2021-01-24 06:47:19 -06:00
#!/usr/bin/docker
# ____ __ ____ ______ __
# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ /
# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| /
# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / |
2021-03-04 07:22:13 -06:00
# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :AUTO
2021-01-24 06:47:19 -06:00
#
2021-03-04 07:22:13 -06:00
# Title: Docker-OSX (Mac on Docker)
# Author: Sick.Codes https://twitter.com/sickcodes
2021-08-25 18:05:17 -05:00
# Version: 6.0
2021-01-24 06:47:19 -06:00
# License: GPLv3+
# Repository: https://github.com/sickcodes/Docker-OSX
2021-03-04 07:22:13 -06:00
# Website: https://sick.codes
2021-01-24 06:47:19 -06:00
#
# This Dockerfile is a pre-installed naked installation of Docker-OSX!
#
# Default username: user
# Default password: alpine
#
# Take screenshots in the Arch container and display in terminal: scrotcat
# readme:
# timezone: UTC/GMT
#
# Future versions will navigate the installation process, inside the Dockerfile.
#
#
# Build:
#
# docker build -t docker-osx:auto -f Dockerfile.auto .
#
# Run:
#
# docker run -it --device /dev/kvm -p 50922:10022 -v ${PWD}/mac_hdd_ng_auto.img:/image docker-osx-auto:latest
#
# SSH:
# From inside the container:
# ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022
#
# From outside the container:
# ssh localhost user@127.0.0.1 -p 50922
# docker exec -it containerid ssh -i ~/.ssh/id_docker_osx user@127.0.0.1 -p 10022
FROM sickcodes/docker-osx:latest
MAINTAINER 'https://twitter.com/sickcodes' <https://sick.codes>
USER root
WORKDIR /root
2021-02-02 20:04:22 -06:00
# For taking screenshots of the Xfvb screen, useful during development.
ARG SCROT
2021-01-24 06:47:19 -06:00
# OPTIONAL: Arch Linux server mirrors for super fast builds
# set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true
ARG RANKMIRRORS
ARG MIRROR_COUNTRY = US
ARG MIRROR_COUNT = 10
2021-07-27 15:36:50 -05:00
2021-02-02 20:04:22 -06:00
RUN if [ [ " ${ RANKMIRRORS } " ] ] ; then \
{ pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \
; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors" \
; wget -O- " https://www.archlinux.org/mirrorlist/?country= ${ MIRROR_COUNTRY :- US } &protocol=https&use_mirror_status=on " \
| sed -e 's/^#Server/Server/' -e '/^#/d' \
| head -n " $(( ${ MIRROR_COUNT :- 10 } + 1 )) " \
| bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \
&& tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' \
&& cat /etc/pacman.d/mirrorlist \
; fi \
; yes | pacman -Scc
RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \
&& if [ [ " ${ SCROT } " ] ] ; then \
pacman -Syu scrot base-devel --noconfirm \
2021-03-09 10:55:18 -06:00
&& git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \
2021-02-02 20:04:22 -06:00
&& cd imcat \
&& make \
&& sudo cp imcat /usr/bin/imcat \
&& touch /usr/bin/scrotcat \
&& tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \
&& chmod +x /usr/bin/scrotcat \
; else \
touch /usr/bin/scrotcat \
&& echo echo >> /usr/bin/scrotcat \
