Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add IMAGE_FORMAT=qcow2 to allow IMAGE_FORMAT=raw too.
|4.2|2021-03-24|Add all ENV variables to each dockerfile for readability. Add RAM allocation buffer and cache drop bug fix. Add kvm and libvirt groups. Add `IMAGE_FORMAT=qcow2` to allow `IMAGE_FORMAT=raw` too.|
| |2021-03-19|Use RAM=3 as the default RAM allocation. Add instructions to clear buff/cache.|
| |2021-03-17|Add RAM=max and RAM=half to dynamically select ram at runtime (DEFAULT).|
| |2021-03-17|Add RAM=max and RAM=half to dynamically select ram at runtime (DEFAULT).|
| |2021-03-06|Change envs to require --envs. Automatically enable --envs if --output-env is used. Same for plists, bootdisks. Fix help ugliness and sanity of generate serial scripts. Fix bootdisk not getting written to persistent file when using NOPICKER=true. NOPICKER=true is overridden by a custom plist now anyway. Remove useless case statements. Allow -e HEADLESS=true as human readable alternative to -e DISPLAY=:99.|
| |2021-03-06|Change envs to require --envs. Automatically enable --envs if --output-env is used. Same for plists, bootdisks. Fix help ugliness and sanity of generate serial scripts. Fix bootdisk not getting written to persistent file when using NOPICKER=true. NOPICKER=true is overridden by a custom plist now anyway. Remove useless case statements. Allow -e HEADLESS=true as human readable alternative to -e DISPLAY=:99.|
|4.1|2021-03-04|Add `-e MASTER_PLIST_URL` to all images to allow using your own remote plist.|
|4.1|2021-03-04|Add `-e MASTER_PLIST_URL` to all images to allow using your own remote plist.|
RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH}""${REPO}"
RUN git clone --recurse-submodules --depth 1 --branch "${BRANCH}""${REPO}"
# env -e ADDITIONAL_PORTS with a comma
# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23,
ENVADDITIONAL_PORTS=
# dynamic RAM options for runtime
ENVRAM=3
# ENV RAM=max
# ENV RAM=half
RUN touch Launch.sh \
RUN touch Launch.sh \
&& chmod +x ./Launch.sh \
&& chmod +x ./Launch.sh \
&& tee -a Launch.sh <<<'#!/bin/sh'\
&& tee -a Launch.sh <<<'#!/bin/sh'\
@ -223,7 +214,7 @@ RUN touch Launch.sh \
&& tee -a Launch.sh <<<'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true'\
&& tee -a Launch.sh <<<'sudo chown -R $(id -u):$(id -g) /dev/snd 2>/dev/null || true'\
&& tee -a Launch.sh <<<'exec qemu-system-x86_64 -m ${RAM:-2}000 \'\
&& tee -a Launch.sh <<<'exec qemu-system-x86_64 -m ${RAM:-2}000 \'\
&& tee -a Launch.sh <<<'-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \'\
&& tee -a Launch.sh <<<'-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \'\
&& tee -a Launch.sh <<<'-machine q35,accel=kvm:tcg \' \
&& tee -a Launch.sh <<<'-machine q35,${KVM:-"accel=kvm:tcg"} \' \
&& tee -a Launch.sh <<<'-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \'\
&& tee -a Launch.sh <<<'-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \'\
&& tee -a Launch.sh <<<'-usb -device usb-kbd -device usb-tablet \'\
&& tee -a Launch.sh <<<'-usb -device usb-kbd -device usb-tablet \'\
&& tee -a Launch.sh <<<'-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \'\
&& tee -a Launch.sh <<<'-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \'\
@ -236,7 +227,7 @@ RUN touch Launch.sh \
&& tee -a Launch.sh <<<'-device ide-hd,bus=sata.2,drive=OpenCoreBoot \'\
&& tee -a Launch.sh <<<'-device ide-hd,bus=sata.2,drive=OpenCoreBoot \'\
&& tee -a Launch.sh <<<'-device ide-hd,bus=sata.3,drive=InstallMedia \'\
&& tee -a Launch.sh <<<'-device ide-hd,bus=sata.3,drive=InstallMedia \'\
&& tee -a Launch.sh <<<'-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \'\
&& tee -a Launch.sh <<<'-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \'\
&& tee -a Launch.sh <<<'-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=qcow2 \' \
&& tee -a Launch.sh <<<'-drive id=MacHDD,if=none,file=${IMAGE_PATH:-/home/arch/OSX-KVM/mac_hdd_ng.img},format=${IMAGE_FORMAT:-qcow2} \' \
