-OSX/
# Title: Mac on Docker (Docker-OSX)
# Author: Sick.Codes https://sick.codes/
# Version: 3.1
# License: GPLv3+
help_text="Usage: generate-unique-machine-values.sh
General options:
--count, -n, -c <count> Number of serials to generate
--model, -m <model> Device model, e.g. 'iMacPro1,1'
--csv <filename> Optionally change the CSV output filename.
--tsv <filename> Optionally change the TSV output filename.
--output-bootdisk <filename> Optionally change the bootdisk qcow output filename. Useless when count > 1.
--output-env <filename> Optionally change the bootdisk env filename. Useless when count > 1.
--output-dir <directory> Optionally change the script output location.
--help, -h, help Display this help and exit
--plists Create corresponding config.plists for each serial set.
--bootdisks [SLOW] Create corresponding boot disk images for each serial set.
Example:
./generate-unique-machine-values.sh --count 1 --model='iMacPro1,1' --plists --bootdisks
The above example will generate a
- serial
- board serial
- uuid
- MAC address
- ROM value based on lowercase MAC address
- Boot disk qcow image.
- config.plist
Notes:
- Default is 1 serial for 'iMacPro1,1' in the current working directory.
- Default output is CSV, whereas setting the TSV option will output as tab-separated.
- CSV is double quoted.
- If you do not set a CSV filename, the output will be sent to the output-dir.
- If you do not set an output-dir, the current directory will be the output directory.
- Sourcable environment variable shell files will be written to a folder, 'envs'.
- config.plist files will be written to a folder, 'plists'.
Author: Sick.Codes https://sick.codes/
Project: https://github.com/sickcodes/Docker-OSX/
"
MACINFOPKG_VERSION=2.1.2
PLIST_MASTER=config-nopicker-custom.plist
# gather arguments
while (( "$#" )); do
case "${1}" in
--help | -h | h | help )
echo "${help_text}" && exit 0
;;
--count=* | -c=* | -n=* )
export SERIAL_SET_COUNT="${1#*=}"
shift
;;
--count* | -c* | -n* )
export SERIAL_SET_COUNT="${2}"
shift
shift
;;
--csv=* )
export CSV_OUTPUT_FILENAME="${1#*=}"
shift
;;
--csv* )
export CSV_OUTPUT_FILENAME="${2}"
shift
shift
;;
--tsv=* )
export TSV_OUTPUT_FILENAME="${1#*=}"
shift
;;
--tsv* )
export TSV_OUTPUT_FILENAME="${2}"
shift
shift
;;
--output-dir=* )
export OUTPUT_DIRECTORY="${1#*=}"
shift
;;
--output-dir* )
export OUTPUT_DIRECTORY="${2}"
shift
shift
;;
--output-bootdisk=* )
export OUTPUT_QCOW="${1#*=}"
shift
;;
--output-bootdisk* )
export OUTPUT_QCOW="${2}"
shift
shift
;;
--output-env=* )
export OUTPUT_ENV="${1#*=}"
shift
;;
--output-env* )
export OUTPUT_ENV="${2}"
shift
shift
;;
--model=* | -m=* )
export DEVICE_MODEL="${1#*=}"
shift
;;
--model* | -m* )
export DEVICE_MODEL="${2}"
shift
shift
;;
--plists )
export CREATE_PLISTS=1
shift
;;
--bootdisks )
export CREATE_QCOWS=1
shift
;;
*)
echo "Invalid option. Running with default values..."
shift
;;
esac
done
build_mac_serial () {
export MACINFOPKG_VERSION="${MACINFOPKG_VERSION:=2.1.2}"
wget -O "${TARBALL:=./MacInfoPkg.tar.gz}" \
"https://github.com/acidanthera/MacInfoPkg/archive/${MACINFOPKG_VERSION}.tar.gz"
tar -xzvf "${TARBALL}"
cd "./MacInfoPkg-${MACINFOPKG_VERSION}/macserial" \
&& ./build.tool \
&& cd -
mv "./MacInfoPkg-${MACINFOPKG_VERSION}/macserial/bin/macserial" .
