From 9e7342f9662e7a958df90d0cbab53b15067dc2ff Mon Sep 17 00:00:00 2001 From: sickcodes Date: Wed, 24 Mar 2021 13:40:16 +0000 Subject: [PATCH] Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add IMAGE_FORMAT=qcow2 to allow IMAGE_FORMAT=raw too. --- CHANGELOG.md | 2 ++ Dockerfile | 42 +++++++++++++++++------------- Dockerfile.auto | 39 ++++++++++++++++++++++++---- Dockerfile.naked | 30 +++++++++++++++++++++- README.md | 66 ++++++++++++++++++++++++++++++++++++++---------- 5 files changed, 141 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 440d321..fc2c562 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ |Version|Date|Notes| |---|---|---| +|4.2|2021-03-24|Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add `IMAGE_FORMAT=qcow2` to allow `IMAGE_FORMAT=raw` too.| +| |2021-03-19|Use RAM=3 as the default RAM allocation. Add instructions to clear buff/cache.| | |2021-03-17|Add RAM=max and RAM=half to dynamically select ram at runtime (DEFAULT).| | |2021-03-06|Change envs to require --envs. Automatically enable --envs if --output-env is used. Same for plists, bootdisks. Fix help ugliness and sanity of generate serial scripts. Fix bootdisk not getting written to persistent file when using NOPICKER=true. NOPICKER=true is overridden by a custom plist now anyway. Remove useless case statements. Allow -e HEADLESS=true as human readable alternative to -e DISPLAY=:99.| |4.1|2021-03-04|Add `-e MASTER_PLIST_URL` to all images to allow using your own remote plist.| diff --git a/Dockerfile b/Dockerfile index cc75ddd..5f247df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes -# Version: 4.1 +# Version: 4.2 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes @@ -203,15 +203,6 @@ ARG BRANCH=master ARG REPO='https://github.com/sickcodes/Docker-OSX.git' RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH}" "${REPO}" -# env -e ADDITIONAL_PORTS with a comma -# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23, -ENV ADDITIONAL_PORTS= - -# dynamic RAM options for runtime -ENV RAM=3 -# ENV RAM=max -# ENV RAM=half - RUN touch Launch.sh \ && chmod +x ./Launch.sh \ && tee -a Launch.sh <<< '#!/bin/sh' \ @@ -223,7 +214,7 @@ RUN touch Launch.sh \ && tee -a Launch.sh <<< 'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true' \ && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-2}000 \' \ && tee -a Launch.sh <<< '-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \' \ - && tee -a Launch.sh <<< '-machine q35,accel=kvm:tcg \' \ + && tee -a Launch.sh <<< '-machine q35,${KVM:-"accel=kvm:tcg"} \' \ && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \ && tee -a Launch.sh <<< '-usb -device usb-kbd -device usb-tablet \' \ && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \ @@ -236,7 +227,7 @@ RUN touch Launch.sh \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \ && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \' \ - && tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=qcow2 \' \ + && tee -a Launch.sh <<< '-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \ && tee -a Launch.sh <<< '-device ide-hd,bus=sata.4,drive=MacHDD \' \ && tee -a Launch.sh <<< '-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \' \ && tee -a Launch.sh <<< '-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \' \ @@ -255,32 +246,47 @@ USER arch ENV USER arch +#### SPECIAL RUNTIME ARGUMENTS BELOW + +# env -e ADDITIONAL_PORTS with a comma +# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23, +ENV ADDITIONAL_PORTS= + ENV BOOTDISK= ENV DISPLAY=:0.0 ENV ENV=/env -ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img - -# ENV NETWORKING=e1000-82545em -ENV NETWORKING=vmxnet3 - # Boolean for generating a bootdisk with new random serials. ENV GENERATE_UNIQUE=false # Boolean for generating a bootdisk with specific serials. ENV GENERATE_SPECIFIC=false +ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 + # boolean for skipping the disk selection menu at in the boot process ENV NOPICKER=false +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + # The x and y coordinates for resolution. # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. ENV WIDTH=1920 ENV HEIGHT=1080 -ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist" VOLUME ["/tmp/.X11-unix"] diff --git a/Dockerfile.auto b/Dockerfile.auto index c5d199f..ff7d5e6 100644 --- a/Dockerfile.auto +++ b/Dockerfile.auto @@ -7,7 +7,7 @@ # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes -# Version: 4.1 +# Version: 4.2 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes @@ -115,20 +115,25 @@ RUN mkdir -p ~/.ssh \ ARG COMPLETE=true -# Feel free to take a copy of this image and then host it internally -ARG IMAGE_URL='https://images2.sick.codes/mac_hdd_ng_auto.img' - # use the COMPLETE arg, for a complete image, ready to boot. # otherwise use your own image: -v "$PWD/disk.img":/image ARG WGET_OPTIONS= # ARG WGET_OPTIONS='--no-verbose' +# Feel free to take a copy of this image and then host it internally +ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto.img' +# ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' + RUN if [[ "${COMPLETE}" ]]; then \ - echo "Downloading 20GB+ image... This step might take a while... Press Ctrl+C if you want to abort." \ + echo "Downloading 20GB image... This step might take a while... Press Ctrl+C if you want to abort." \ ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ ; fi +#### SPECIAL RUNTIME ARGUMENTS BELOW + +ENV ADDITIONAL_PORTS= + ENV BOOTDISK= ENV DISPLAY=:99 @@ -137,10 +142,34 @@ ENV HEADLESS=false ENV ENV=/env +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 ENV NOPICKER=true +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + ENV TERMS_OF_USE=i_agree ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" diff --git a/Dockerfile.naked b/Dockerfile.naked index 3df45d2..734ea1d 100644 --- a/Dockerfile.naked +++ b/Dockerfile.naked @@ -7,7 +7,7 @@ # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes -# Version: 4.1 +# Version: 4.2 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes @@ -102,6 +102,10 @@ RUN mkdir -p ~/.ssh \ && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' +#### SPECIAL RUNTIME ARGUMENTS BELOW + +ENV ADDITIONAL_PORTS= + ENV BOOTDISK= ENV DISPLAY=:99 @@ -110,10 +114,34 @@ ENV HEADLESS=false ENV ENV=/env +# Boolean for generating a bootdisk with new random serials. +ENV GENERATE_UNIQUE=false + +# Boolean for generating a bootdisk with specific serials. +ENV GENERATE_SPECIFIC=false + ENV IMAGE_PATH=/image +ENV IMAGE_FORMAT=qcow2 + +ENV KVM='accel=kvm:tcg' + +# ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" + +# ENV NETWORKING=e1000-82545em +ENV NETWORKING=vmxnet3 ENV NOPICKER=true +# dynamic RAM options for runtime +ENV RAM=3 +# ENV RAM=max +# ENV RAM=half + +# The x and y coordinates for resolution. +# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. +ENV WIDTH=1920 +ENV HEIGHT=1080 + CMD sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" || true \ ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" || true \ ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ diff --git a/README.md b/README.md index 1409723..75df715 100644 --- a/README.md +++ b/README.md @@ -430,7 +430,11 @@ docker run \ # Troubleshooting -libgtk permissions denied error, thanks @raoulh + @arsham +Big thank you to our contributors who have worked out almost every conceivable issue so far! + +[https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md](https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md) + +#### libgtk permissions denied error ```bash echo $DISPLAY @@ -446,8 +450,40 @@ sudo yum install xorg-x11-server-utils # then run xhost + +``` +#### RAM over-allocation Error +Cause by trying to allocate more ram to the container than you currently have available for allocation: `cannot set up guest memory 'pc.ram': Cannot allocate memory`. + +For example: + +```console +[user@hostname ~]$ free -mh + total used free shared buff/cache available +Mem: 30Gi 3.5Gi 7.0Gi 728Mi 20Gi 26Gi +Swap: 11Gi 0B 11Gi +``` + +In the example above, the `buff/cache` already contains 20 Gigabytes of allocated RAM. + +Clear the buffer and the cache: + +```bash +sudo tee /proc/sys/vm/drop_caches <<< 3 +``` + +Now check the ram again: + +```console +[user@hostname ~]$ free -mh + total used free shared buff/cache available +Mem: 30Gi 3.3Gi 26Gi 697Mi 1.5Gi 26Gi +Swap: 11Gi 0B 11Gi ``` +Of course you cannot allocate more RAM that your have. The default is 3 Gigabytes: `-e RAM=3`. + +#### PulseAudio + PulseAudio for sound (note neither [AppleALC](https://github.com/acidanthera/AppleALC) and varying [`alcid`](https://dortania.github.io/OpenCore-Post-Install/universal/audio.html) or [VoodooHDA-OC](https://github.com/chris1111/VoodooHDA-OC) have [codec support](https://osy.gitbook.io/hac-mini-guide/details/hda-fix#hda-codec) though [IORegistryExplorer](https://github.com/vulgo/IORegistryExplorer) does show the controller component working): ```bash @@ -470,29 +506,31 @@ docker run \ sickcodes/docker-osx pactl list ``` -Alternative run, thanks @roryrjb +#### Nested Hardware Virtualization + +Check if your PC has hardware virtualization enabled: ```bash -docker run \ - --privileged \ - --net host \ - --cap-add=ALL \ - -v /tmp/.X11-unix:/tmp/.X11-unix \ - -v /dev:/dev \ - -v /lib/modules:/lib/modules \ - sickcodes/docker-osx +sudo tee /sys/module/kvm/parameters/ignore_msrs <<< 1 + +egrep -c '(svm|vmx)' /proc/cpuinfo ``` -Check if your hardware virt is on +#### Add yourself to the Docker group, KVM group, libvirt group. + +If you use `sudo dockerd` or dockerd is controlled by systemd/systemctl, then you must be in the Docker group: + +To add yourself to the docker group: ```bash -egrep -c '(svm|vmx)' /proc/cpuinfo +sudo usermod -aG docker "${USER}" ``` -Try adding yourself to the docker group +and for the rest: ```bash -sudo usermod -aG docker "${USER}" +sudo usermod -aG libvirt "${USER}" +sudo usermod -aG kvm "${USER}" ``` Turn on docker daemon