&& tee -a Launch.sh <<<'-device ide-hd,bus=sata.4,drive=MacHDD \'\
&& tee -a Launch.sh <<<'-device ide-hd,bus=sata.4,drive=MacHDD \'\
&& tee -a Launch.sh <<<'-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \'\
&& tee -a Launch.sh <<<'-netdev user,id=net0,hostfwd=tcp::${INTERNAL_SSH_PORT:-10022}-:22,hostfwd=tcp::${SCREEN_SHARE_PORT:-5900}-:5900,${ADDITIONAL_PORTS} \'\
&& tee -a Launch.sh <<<'-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \'\
&& tee -a Launch.sh <<<'-device ${NETWORKING:-vmxnet3},netdev=net0,id=net0,mac=${MAC_ADDRESS:-52:54:00:09:49:17} \'\
@ -255,32 +246,47 @@ USER arch
ENV USER arch
ENV USER arch
#### SPECIAL RUNTIME ARGUMENTS BELOW
# env -e ADDITIONAL_PORTS with a comma
# for example, -e ADDITIONAL_PORTS=hostfwd=tcp::23-:23,
ENVADDITIONAL_PORTS=
ENVBOOTDISK=
ENVBOOTDISK=
ENVDISPLAY=:0.0
ENVDISPLAY=:0.0
ENVENV=/env
ENVENV=/env
ENVIMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img
# ENV NETWORKING=e1000-82545em
ENVNETWORKING=vmxnet3
# Boolean for generating a bootdisk with new random serials.
# Boolean for generating a bootdisk with new random serials.
ENVGENERATE_UNIQUE=false
ENVGENERATE_UNIQUE=false
# Boolean for generating a bootdisk with specific serials.
# Boolean for generating a bootdisk with specific serials.
# Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true.
ENVWIDTH=1920
ENVHEIGHT=1080
ENVTERMS_OF_USE=i_agree
ENVTERMS_OF_USE=i_agree
ENVBOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree"
ENVBOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree"
Cause by trying to allocate more ram to the container than you currently have available for allocation: `cannot set up guest memory 'pc.ram': Cannot allocate memory`.
For example:
```console
[user@hostname ~]$ free -mh
total used free shared buff/cache available
Mem: 30Gi 3.5Gi 7.0Gi 728Mi 20Gi 26Gi
Swap: 11Gi 0B 11Gi
```
In the example above, the `buff/cache` already contains 20 Gigabytes of allocated RAM.
Clear the buffer and the cache:
```bash
sudo tee /proc/sys/vm/drop_caches <<<3
```
Now check the ram again:
```console
[user@hostname ~]$ free -mh
total used free shared buff/cache available
Mem: 30Gi 3.3Gi 26Gi 697Mi 1.5Gi 26Gi
Swap: 11Gi 0B 11Gi
```
```
Of course you cannot allocate more RAM that your have. The default is 3 Gigabytes: `-e RAM=3`.
#### PulseAudio
PulseAudio for sound (note neither [AppleALC](https://github.com/acidanthera/AppleALC) and varying [`alcid`](https://dortania.github.io/OpenCore-Post-Install/universal/audio.html) or [VoodooHDA-OC](https://github.com/chris1111/VoodooHDA-OC) have [codec support](https://osy.gitbook.io/hac-mini-guide/details/hda-fix#hda-codec) though [IORegistryExplorer](https://github.com/vulgo/IORegistryExplorer) does show the controller component working):
PulseAudio for sound (note neither [AppleALC](https://github.com/acidanthera/AppleALC) and varying [`alcid`](https://dortania.github.io/OpenCore-Post-Install/universal/audio.html) or [VoodooHDA-OC](https://github.com/chris1111/VoodooHDA-OC) have [codec support](https://osy.gitbook.io/hac-mini-guide/details/hda-fix#hda-codec) though [IORegistryExplorer](https://github.com/vulgo/IORegistryExplorer) does show the controller component working):
```bash
```bash
@ -470,29 +506,31 @@ docker run \
sickcodes/docker-osx pactl list
sickcodes/docker-osx pactl list
```
```
Alternative run, thanks @roryrjb
#### Nested Hardware Virtualization
Check if your PC has hardware virtualization enabled:
```bash
```bash
docker run \
sudo tee /sys/module/kvm/parameters/ignore_msrs <<<1
--privileged \
--net host \
egrep -c '(svm|vmx)' /proc/cpuinfo
--cap-add=ALL \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-v /dev:/dev \
-v /lib/modules:/lib/modules \
sickcodes/docker-osx
```
```
Check if your hardware virt is on
#### Add yourself to the Docker group, KVM group, libvirt group.
If you use `sudo dockerd` or dockerd is controlled by systemd/systemctl, then you must be in the Docker group: