Merge pull request #155 from sickcodes/custom-identity

Custom Serial Numbers (iMessage/iCloud security analysis)

1 files changed, 80 insertions, 9 deletions

diff --git a/Dockerfile b/Dockerfile
index 8445ecb..f9570ab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,7 @@
 # Repo:             https://github.com/sickcodes/Docker-OSX/
 # Title:            Mac on Docker (Docker-OSX)
 # Author:           Sick.Codes https://sick.codes/
-# Version:          3.1
+# Version:          3.2
 # License:          GPLv3+
 #
 # All credits for OSX-KVM and the rest at @Kholia's repo: https://github.com/kholia/osx-kvm
@@ -52,7 +52,7 @@
 
 FROM archlinux:base-devel
 
-MAINTAINER 'https://sick.codes' <https://sick.codes>
+MAINTAINER 'https://twitter.com/sickcodes' <https://sick.codes>
 
 SHELL ["/bin/bash", "-c"]
 
@@ -91,7 +91,7 @@ RUN if [[ "${RANKMIRRORS}" ]]; then \
 # RUN tee -a /etc/pacman.conf <<< '[community-testing]' \
 #     && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist'
 
-RUN pacman -Syu git vim nano alsa-utils openssh --noconfirm \
+RUN pacman -Syu git zip vim nano alsa-utils openssh --noconfirm \
     && ln -s /bin/vim /bin/vi \
     && useradd arch -p arch \
     && tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' \
@@ -174,6 +174,19 @@ RUN python fetch-macOS.py --version "${VERSION}" \
 
 WORKDIR /home/arch/OSX-KVM
 
+ARG LINUX=true
+
+# required to use libguestfs inside a docker container, to create bootdisks for docker-osx on-the-fly
+RUN if [[ "${LINUX}" == true ]]; then \
+        sudo pacman -Syu linux libguestfs --noconfirm \
+        && patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst \
+        && curl -LO "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/${patched_glibc}" \
+        && bsdtar -C / -xvf "${patched_glibc}" || echo "Everything is fine." \
+    ; fi
+
+# temporary branch, remove in final PR
+RUN git clone --branch custom-identity https://github.com/sickcodes/Docker-OSX.git
+
 RUN touch Launch.sh \
     && chmod +x ./Launch.sh \
     && tee -a Launch.sh <<< '#!/bin/sh' \
@@ -183,7 +196,7 @@ RUN touch Launch.sh \
     && tee -a Launch.sh <<< 'exec qemu-system-x86_64 -m ${RAM:-8}000 \' \
     && tee -a Launch.sh <<< '-cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check \' \
     && tee -a Launch.sh <<< '-machine q35,accel=kvm:tcg \' \
-    && tee -a Launch.sh <<< '-smp ${SMP:-4},cores=${CORES:-4} \' \
+    && tee -a Launch.sh <<< '-smp ${CPU_STRING:-${SMP:-4},cores=${CORES:-4}} \' \
     && tee -a Launch.sh <<< '-usb -device usb-kbd -device usb-tablet \' \
     && tee -a Launch.sh <<< '-device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal\(c\)AppleComputerInc \' \
     && tee -a Launch.sh <<< '-drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd \' \
@@ -191,7 +204,7 @@ RUN touch Launch.sh \
     && tee -a Launch.sh <<< '-smbios type=2 \' \
     && tee -a Launch.sh <<< '-audiodev ${AUDIO_DRIVER:-alsa},id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda \' \
     && tee -a Launch.sh <<< '-device ich9-ahci,id=sata \' \
-    && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \' \
+    && tee -a Launch.sh <<< '-drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2} \' \
     && tee -a Launch.sh <<< '-device ide-hd,bus=sata.2,drive=OpenCoreBoot \' \
     && tee -a Launch.sh <<< '-device ide-hd,bus=sata.3,drive=InstallMedia \' \
     && tee -a Launch.sh <<< '-drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 \' \
@@ -204,6 +217,8 @@ RUN touch Launch.sh \
     && tee -a Launch.sh <<< '${EXTRA:-}'
 
