From 423d6697c3f5600cb0fdd969611616af7a3873b2 Mon Sep 17 00:00:00 2001 From: sickcodes Date: Thu, 9 Sep 2021 23:00:20 +0000 Subject: [PATCH] Add `sickcodes/docker-osx:monterey`! --- CHANGELOG.md | 1 + Dockerfile.monterey | 223 +++++++++++++++++++++++++++++++++++++++++++ README.md | 48 +++++++++- osx-serial-generator | 2 +- tests/test.sh | 11 +++ 5 files changed, 279 insertions(+), 6 deletions(-) create mode 100644 Dockerfile.monterey diff --git a/CHANGELOG.md b/CHANGELOG.md index 7cd2140..fff304d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ |Version|Date|Notes| |---|---|---| +| |2021-09-09|Add Monterey| | |2021-08-27|Add iPhone passthrough OTA!| |6.0|2021-08-25|Added naked-auto. Keep kernel at 5.13, even tho it's just for supermin.| |5.0|2021-07-25|Retire glibc patch. Retire file command patch. Add bootmenu=on.| diff --git a/Dockerfile.monterey b/Dockerfile.monterey new file mode 100644 index 0000000..11c44b5 --- /dev/null +++ b/Dockerfile.monterey @@ -0,0 +1,223 @@ +#!/usr/bin/docker +# ____ __ ____ ______ __ +# / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / +# / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / +# / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | +# /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| [MONTEREY] +# +# Title: Docker-OSX (Mac on Docker) +# Author: Sick.Codes https://twitter.com/sickcodes +# Version: 6.0 +# License: GPLv3+ +# Repository: https://github.com/sickcodes/Docker-OSX +# Website: https://sick.codes +# +# Notes: Uses a self-hosted BaseSystem.img from a USB installer. +# If you want to DIY, use https://github.com/corpnewt/gibMacOS +# Set seed as developer, and install the Install Assistant on Big Sur +# Burn to a USB, and pull out BaseSystem.img +# Or download from https://images.sick.codes/BaseSystem_Monterey.dmg +# + +FROM sickcodes/docker-osx + +MAINTAINER 'https://twitter.com/sickcodes' + +SHELL ["/bin/bash", "-c"] + +# change disk size here or add during build, e.g. --build-arg VERSION=10.14.5 --build-arg SIZE=50G +ARG SIZE=200G +ARG BASE_SYSTEM='https://images.sick.codes/BaseSystem_Monterey.dmg' + +WORKDIR /home/arch/OSX-KVM + +RUN wget -O BaseSystem.dmg "${BASE_SYSTEM}" \ + && qemu-img convert BaseSystem.dmg -O qcow2 -p -c BaseSystem.img \ + && rm -f BaseSystem.dmg + +RUN qemu-img create -f qcow2 /home/arch/OSX-KVM/mac_hdd_ng.img "${SIZE}" + +WORKDIR /home/arch/OSX-KVM + +ARG LINUX=true + +# required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly +RUN if [[ "${LINUX}" == true ]]; then \ + sudo pacman -Syu linux libguestfs --noconfirm \ + ; fi + +# optional --build-arg to change branches for testing +ARG BRANCH=master +ARG REPO='https://github.com/sickcodes/Docker-OSX.git' +# RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH}" "${REPO}" +RUN rm -rf ./Docker-OSX \ + && git clone --recurse-submodules --depth 1 --branch "${BRANCH}" "${REPO}" + +RUN touch Launch.sh \ + && chmod +x ./Launch.sh \ + && tee -a Launch.sh <<< '#!/bin/bash' \ + && tee -a Launch.sh <<< 'set -eux' \ + && tee -a Launch.sh <<< 'sudo chown $(id -u):$(id -g) /dev/kvm 2>/dev/null || true' \ + && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ + && tee -a Launch.sh <<< '[[ "${RAM}" = max ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 1000000"))"' \ + && tee -a Launch.sh <<< '[[ "${RAM}" = half ]] && export RAM="$(("$(head -n1 /proc/meminfo | tr -dc "[:digit:]") / 2000000"))"' \ + && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ + && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-2}000 \' \ + && tee -a Launch.sh <<< '-cpu ${CPU:-Penryn},${CPUID_FLAGS:-vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,}${BOOT_ARGS} \' \ + && tee -a Launch.sh <<< '-machine q35,${KVM-"accel=kvm:tcg"} \' \ + && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \ + && tee -a Launch.sh <<< '-usb -device usb-kbd -device usb-tablet \' \ + && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \ + && tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \ + && tee -a Launch.sh <<< '-drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd \' \ + && tee -a Launch.sh <<< '-smbios type=2 \' \ + && tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \ + && tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \ + && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2} \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \ + && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \' \ + && tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \ + && tee -a Launch.sh <<< '-device ide-hd,bus=sata.4,drive=MacHDD \' \ + && tee -a Launch.sh <<< '-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \' \ + && tee -a Launch.sh <<< '-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \' \ + && tee -a Launch.sh <<< '-monitor stdio \' \ + && tee -a Launch.sh <<< '-boot menu=on \' \ + && tee -a Launch.sh <<< '-vga vmware \' \ + && tee -a Launch.sh <<< '${EXTRA:-}' + +# docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh +# This is now a legacy command. +# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk +RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \ + && chmod +x ./Launch-nopicker.sh \ + && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh + +USER arch + +ENV USER arch + +# 5.13 problem +ENV SUPERMIN_KERNEL=/boot/vmlinuz-linux + +ENV SUPERMIN_MODULES=/lib/modules/5.12.14-arch1-1 + +ENV SUPERMIN_KERNEL_VERSION=5.12.14-arch1-1 + +RUN sudo pacman -Rns linux --noconfirm \ + ; sudo pacman -Syy \ + ; sudo pacman -S mkinitcpio --noconfirm \ + ; sudo pacman -U https://archive.archlinux.org/packages/l/linux/linux-5.12.14.arch1-1-x86_64.pkg.tar.zst --noconfirm \ + ; sudo rm -rf /var/tmp/.guestfs-* \ + ; libguestfs-test-tool + +#### SPECIAL RUNTIME ARGUMENTS BELOW + +# env -e ADDITIONAL_PORTS with a comma +# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23, +ENV ADDITIONAL_PORTS= + +# add additional QEMU boot arguments +ENV BOOT_ARGS= + +ENV BOOTDISK= + +# edit the CPU that is being emulated +ENV CPU=Penryn +ENV CPUID_FLAGS='vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check,' + +ENV DISPLAY=:0.0 + +# Deprecated +ENV ENV=/env + +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + +ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + +# boolean for skipping the disk selection menu at in the boot process +ENV NOPICKER=false + +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + +# libguestfs verbose +ENV LIBGUESTFS_DEBUG=1 +ENV LIBGUESTFS_TRACE=1 + +VOLUME ["/tmp/.X11-unix"] + +# check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image +# NOPICKER is used to skip the disk selection screen +# GENERATE_UNIQUE is used to generate serial numbers on boot. +# /env is a file that you can generate and save using -v source.sh:/env +# the env file is a file that you can carry to the next container which will supply the serials numbers. +# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using: + # -e DEVICE_MODEL="iMacPro1,1" \ + # -e SERIAL="C02TW0WAHX87" \ + # -e BOARD_SERIAL="C027251024NJG36UE" \ + # -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \ + # -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \ + +# the output will be /bootdisk. +# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk. + +# if you don't set any of the above: +# the default serial numbers are already contained in ./OpenCore-Catalina/OpenCore.qcow2 +# And the default serial numbers + +CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ + ; [[ "${NOPICKER}" == true ]] && { \ + sed -i '/^.*InstallMedia.