rm -f "${TARBALL}"
rm -rf "./MacInfoPkg-${MACINFOPKG_VERSION}/"
chmod +x ./macserial
stat ./macserial
}
download_vendor_mac_addresses () {
# download the MAC Address vendor list
[[ -e "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" ]] || wget -O "${MAC_ADDRESSES_FILE}" https://gitlab.com/wireshark/wireshark/-/raw/master/manuf
}
download_qcow_efi_folder () {
git clone --depth 1 https://github.com/kholia/OSX-KVM.git
cp -ra ./OSX-KVM/OpenCore-Catalina/EFI .
mkdir -p ./EFI/OC/Resources
# clone some Apple drivers
git clone --depth 1 https://github.com/acidanthera/OcBinaryData.git
# copy said drivers into EFI/OC/Resources
cp -a ./OcBinaryData/Resources/* ./EFI/OC/Resources
# EFI Shell commands
touch startup.nsh && echo 'fs0:\EFI\BOOT\BOOTx64.efi' > startup.nsh
}
generate_serial_sets () {
[[ -e ./config-nopicker-custom.plist ]] || wget https://raw.githubusercontent.com/sickcodes/Docker-OSX/custom-identity/custom/config-nopicker-custom.plist
[[ -e ./opencore-image-ng.sh ]] || wget https://raw.githubusercontent.com/sickcodes/Docker-OSX/custom-identity/custom/opencore-image-ng.sh && chmod +x opencore-image-ng.sh
mkdir -p "${OUTPUT_DIRECTORY}/envs"
export DATE_NOW="$(date +%F-%T)"
export DEVICE_MODEL="${DEVICE_MODEL:=iMacPro1,1}"
export VENDOR_REGEX="${VENDOR_REGEX:=Apple, Inc.}"
if [[ "${CSV_OUTPUT_FILENAME}" ]] || [[ "${TSV_OUTPUT_FILENAME}" ]]; then
[[ ${CSV_OUTPUT_FILENAME} ]] && export CSV_SERIAL_SETS_FILE="${CSV_OUTPUT_FILENAME}"
[[ ${TSV_OUTPUT_FILENAME} ]] && export TSV_SERIAL_SETS_FILE="${TSV_OUTPUT_FILENAME}"
else
export SERIAL_SETS_FILE="${OUTPUT_DIRECTORY}/serial_sets-${DATE_NOW}.csv"
fi
touch "${SERIAL_SETS_FILE}"
echo "Writing serial sets to ${SERIAL_SETS_FILE}"
./macserial \
--num "${SERIAL_SET_COUNT:=1}" \
--model "${DEVICE_MODEL}" \
| while IFS='\ \|\ ' read -r SERIAL BOARD_SERIAL; do
# make a uuid...
UUID="$(uuidgen)"
UUID="${UUID^^}"
# get a random vendor specific MAC address.
RANDOM_MAC_PREFIX="$(grep -e "${VENDOR_REGEX}" < "${MAC_ADDRESSES_FILE:=vendor_macs.tsv}" | sort --random-sort | head -n1)"
RANDOM_MAC_PREFIX="$(cut -d$'\t' -f1 <<< "${RANDOM_MAC_PREFIX}")"
MAC_ADDRESS="$(printf "${RANDOM_MAC_PREFIX}:%02X:%02X:%02X" $[RANDOM%256] $[RANDOM%256] $[RANDOM%256])"
# append to csv file
if [[ "${CSV_SERIAL_SETS_FILE}" ]]; then
echo "\"${DEVICE_MODEL}\",\"${SERIAL}\",\"${BOARD_SERIAL}\",\"${UUID}\",\"${MAC_ADDRESS}\"" >> "${CSV_SERIAL_SETS_FILE}"
fi
# append to tsv file
if [[ "${TSV_SERIAL_SETS_FILE}" ]]; then
printf "${DEVICE_MODEL}\t${SERIAL}\t${BOARD_SERIAL}\t${UUID}\t${MAC_ADDRESS}\n" >> "${TSV_SERIAL_SETS_FILE}"
fi
OUTPUT_ENV_FILE="${OUTPUT_ENV:-"${OUTPUT_DIRECTORY}/envs/${SERIAL}.env.sh"}"
touch "${OUTPUT_ENV_FILE}"
cat <<EOF > "${OUTPUT_ENV_FILE}"
export DEVICE_MODEL="${DEVICE_MODEL}"
export SERIAL="${SERIAL}"
export BOARD_SERIAL="${BOARD_SERIAL}"
export UUID="${UUID}"
export MAC_ADDRESS="${MAC_ADDRESS}"