&& chmod +x /usr/bin/scrotcat \
; fi \
; yes | pacman -Scc
2021-01-24 06:47:19 -06:00
2021-07-28 13:34:48 -05:00
USER arch
ENV USER arch
2021-07-28 13:06:03 -05:00
2021-10-29 12:25:51 -05:00
#### libguestfs versioning
2021-07-27 15:36:50 -05:00
2021-10-29 12:25:51 -05:00
# 5.13+ problem resolved by building the qcow2 against 5.12 using libguestfs-1.44.1-6
ENV SUPERMIN_KERNEL = /boot/vmlinuz-linux
ENV SUPERMIN_MODULES = /lib/modules/5.12.14-arch1-1
2021-07-28 13:06:03 -05:00
ENV SUPERMIN_KERNEL_VERSION = 5 .12.14-arch1-1
2021-10-29 12:25:51 -05:00
ENV KERNEL_PACKAGE_URL = https://archive.archlinux.org/packages/l/linux/linux-5.12.14.arch1-1-x86_64.pkg.tar.zst
2021-10-30 16:25:57 -05:00
ENV KERNEL_HEADERS_PACKAGE_URL = https://archive.archlinux.org/packages/l/linux/linux-headers-5.12.14.arch1-1-x86_64.pkg.tar.zst
2021-10-29 12:25:51 -05:00
ENV LIBGUESTFS_PACKAGE_URL = https://archive.archlinux.org/packages/l/libguestfs/libguestfs-1.44.1-6-x86_64.pkg.tar.zst
2021-11-29 01:19:48 -06:00
# fix ad hoc errors from using the arch museum to get libguestfs
RUN sudo sed -i -e 's/^\#RemoteFileSigLevel/RemoteFileSigLevel/g' /etc/pacman.conf
2021-11-29 00:21:14 -06:00
2021-10-30 19:09:09 -05:00
RUN sudo pacman -Syy \
&& sudo pacman -Rns linux --noconfirm \
; sudo pacman -S mkinitcpio --noconfirm \
2021-11-29 00:21:14 -06:00
&& sudo pacman -U " ${ KERNEL_PACKAGE_URL } " --noconfirm || exit 1 \
&& sudo pacman -U " ${ LIBGUESTFS_PACKAGE_URL } " --noconfirm || exit 1 \
2021-10-30 19:09:09 -05:00
&& rm -rf /var/tmp/.guestfs-* \
2021-11-29 00:21:14 -06:00
&& yes | sudo pacman -Scc \
&& libguestfs-test-tool || exit 1 \
&& rm -rf /var/tmp/.guestfs-*
2021-10-29 12:25:51 -05:00
####
2021-07-27 15:36:50 -05:00
2021-11-29 00:21:14 -06:00
2021-02-07 18:58:07 -06:00
WORKDIR /home/arch/OSX-KVM
2021-01-24 06:47:19 -06:00
RUN mkdir -p ~/.ssh \
&& touch ~/.ssh/authorized_keys \
&& touch ~/.ssh/config \
&& chmod 700 ~/.ssh \
&& chmod 600 ~/.ssh/config \
&& chmod 600 ~/.ssh/authorized_keys \
&& tee -a ~/.ssh/config <<< 'Host *' \
&& tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
&& tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null'
2021-01-24 10:27:17 -06:00
ARG COMPLETE = true
2021-01-24 06:47:19 -06:00
# use the COMPLETE arg, for a complete image, ready to boot.
# otherwise use your own image: -v "$PWD/disk.img":/image
2021-02-25 21:46:58 -06:00
ARG WGET_OPTIONS =
# ARG WGET_OPTIONS='--no-verbose'
2021-03-24 08:40:16 -05:00
# Feel free to take a copy of this image and then host it internally
ARG IMAGE_URL = 'https://images.sick.codes/mac_hdd_ng_auto.img'
# ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img'
2021-01-24 06:47:19 -06:00
RUN if [ [ " ${ COMPLETE } " ] ] ; then \
2021-03-24 08:40:16 -05:00
echo "Downloading 20GB image... This step might take a while... Press Ctrl+C if you want to abort." \
2021-02-02 20:04:22 -06:00
; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \
2021-02-25 21:46:58 -06:00
&& wget ${ WGET_OPTIONS } -O /home/arch/OSX-KVM/mac_hdd_ng.img " ${ IMAGE_URL } " \
2021-01-24 06:47:19 -06:00
; fi
2021-10-28 18:17:44 -05:00
####
# symlink the old directory, for redundancy
2021-10-30 16:55:07 -05:00
RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true
2021-10-28 18:17:44 -05:00
####
2021-03-24 08:40:16 -05:00
#### SPECIAL RUNTIME ARGUMENTS BELOW
ENV ADDITIONAL_PORTS =
2021-05-06 00:29:26 -05:00
# add additional QEMU boot arguments
ENV BOOT_ARGS =
2021-03-06 13:25:26 -06:00
ENV BOOTDISK =
2021-01-24 06:47:19 -06:00
2021-05-06 00:29:26 -05:00
# edit the CPU that is beign emulated
ENV CPU = Penryn
2021-01-24 06:47:19 -06:00
ENV DISPLAY = :99
2021-03-06 11:59:03 -06:00
ENV HEADLESS = false
2021-02-25 12:16:24 -06:00
ENV ENV = /env
2021-03-24 08:40:16 -05:00
# Boolean for generating a bootdisk with new random serials.
ENV GENERATE_UNIQUE = false
# Boolean for generating a bootdisk with specific serials.
ENV GENERATE_SPECIFIC = false
2021-01-24 06:47:19 -06:00
ENV IMAGE_PATH = /home/arch/OSX-KVM/mac_hdd_ng.img
2021-03-24 08:40:16 -05:00
ENV IMAGE_FORMAT = qcow2
ENV KVM = 'accel=kvm:tcg'
# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist"
# ENV NETWORKING=e1000-82545em
ENV NETWORKING = vmxnet3
2021-01-24 06:47:19 -06:00
2021-02-21 05:02:41 -06:00
ENV NOPICKER = true
2021-08-25 18:05:17 -05:00
# set the username and password for automatically logging in
ENV USERNAME = user
ENV PASSWORD = alpine
2021-03-24 08:40:16 -05:00
# dynamic RAM options for runtime
ENV RAM = 3
# ENV RAM=max
# ENV RAM=half
# The x and y coordinates for resolution.
# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true.
ENV WIDTH = 1920
ENV HEIGHT = 1080
2021-04-18 05:54:43 -05:00
# libguestfs verbose
ENV LIBGUESTFS_DEBUG = 1
ENV LIBGUESTFS_TRACE = 1
2021-01-24 06:47:19 -06:00
ENV TERMS_OF_USE = i_agree
ENV BOILERPLATE = "By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree"
CMD echo " ${ BOILERPLATE } " \
2021-02-26 00:42:57 -06:00
; [ [ " ${ TERMS_OF_USE } " = i_agree ] ] || exit 1 \
2021-02-25 23:26:35 -06:00
; echo "Disk is being copied between layers... Please wait a minute..." \
2021-04-18 05:54:43 -05:00
; sudo touch /dev/kvm /dev/snd " ${ IMAGE_PATH } " " ${ BOOTDISK } " " ${ ENV } " 2>/dev/null || true \
2021-05-04 02:54:27 -05:00
; sudo chown -R $( id -u) :$( id -g) /dev/kvm /dev/snd " ${ IMAGE_PATH } " " ${ BOOTDISK } " " ${ ENV } " 2>/dev/null || true \
2021-02-25 23:49:40 -06:00
; [ [ " ${ NOPICKER } " = = true ] ] && { \
sed -i '/^.*InstallMedia.*/d' Launch.sh \
2021-10-28 18:17:44 -05:00
&& export BOOTDISK = " ${ BOOTDISK : =/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2 } " \
2021-02-25 23:49:40 -06:00
; } \
2021-10-28 18:17:44 -05:00
|| export BOOTDISK = " ${ BOOTDISK : =/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 } " \
2021-02-25 23:26:35 -06:00
; [ [ " ${ GENERATE_UNIQUE } " = = true ] ] && { \
2021-03-09 10:55:18 -06:00
./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \
2021-03-04 03:52:45 -06:00
--master-plist-url= " ${ MASTER_PLIST_URL } " \
2021-03-04 03:12:50 -06:00
--count 1 \
--tsv ./serial.tsv \
--bootdisks \
--width " ${ WIDTH :- 1920 } " \
--height " ${ HEIGHT :- 1080 } " \
