#!/usr/bin/docker # ____ __ ____ ______ __ # / __ \____ _____/ /_____ _____/ __ \/ ___/ |/ / # / / / / __ \/ ___/ //_/ _ \/ ___/ / / /\__ \| / # / /_/ / /_/ / /__/ ,< / __/ / / /_/ /___/ / | # /_____/\____/\___/_/|_|\___/_/ \____//____/_/|_| :NAKED-AUTO # # Title: Docker-OSX (Mac on Docker) # Author: Sick.Codes https://twitter.com/sickcodes # Version: 6.0 # License: GPLv3+ # Repository: https://github.com/sickcodes/Docker-OSX # Website: https://sick.codes # # This Dockerfile needs you to supply a pre-installed installation of Docker-OSX! # # Visit https://github.com/sickcodes/Docker-OSX for info FROM sickcodes/docker-osx:latest LABEL maintainer='https://twitter.com/sickcodes ' USER root WORKDIR /root RUN rm -f /home/arch/OSX-KVM/mac_hdd_ng.img # For taking screenshots of the Xfvb screen, useful during development. ARG SCROT # OPTIONAL: Arch Linux server mirrors for super fast builds # set RANKMIRRORS to any value other that nothing, e.g. -e RANKMIRRORS=true RUN perl -i -p -e s/^\#Color/Color$'\n'ParallelDownloads\ =\ 30/g /etc/pacman.conf ARG RANKMIRRORS ARG MIRROR_COUNTRY=US ARG MIRROR_COUNT=10 RUN tee /etc/pacman.d/mirrorlist <<< 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch' \ && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' # Fixes issue with invalid GPG keys: update the archlinux-keyring package to get the latest keys, then remove and regenerate gnupg keys RUN pacman -Sy archlinux-keyring --noconfirm \ && rm -rf /etc/pacman.d/gnupg \ && pacman-key --init \ && pacman-key --populate archlinux RUN if [[ "${RANKMIRRORS}" ]]; then \ { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; } \ ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/${BRANCH:=master}/rankmirrors" \ ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on" \ | sed -e 's/^#Server/Server/' -e '/^#/d' \ | head -n "$((${MIRROR_COUNT:-10}+1))" \ | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist \ && cat /etc/pacman.d/mirrorlist \ ; fi RUN tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://keyserver.ubuntu.com' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://hkps.pool.sks-keyservers.net:443' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkp://pgp.mit.edu:11371' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.openpgp.org' \ && tee -a /etc/pacman.d/gnupg/gpg.conf <<< 'keyserver hkps://keys.mailvelope.com' # For taking screenshots of the Xfvb screen, useful during development. ARG SCROT RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr --noconfirm \ && if [[ "${SCROT}" ]]; then \ pacman -Syu scrot base-devel --noconfirm \ && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git \ && cd imcat \ && make \ && sudo cp imcat /usr/bin/imcat \ && touch /usr/bin/scrotcat \ && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' \ && chmod +x /usr/bin/scrotcat \ ; else \ touch /usr/bin/scrotcat \ && echo echo >> /usr/bin/scrotcat \ && chmod +x /usr/bin/scrotcat \ ; fi \ ; yes | pacman -Scc RUN pacman -S sshpass --noconfirm \ && yes | pacman -Scc USER arch ENV USER arch WORKDIR /home/arch/OSX-KVM RUN mkdir -p ~/.ssh \ && touch ~/.ssh/authorized_keys \ && touch ~/.ssh/config \ && chmod 700 ~/.ssh \ && chmod 600 ~/.ssh/config \ && chmod 600 ~/.ssh/authorized_keys \ && tee -a ~/.ssh/config <<< 'Host *' \ && tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ && tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' ARG COMPLETE= # use the COMPLETE arg, for a complete image, ready to boot. # otherwise use your own image: -v "$PWD/disk.img":/image ARG WGET_OPTIONS= # ARG WGET_OPTIONS='--no-verbose' # Feel free to take a copy of this image and then host it internally ARG IMAGE_URL= # ARG IMAGE_URL='https://images.sick.codes/mac_hdd_ng_auto_big_sur.img' RUN if [[ "${COMPLETE}" ]]; then \ echo "Downloading your image... This step might take a while... Press Ctrl+C if you want to abort." \ ; rm -f /home/arch/OSX-KVM/mac_hdd_ng.img \ && wget ${WGET_OPTIONS} -O /home/arch/OSX-KVM/mac_hdd_ng.img "${IMAGE_URL}" \ ; fi #### # symlink the old directory, for redundancy RUN ln -s /home/arch/OSX-KVM/OpenCore /home/arch/OSX-KVM/OpenCore-Catalina || true #### #### SPECIAL RUNTIME ARGUMENTS BELOW ENV ADDITIONAL_PORTS= # add additional QEMU boot arguments ENV BOOT_ARGS= ENV BOOTDISK= # edit the CPU that is beign emulated ENV CPU=Penryn ENV DISPLAY=:99 ENV HEADLESS=false ENV ENV=/env # Boolean for generating a bootdisk with new random serials. ENV GENERATE_UNIQUE=false # Boolean for generating a bootdisk with specific serials. ENV GENERATE_SPECIFIC=false ENV IMAGE_PATH=/image ENV IMAGE_FORMAT=qcow2 ENV KVM='accel=kvm:tcg' # ENV MASTER_PLIST_URL="https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist" # ENV NETWORKING=e1000-82545em ENV NETWORKING=vmxnet3 ENV NOPICKER=true # set the username and password for automatically logging in ENV USERNAME=user ENV PASSWORD=alpine # dynamic RAM options for runtime ENV RAM=3 # ENV RAM=max # ENV RAM=half # The x and y coordinates for resolution. # Must be used with either -e GENERATE_UNIQUE=true or -e GENERATE_SPECIFIC=true. ENV WIDTH=1920 ENV HEIGHT=1080 # libguestfs verbose ENV LIBGUESTFS_DEBUG=1 ENV LIBGUESTFS_TRACE=1 ENV TERMS_OF_USE=i_agree ENV BOILERPLATE="By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree" # DMCA compliant download process # If BaseSystem.img does not exist, download ${SHORTNAME} # shortname default is catalina, which means :latest is catalina ENV SHORTNAME=sonoma ENV BASESYSTEM_IMAGE=BaseSystem.img CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \ && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \ && make \ && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \ && rm ./BaseSystem.dmg \ ; echo "${BOILERPLATE}" \ ; [[ "${TERMS_OF_USE}" = i_agree ]] || exit 1 \ ; echo "Disk is being copied between layers... Please wait a minute..." \ ; sudo touch /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \ ; [[ "${NOPICKER}" == true ]] && { \ sed -i '/^.*InstallMedia.*/d' Launch.sh \ && export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore-nopicker.qcow2}" \ ; } \ || export BOOTDISK="${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ ; [[ "${GENERATE_UNIQUE}" == true ]] && { \ ./Docker-OSX/osx-serial-generator/generate-unique-machine-values.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --count 1 \ --tsv ./serial.tsv \ --bootdisks \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ --output-env "${ENV:=/env}" \ || exit 1 ; } \ ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \ source "${ENV:=/env}" 2>/dev/null \ ; ./Docker-OSX/osx-serial-generator/generate-specific-bootdisk.sh \ --master-plist-url="${MASTER_PLIST_URL}" \ --model "${DEVICE_MODEL}" \ --serial "${SERIAL}" \ --board-serial "${BOARD_SERIAL}" \ --uuid "${UUID}" \ --mac-address "${MAC_ADDRESS}" \ --width "${WIDTH:-1920}" \ --height "${HEIGHT:-1080}" \ --output-bootdisk "${BOOTDISK:=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2}" \ || exit 1 ; } \ ; { [[ "${DISPLAY}" = ':99' ]] || [[ "${HEADLESS}" == true ]] ; } && { \ nohup Xvfb :99 -screen 0 1920x1080x16 \ & until [[ "$(xrandr --query 2>/dev/null)" ]]; do sleep 1 ; done \ ; } \ ; stat "${IMAGE_PATH}" \ ; echo "Large image is being copied between layers, please wait a minute..." \ ; ./enable-ssh.sh \ ; [[ -e ~/.ssh/id_docker_osx ]] || { \ /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_docker_osx -q -N "" \ && chmod 600 ~/.ssh/id_docker_osx \ ; } \ ; /bin/bash -c ./Launch.sh \ & echo "Booting Docker-OSX in the background. Please wait..." \ ; until [[ "$(sshpass -p${PASSWORD:=alpine} ssh-copy-id -f -i ~/.ssh/id_docker_osx.pub -p 10022 ${USERNAME:=user}@127.0.0.1)" ]]; do \ echo "Disk is being copied between layers. Repeating until able to copy SSH key into OSX..." \ ; sleep 1 \ ; done \ ; grep id_docker_osx ~/.ssh/config || { \ tee -a ~/.ssh/config <<< 'Host 127.0.0.1' \ ; tee -a ~/.ssh/config <<< " User ${USERNAME:=user}" \ ; tee -a ~/.ssh/config <<< ' Port 10022' \ ; tee -a ~/.ssh/config <<< ' IdentityFile ~/.ssh/id_docker_osx' \ ; tee -a ~/.ssh/config <<< ' StrictHostKeyChecking no' \ ; tee -a ~/.ssh/config <<< ' UserKnownHostsFile=/dev/null' \ ; } \ && ssh -i ~/.ssh/id_docker_osx ${USERNAME:=user}@127.0.0.1 -p 10022 "${OSX_COMMANDS}"