 # docker exec containerid mv ./Launch-nopicker.sh ./Launch.sh
+# This is now a legacy command.
+# You can use -e BOOTDISK=/bootdisk with -v ./bootdisk.img:/bootdisk
 RUN grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh \
     && chmod +x ./Launch-nopicker.sh \
     && sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh
@@ -212,8 +227,12 @@ USER arch
 
 ENV USER arch
 
+ENV BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2
+
 ENV DISPLAY=:0.0
 
+ENV ENV=/env
+
 ENV IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img
 
 ENV NETWORKING=e1000-82545em
@@ -221,13 +240,65 @@ ENV NETWORKING=e1000-82545em
 
 ENV NOPICKER=false
 
+ENV UNIQUE=false
+# Boolean for generating a bootdisk with new serials.
+
 VOLUME ["/tmp/.X11-unix"]
 
-CMD case "$(file --brief /image)" in \
-        QEMU*) export IMAGE_PATH=/image && sudo chown "$(id -u)":"$(id -g)" "${IMAGE_PATH}" 2>/dev/null || true;; \
-        directory*) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img;; \
+# check if /image is a disk image or a directory. This allows you to optionally use -v disk.img:/image
+# NOPICKER is used to skip the disk selection screen
+# GENERATE_UNIQUE is used to generate serial numbers on boot.
+# /env is a file that you can generate and save using -v source.sh:/env
+# the env file is a file that you can carry to the next container which will supply the serials numbers.
+# GENERATE_SPECIFIC is used to either accept the env serial numbers OR you can supply using:
+    # -e DEVICE_MODEL="iMacPro1,1" \
+    # -e SERIAL="C02TW0WAHX87" \
+    # -e BOARD_SERIAL="C027251024NJG36UE" \
+    # -e UUID="5CCB366D-9118-4C61-A00A-E5BAF3BED451" \
+    # -e MAC_ADDRESS="A8:5C:2C:9A:46:2F" \
+
+# the output will be /bootdisk.
+# /bootdisk is a useful persistent place to store the 15Mb serial number bootdisk.
+
+# if you don't set any of the above:
+# the default serial numbers are already contained in ./OpenCore-Catalina/OpenCore.qcow2
+# And the default serial numbers
+
+CMD sudo chown -R $(id -u):$(id -g) /dev/kvm /dev/snd "${IMAGE_PATH}" "${BOOTDISK}" "${ENV}" 2>/dev/null || true \
+    ; case "$(file --brief /image)" in \
+        QEMU\ QCOW2\ Image* ) export IMAGE_PATH=/image \
+            ;; \
+        directory* ) export IMAGE_PATH=/home/arch/OSX-KVM/mac_hdd_ng.img \
+            ;; \
+    esac \
+    ; [[ "${NOPICKER}" == true ]] && { \
+        sed -i '/^.*InstallMedia.*/d' Launch.sh \
+        && export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 \
+    ; } \
+    ; [[ "${GENERATE_UNIQUE}" == true ]] && { \
+        ./Docker-OSX/custom/generate-unique-machine-values.sh \
+        --count 1 \
+        --tsv ./serial.tsv \
+        --bootdisks \
+        --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" \
+        --output-env "${ENV:=/env}" || exit 1 \
+    ; } \
+    ; [[ "${GENERATE_SPECIFIC}" == true ]] && { \
+            source "${ENV:=/env}" \
+            || ./Docker-OSX/custom/generate-specific-bootdisk.sh \
+            --model "${DEVICE_MODEL}" \
+            --serial "${SERIAL}" \
+            --board-serial "${BOARD_SERIAL}" \
+            --uuid "${UUID}" \
+            --mac-address "${MAC_ADDRESS}" \
+            --output-bootdisk "${BOOTDISK:-/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2}" || exit 1 \
+    ; } \
+    ; case "$(file --brief /bootdisk)" in \
+        QEMU\ QCOW2\ Image* ) export BOOTDISK=/bootdisk \
+            ;; \
+        directory* ) export BOOTDISK=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 \
+            ;; \
     esac \
-    ; [[ "${NOPICKER}" == true ]] && mv ./Launch-nopicker.sh ./Launch.sh \
     ; ./enable-ssh.sh && envsubst < ./Launch.sh | bash
 
 # virt-manager mode: eta son