2021-10-28 18:17:44 -05:00
--output-bootdisk " ${ BOOTDISK : =/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 } " \
2021-03-04 06:05:41 -06:00
--output-env " ${ ENV : =/env } " \
2021-04-18 05:54:43 -05:00
|| exit 1 ; } \
2021-02-25 23:26:35 -06:00
; [ [ " ${ GENERATE_SPECIFIC } " = = true ] ] && { \
2021-03-04 05:57:52 -06:00
source " ${ ENV : =/env } " 2>/dev/null \
2021-03-09 10:55:18 -06:00
; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \
2021-03-04 03:52:45 -06:00
--master-plist-url= " ${ MASTER_PLIST_URL } " \
2021-02-25 08:03:06 -06:00
--model " ${ DEVICE_MODEL } " \
--serial " ${ SERIAL } " \
--board-serial " ${ BOARD_SERIAL } " \
--uuid " ${ UUID } " \
--mac-address " ${ MAC_ADDRESS } " \
2021-03-04 03:12:50 -06:00
--width " ${ WIDTH :- 1920 } " \
--height " ${ HEIGHT :- 1080 } " \
2021-10-28 18:17:44 -05:00
--output-bootdisk " ${ BOOTDISK : =/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 } " \
2021-04-18 05:54:43 -05:00
|| exit 1 ; } \
2021-03-06 11:59:03 -06:00
; { [ [ " ${ DISPLAY } " = ':99' ] ] || [ [ " ${ HEADLESS } " = = true ] ] ; } && { \
2021-02-02 20:04:22 -06:00
nohup Xvfb :99 -screen 0 1920x1080x16 \
2021-03-06 11:59:03 -06:00
& until [ [ " $( xrandr --query 2>/dev/null) " ] ] ; do sleep 1 ; done \
2021-02-02 20:04:22 -06:00
; } \
2021-01-24 06:47:19 -06:00
; stat " ${ IMAGE_PATH } " \
; echo "Large image is being copied between layers, please wait a minute..." \
; ./enable-ssh.sh \
2021-01-27 13:02:10 -06:00
; [ [ -e ~/.ssh/id_docker_osx ] ] || { \
/usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \
&& chmod 600 ~/.ssh/id_docker_osx \
; } \
2021-03-28 05:17:47 -05:00
; /bin/bash -c ./Launch.sh \
2021-01-24 06:47:19 -06:00
& echo "Booting Docker-OSX in the background. Please wait..." \
2021-08-27 11:13:04 -05:00
; until [ [ " $( sshpass -p${ PASSWORD : =alpine } ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${ USERNAME : =user } @127.0.0.1) " ] ] ; do \
2021-01-27 13:02:10 -06:00
echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \
2021-01-24 06:47:19 -06:00
; sleep 1 \
; done \
2021-01-27 13:02:10 -06:00
; grep id_docker_osx ~/.ssh/config || { \
tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \
2021-08-25 18:05:17 -05:00
; tee -a ~/.ssh/config <<< " User ${ USERNAME : =user } " \
2021-01-27 13:02:10 -06:00
; tee -a ~/.ssh/config <<< ' Port 10022' \
; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \
; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \
; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \
; } \
&& echo 'Default username: user' \
&& echo 'Default password: alpine' \
&& echo 'Change it immediately using the command: passwd' \
2021-08-25 18:05:17 -05:00
&& ssh -i ~/.ssh/id_docker_osx ${ USERNAME : =user } @127.0.0.1 -p 10022 " ${ OSX_COMMANDS } "
2021-01-24 06:47:19 -06:00
# username: user
# password: alpine
# screenshot: docker exec -it containerid scrotcat
# readme: https://github.com/sickcodes/Docker-OSX
# timezone: UTC/GMT
# Future case option when supplying IMAGE_PATH:
# Zstandard*) zstd -d /image && export IMAGE_PATH=/image;; \