EOF
# plist required for bootdisks, so create anyway.
if [[ "${CREATE_PLISTS}" ]] || [[ "${CREATE_QCOWS}" ]]; then
mkdir -p "${OUTPUT_DIRECTORY}/plists"
source "${OUTPUT_ENV_FILE}"
ROM_VALUE="${MAC_ADDRESS//\:/}"
ROM_VALUE="${ROM_VALUE,,}"
sed -e s/{{DEVICE_MODEL}}/"${DEVICE_MODEL}"/g \
-e s/{{SERIAL}}/"${SERIAL}"/g \
-e s/{{BOARD_SERIAL}}/"${BOARD_SERIAL}"/g \
-e s/{{UUID}}/"${UUID}"/g \
-e s/{{ROM}}/"${ROM}"/g \
"${PLIST_MASTER}" > "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" || exit 1
fi
if [[ "${CREATE_QCOWS}" ]]; then
mkdir -p "${OUTPUT_DIRECTORY}/qcows"
./opencore-image-ng.sh \
--cfg "${OUTPUT_DIRECTORY}/plists/${SERIAL}.config.plist" \
--img "${OUTPUT_QCOW:-${OUTPUT_DIRECTORY}/qcows/${SERIAL}.OpenCore-nopicker.qcow2}" || exit 1
fi
done
[[ -e "${CSV_SERIAL_SETS_FILE}" ]] && \
cat <(echo "DEVICE_MODEL,SERIAL,BOARD_SERIAL,UUID,MAC_ADDRESS") "${CSV_SERIAL_SETS_FILE}"
[[ -e "${TSV_SERIAL_SETS_FILE}" ]] && \
cat <(printf "DEVICE_MODEL\tSERIAL\tBOARD_SERIAL\tUUID\tMAC_ADDRESS\n") "${TSV_SERIAL_SETS_FILE}"
}
main () {
# setting default variables if there are no options
export DEVICE_MODEL="${DEVICE_MODEL:=iMacPro1,1}"
export SERIAL_SET_COUNT="${SERIAL_SET_COUNT:=1}"
export OUTPUT_DIRECTORY="${OUTPUT_DIRECTORY:=.}"
cat <<EOF
DEVICE_MODEL: ${DEVICE_MODEL}
SERIAL_SET_COUNT: ${SERIAL_SET_COUNT}
OUTPUT_DIRECTORY: ${OUTPUT_DIRECTORY}
EOF
[[ -d "${OUTPUT_DIRECTORY}" ]] || mkdir -p "${OUTPUT_DIRECTORY}"
[[ -e ./macserial ]] || build_mac_serial
download_vendor_mac_addresses
download_qcow_efi_folder
generate_serial_sets
echo "${SERIAL_SETS_FILE}"
}
main

164
custom/opencore-image-ng.sh Executable file
View File

@ -0,0 +1,164 @@
#!/usr/bin/env bash
# https://github.com/kraxel/imagefish
######################################################################
# defaults
iso=""
img=""
cfg=""
######################################################################
# create work dir
function msg() {
local txt="$1"
local bold="\x1b[1m"
local normal="\x1b[0m"
echo -e "${bold}### ${txt}${normal}"
}
function do_cleanup() {
msg "cleaning up ..."