*/d' Launch.sh \ + && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2}" \ + ; } \ + || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ + ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --count 1 \ + --tsv ./serial.tsv \ + --bootdisks \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + --output-env "${ENV:=/env}" \ + || exit 1 ; } \ + ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ + source "${ENV:=/env}" 2>/dev/null \ + ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ + --master-plist-url="${MASTER_PLIST_URL}" \ + --model "${DEVICE_MODEL}" \ + --serial "${SERIAL}" \ + --board-serial "${BOARD_SERIAL}" \ + --uuid "${UUID}" \ + --mac-address "${MAC_ADDRESS}" \ + --width "${WIDTH:-1920}" \ + --height "${HEIGHT:-1080}" \ + --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \ + || exit 1 ; } \ + ; ./enable-ssh.sh && /bin/bash -c ./Launch.sh + +# virt-manager mode: eta son +# CMD virsh define <(envsubst < Docker-OSX.xml) && virt-manager || virt-manager +# CMD virsh define <(envsubst < macOS-libvirt-Catalina.xml) && virt-manager || virt-manager diff --git a/README.md b/README.md index d9c3c40..2f1adf9 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ![Running Mac OS X in a Docker container](/running-mac-inside-docker-qemu.png?raw=true "OSX KVM DOCKER") -Run Mac OS X in Docker with near-native performance! X11 Forwarding! iMessage security research! iPhone USB working! +Run Mac OS X in Docker with near-native performance! X11 Forwarding! iMessage security research! iPhone USB working! macOS in a Docker container! # Docker-OSX now has a Discord server & Telegram! @@ -52,6 +52,8 @@ docker run -it \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ sickcodes/docker-osx:latest + +# docker build -t docker-osx . ``` ### Big Sur [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/big-sur?label=sickcodes%2Fdocker-osx%3Abig-sur](https://img.shields.io/docker/image-size/sickcodes/docker-osx/big-sur?label=sickcodes%2Fdocker-osx%3Abig-sur)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) @@ -62,6 +64,24 @@ docker run -it \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ sickcodes/docker-osx:big-sur + +# docker build -t docker-osx -e VERSION='Big Sur' . +``` + +### Monterey [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/monterey?label=sickcodes%2Fdocker-osx%3Amonterey](https://img.shields.io/docker/image-size/sickcodes/docker-osx/monterey?label=sickcodes%2Fdocker-osx%3Amonterey)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) + +```bash + +docker run -it \ + --device /dev/kvm \ + -p 50922:10022 \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e "DISPLAY=${DISPLAY:-:0.0}" \ + -e GENERATE_UNIQUE=true \ + -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \ + sickcodes/docker-osx:monterey + +# docker build -t docker-osx -f Dockerfile.monterey . ``` #### Run Catalina Pre-Installed [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/auto?label=sickcodes%2Fdocker-osx%3Aauto](https://img.shields.io/docker/image-size/sickcodes/docker-osx/auto?label=sickcodes%2Fdocker-osx%3Aauto)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) @@ -225,7 +245,15 @@ SEE commands in [https://github.com/sickcodes/osx-optimizer](https://github.com/ ## Important notices: -**2021-07-27:** Bug in libguestfs currently preventing `GENERATE_UNIQUE` and `GENERATE_TRUE` +**2021-09-09** - Bootdisks at runtime required for Monterey! + +Pick one of these: +``` + -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \ + + -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' \ +``` + ## Technical details @@ -245,6 +273,10 @@ Big-Sur make your own image: [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/big-sur?label=sickcodes%2Fdocker-osx%3Abig-sur](https://img.shields.io/docker/image-size/sickcodes/docker-osx/big-sur?label=sickcodes%2Fdocker-osx%3Abig-sur)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) +Monterey make your own image: + +[![https://img.shields.io/docker/image-size/sickcodes/docker-osx/monterey?label=sickcodes%2Fdocker-osx%3Amonterey](https://img.shields.io/docker/image-size/sickcodes/docker-osx/monterey?label=sickcodes%2Fdocker-osx%3Amonterey)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) + Pre-made system by [Sick.Codes](https://sick.codes): username: `user`, password: `alpine` [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/auto?label=sickcodes%2Fdocker-osx%3Aauto](https://img.shields.io/docker/image-size/sickcodes/docker-osx/auto?label=sickcodes%2Fdocker-osx%3Aauto)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) @@ -258,7 +290,8 @@ Same as above but with `-e USERNAME` & `-e PASSWORD` and `-e OSX_COMMANDS="put y [![https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked-auto?label=sickcodes%2Fdocker-osx%3Anaked-auto](https://img.shields.io/docker/image-size/sickcodes/docker-osx/naked-auto?label=sickcodes%2Fdocker-osx%3Anaked-auto)](https://hub.docker.com/r/sickcodes/docker-osx/tags?page=1&ordering=last_updated) ## Capabilities -- iPhone over USB +- use iPhone OSX KVM on Linux using usbfluxd! +- macOS Monterey! - Folder sharing - SSH enabled (`localhost:50922`) - VNC enabled (`localhost:8888`) if using ./vnc version @@ -354,6 +387,7 @@ Create your personal image using `:latest` or `big-sur`. Then, pull the image ou - `sickcodes/docker-osx:auto` - [I'm only interested in using the command line (useful for compiling software or using Homebrew headlessly).](#prebuilt-image-with-arbitrary-command-line-arguments) - `sickcodes/docker-osx:naked` - [I need iMessage/iCloud for security research.](#generating-serial-numbers) - `sickcodes/docker-osx:big-sur` - [I want to run Big Sur.](#quick-start-docker-osx) +- `sickcodes/docker-osx:monterey` - [I want to run Monterey.](#quick-start-docker-osx) ## Initial setup Before you do anything else, you will need to turn on hardware virtualization in your BIOS. Precisely how will depend on your particular machine (and BIOS), but it should be straightforward. @@ -841,7 +875,10 @@ At any time, verify your serial number before logging into iCloud, etc. # this is a quick way to check your serial number via cli inside OSX ioreg -l | grep IOPlatformSerialNumber -# or from the host +# test some commands +sshpass -p 'alpine' ssh user@localhost -p 50922 'ping google.com' + +# check your serial number sshpass -p 'alpine' ssh user@localhost -p 50922 'ioreg -l | grep IOPlatformSerialNumber' ``` @@ -905,8 +942,9 @@ docker run --rm -it \ -e NOPICKER=true \ -e GENERATE_UNIQUE=true \ -e DEVICE_MODEL="iMacPro1,1" \ - -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \ sickcodes/docker-osx:auto + +# -e OSX_COMMANDS='ioreg -l | grep IOPlatformSerialNumber' \ ``` #### This example generates a specific set of serial numbers at runtime diff --git a/osx-serial-generator b/osx-serial-generator index 06eaae3..7a56669 160000 --- a/osx-serial-generator +++ b/osx-serial-generator @@ -1 +1 @@ -Subproject commit 06eaae30883641250b042a16504135ec5cbb73cb +Subproject commit 7a56669ec47eeb5c6d910593ec4cb4056804f9f3 diff --git a/tests/test.sh b/tests/test.sh index 3a11833..1f84a9e 100644 --- a/tests/test.sh +++ b/tests/test.sh @@ -124,6 +124,7 @@ TEST_BUILDS=( 'docker-osx:naked' 'docker-osx:naked-auto' 'docker-osx:big-sur' +'docker-osx:monterey' 'docker-osx:auto' #'docker-osx:auto-big-sur' ) @@ -242,6 +243,15 @@ docker-osx:big-sur () { docker tag docker-osx:big-sur sickcodes/docker-osx:big-sur } +docker-osx:monterey () { + docker build ${NO_CACHE} \ + --build-arg RANKMIRRORS=true \ + --build-arg MIRROR_COUNTRY="${MIRROR_COUNTRY}" \ + -f ./Dockerfile.monterey \ + -t docker-osx:monterey . + docker tag docker-osx:monterey sickcodes/docker-osx:monterey +} + docker-osx:auto () { docker build ${NO_CACHE} \ --build-arg RANKMIRRORS=true \ @@ -301,6 +311,7 @@ if [[ "${DOCKER_USERNAME}" ]] && [[ "${DOCKER_PASSWORD}" ]]; then docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_PASSWORD}" \ && docker push sickcodes/docker-osx:latest \ && docker push sickcodes/docker-osx:big-sur \ + && docker push sickcodes/docker-osx:monterey \ && docker push sickcodes/docker-osx:naked \ && docker push sickcodes/docker-osx:naked-auto \ && docker push sickcodes/docker-osx:auto \