Docker-OSX icon indicating copy to clipboard operation
Docker-OSX copied to clipboard

Published 20 hours ago verified publisher icon sickcodes

DMCA compliance, installer download at runtime

Open sickcodes opened this issue 1 year ago • 2 comments

Complies with DMCA notice by downloading required installer files at runtime, instead of being stored in repository: https://www.bleepingcomputer.com/news/security/docker-osx-image-used-for-security-research-hit-by-apple-dmca-takedown/

# DMCA compliant download process
# If BaseSystem.img does not exist, download ${SHORTNAME}

# shortname default is now sonoma, which means :latest is sonoma
ENV SHORTNAME=sonoma

ENV BASESYSTEM_IMAGE=BaseSystem.img

CMD ! [[ -e "${BASESYSTEM_IMAGE:-BaseSystem.img}" ]] \
        && printf '%s\n' "No BaseSystem.img available, downloading ${SHORTNAME}" \
        && make \
        && qemu-img convert BaseSystem.dmg -O qcow2 -p -c ${BASESYSTEM_IMAGE:-BaseSystem.img} \
        && rm ./BaseSystem.dmg \
    ; 
...

sickcodes avatar Sep 26 '24 07:09 sickcodes

Unintended interesting idea during first test run.

Possibly use the OSX-KVM upstream dialog from fetchmacos python script to allow user to select the OS to download at first run. I will need to move the unique image specific runtime docker run args into the dockerfile. There's about 5.

-e SHORTNAME=sonoma is now a runtime command

On docker stop, and docker start, image is not re-downloaded. I could make this optional, to ensure latest installer is always downloaded. May cause issues though once an image ages.

sickcodes avatar Sep 26 '24 08:09 sickcodes

Need to think of these two options:

All images under one image :latest

And instead of sickcodes/docker-osx:sonoma etc. we just use:

docker run -it \
    --device /dev/kvm \
    -p 50922:10022 \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -e GENERATE_UNIQUE=true \
    -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
    -e SHORTNAME=monterey \
    sickcodes/docker-osx:latest

# docker build -t docker-osx .

Where, -e SHORTNAME=monterey \ downloads Monterey at first runtime.

OR

Same as currently is, each image under its respective docker hub image, however each image will now simply differs by ONE SINGLE environment variable... Seems overkill to me. The whole historical purpose of using dockerhub was to have the images already contain each downloaded installer image. After the DMCA, the installer is to be downloaded at runtime, so I think using a runtime arg is more appropriate now.

ENV SHORTNAME=catalina set by -e SHORTNAME=catalina on command line running the image.

The variable that would change each image: RUN tee -a ./shortname.txt <<< "${SHORTNAME:-catalina}"

Explainer image: Screenshot_2024-09-26_15-27-34

sickcodes avatar Sep 26 '24 15:09 sickcodes