`sickcodes/docker-osx:latest` - [I want to use Docker-OSX to develop/secure Apps in Xcode (sign into Xcode, Transporter)](https://github.com/sickcodes/Docker-OSX#basic-quick-start-docker-osx)
`sickcodes/docker-osx:naked` - [I want to use Docker-OSX in CI/CD (sign into Xcode, Transporter)](https://github.com/sickcodes/Docker-OSX#fully-headless-using-my-own-image-for-cicd)
Create your personal image using `:latest`. And then pull your image out. And then use duplicate that image again & again for use in `:naked`.
`sickcodes/docker-osx:auto` - [I want to boot into command line only. (compile software, homebrew headless).](https://github.com/sickcodes/Docker-OSX#pre-built-image-arbitrary-command-line-arguments)
`sickcodes/docker-osx:naked` - [I need iMessage/iCloud for security research.](https://github.com/sickcodes/Docker-OSX#serial-numbers)
#### I need a screen.
**KEEP** these two lines are in your command. Works in ANY of the machines:
```dockerfile
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
```
#### I need headless.
**REMOVE** these two lines from ANY of the machines:
```dockerfile
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
```
#### I have used it already, and want to copy this image.
Use `docker commit`, copy the ID, and then `docker start ID`
**OR**
[Pull out the .img file](https://github.com/sickcodes/Docker-OSX#backup-the-disk-wheres-my-disk), and then use that [.img file with :naked](https://github.com/sickcodes/Docker-OSX#quick-start-own-image-naked-container-image)
- By default, this image has a variable called `NOPICKER` which is `"true"`. This skips the disk selection menu. Use `-e NOPICKER=false` or any other string than the word `true` to enter the boot menu. This lets you use other disks instead of skipping the boot menu, e.g. recovery disk or disk utility.
- VNC version on `localhost:8888` [vnc version is inside a separate directory, there are security risks involved with using VNC, see insid the Dockerfile](https://github.com/sickcodes/Docker-OSX/blob/master/vnc-version/Dockerfile)
- Create an ARMY of the same exact container using `docker commit`
[Run iOS in a Docker with Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [https://github.com/sickcodes/Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS)
1. You can now pull the `.img` file out of the container, which is stored in `/var/lib/docker`, and supply it as a runtime argument to the `:naked` Docker image. See above.
2. This is for when you want to run the SAME container again later.
- (optional) Create a partition using the unused space to house the OS and your files if you want to limit the capacity. (For Xcode 12 partition at least 60gb.)
PulseAudio for sound (note neither [AppleALC](https://github.com/acidanthera/AppleALC) and varying [`alcid`](https://dortania.github.io/OpenCore-Post-Install/universal/audio.html) or [VoodooHDA-OC](https://github.com/chris1111/VoodooHDA-OC) have [codec support](https://osy.gitbook.io/hac-mini-guide/details/hda-fix#hda-codec) though [IORegistryExplorer](https://github.com/vulgo/IORegistryExplorer) does show the controller component working):
* OPTIONAL: Run `qemu-img convert -c -O qcow2 deduped.img compressed.img` to further compress the image. This may reduce the runtime speed though, but it should reduce the size by roughly 25%.
First make sure [autoboot is enabled](#autoboot-into-osx-after-youve-installed-everything)
Next, you will want to set up SSH to be automatically started.
```bash
sudo systemsetup -setremotelogin on
```
Make sure to commit the new docker image and save it, or rebuild as described in the [section on reducing disk space](#how-to-reduce-the-size-of-the-image).
Then run it with these arguments.
```bash
# Run with the -nographic flag, and enable a telnet interface
Optionally, you can enable the SPICE protocol, which allows you to use `remote-viewer` to access it rather than VNC.
Note: `-disable-ticketing` will allow unauthenticated access to the VM. See the [spice manual](https://www.spice-space.org/spice-user-manual.html) for help setting up authenticated access ("Ticketing").
# run an existing image in current directory, with a screen, with SSH, with nopicker, and save the bootdisk for later.
stat mac_hdd_ng.img # make sure you have an image if you're using :naked
touch ./mynewbootdisk.qcow
docker run -it \
--device /dev/kvm \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
-e BOOTDISK=/bootdisk \
-v "${PWD}/mynewbootdisk.qcow:/bootdisk" \
-v "${PWD}/mac_hdd_ng.img:/image" \
sickcodes/docker-osx:naked
```
If you want to generate serial numbers, either make them at runtime using
` -e GENERATE_UNIQUE=true \`
Or you can generate them inside the `./custom` folder. And then use:
```bash
-e GENERATE_SPECIFIC=true \
-e SERIAL="" \
-e BOARD_SERIAL="" \
-e UUID="" \
-e MAC_ADDRESS="" \
```
#### Persistence from generating serial numbers is obviously ideal:
```bash
stat mac_hdd_ng_testing.img
touch ./output.qcow
touch ./output.env
# generate fresh random serial numbers, with a screen, using my own image, and save the bootdisk AND env file with my new serial numbers for later.
docker run -it \
--device /dev/kvm \
-e "DISPLAY=${DISPLAY:-:0.0}" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-p 50922:10022 \
-e NOPICKER=true \
-e GENERATE_UNIQUE=true \
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e BOOTDISK=/bootdisk \
-v "${PWD}/output.qcow:/bootdisk" \
-v "${PWD}/output.env:/env" \
-v "${PWD}/mac_hdd_ng_testing.img:/image" \
sickcodes/docker-osx:naked
```
To use iMessage or iCloud you need to change `5` values.
`SERIAL`
`BOARD_SERIAL`
`UUID`
`MAC_ADDRESS`
_`ROM` is just the lowercased mac address, without `:` between each word._
You can tell the container to generate them for you using `-e GENERATE_UNIQUE=true`
Or tell the container to use specific ones using `-e GENERATE_UNIQUE=true`
```bash
-e GENERATE_SPECIFIC=true \
-e DEVICE_MODEL="iMacPro1,1" \
-e SERIAL="C02TW0WAHX87" \
-e BOARD_SERIAL="C027251024NJG36UE" \
-e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
-e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
```
### Where do you get the serial numbers?
```bash
apt install libguestfs -y
pacman -S libguestfs
yum install libguestfs -y
```
Inside the `./custom` folder you will find `4` scripts.
-`config-nopicker-custom.plist`
-`opencore-image-ng.sh`
These two files are from OSX-KVM.
You don't need to touch these two files.
The config.plist has 5 values replaced with placeholders. [Click here to see those values for no reason.](https://github.com/sickcodes/Docker-OSX/blob/master/custom/config-nopicker-custom.plist#L705)
-`generate-unique-machine-values.sh`
This script will generate serial numbers, with Mac Addresses, plus output to CSV/TSV, plus make a `bootdisk image`.
You can create hundreds, `./custom/generate-unique-machine-values.sh --help`
First of all, in order to do this, QEMU must be started as root. It is also potentially possible to do this by changing the permissions of the device in the container.
See [here](https://www.linuxquestions.org/questions/slackware-14/qemu-usb-permissions-744557/#post3628691).
For example, create a new Dockerfile with the following
```bash
FROM sickcodes/docker-osx
USER arch
RUN sed -i -e s/exec\ qemu/exec\ sudo\ qemu/ ./Launch.sh
`-v` is a Docker command-line option that lets you pass a volume to the container.
The directory that we are letting the Docker container use is a X server display socket.
`/tmp/.X11-unix`
If we let the Docker container use the same display socket as our own environment, then any applications you run inside the Docker container will show up on your screen too! [https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html](https://www.x.org/archive/X11R6.8.0/doc/RELNOTES5.html)