if test "$GUESTFISH_PID" != ""; then
guestfish --remote -- exit >/dev/null 2>&1 || true
fi
sudo rm -rf "$WORK"
}
WORK="${TMPDIR-/var/tmp}/${0##*/}-$$"
mkdir "$WORK" || exit 1
trap 'do_cleanup' EXIT
BASE="$(dirname $0)"
######################################################################
# parse args
function print_help() {
cat <<EOF
usage: $0 [ options ]
options:
--iso <iso-image>
--img <disk-image>
--cfg <clover-config>
EOF
}
while test "$1" != ""; do
case "$1" in
--iso)
iso="$2"
shift; shift
;;
--img)
img="$2"
shift; shift
;;
--cfg)
cfg="$2"
shift; shift
;;
esac
done
######################################################################
# guestfish script helpers
function fish() {
echo "#" "$@"
guestfish --remote -- "$@" || exit 1
}
function fish_init() {
local format
case "$img" in
*.raw) format="raw" ;;
*) format="qcow2";;
esac
msg "creating and adding disk image"
fish disk-create $img $format 384M
fish add $img
fish run
}
function fish_fini() {
fish umount-all
}
# disabled by sick.codes to allow unattended image overwrites
######################################################################
# sanity checks
# if test ! -f "$cfg"; then
# echo "ERROR: cfg not found: $cfg"
# exit 1
# fi
# if test -f "$img"; then
# if test "$allow_override" = "yes"; then
# rm -f "$img"
# else
# echo "ERROR: image exists: $img"
# exit 1
# fi
# fi
######################################################################
# go!
msg "copy files from local folder"
BASE="$(dirname $0)"
cp -a $BASE/EFI $WORK
find "$WORK"
#msg "[debug] list drivers in EFI/OC"
#(cd $WORK/EFI/OC; find driver* -print)
export LIBGUESTFS_BACKEND=direct
eval $(guestfish --listen)
if test "$GUESTFISH_PID" = ""; then
echo "ERROR: starting guestfish failed"
exit 1
fi
fish_init
msg "partition disk image"
fish part-init /dev/sda gpt
fish part-add /dev/sda p 2048 300000
fish part-add /dev/sda p 302048 -2048
fish part-set-gpt-type /dev/sda 1 C12A7328-F81F-11D2-BA4B-00A0C93EC93B
fish part-set-bootable /dev/sda 1 true
fish mkfs vfat /dev/sda1 label:EFI
fish mkfs vfat /dev/sda2 label:OpenCoreBoo
fish mount /dev/sda2 /
fish mkdir /ESP
fish mount /dev/sda1 /ESP
msg "copy files to disk image"
cp -v "$cfg" $WORK/config.plist
fish mkdir /ESP/EFI
fish mkdir /ESP/EFI/OC
fish mkdir /ESP/EFI/OC/Kexts
fish mkdir /ESP/EFI/OC/ACPI
fish mkdir /ESP/EFI/OC/Resources
fish mkdir /ESP/EFI/OC/Tools
fish copy-in $WORK/EFI/BOOT /ESP/EFI
fish copy-in $WORK/EFI/OC/OpenCore.efi /ESP/EFI/OC
fish copy-in $WORK/EFI/OC/Drivers /ESP/EFI/OC/
fish copy-in $WORK/EFI/OC/Kexts /ESP/EFI/OC/
fish copy-in $WORK/EFI/OC/ACPI /ESP/EFI/OC/
fish copy-in $WORK/EFI/OC/Resources /ESP/EFI/OC/
fish copy-in $WORK/EFI/OC/Tools /ESP/EFI/OC/
# Note
fish copy-in startup.nsh /
BASE="$(dirname $0)"
fish copy-in "$WORK/config.plist" /ESP/EFI/OC/
fish find /ESP/
fish_fini

4
helm/README.md
View File

@ -1,5 +1,9 @@
# docker-osx # docker-osx
Docker-OSX Helm Chart for Kubernetes.
Project page: https://github.com/sickcodes/docker-osx
Available now on Artifact HUB Available now on Artifact HUB
[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/docker-osx)](https://artifacthub.io/packages/search?repo=docker-osx)