Docker-OSX
Docker-OSX copied to clipboard
sickcodes
Xvfb missing
The naked image fails to start after a recent update. I believe it's the one from 5 days ago that broke it (digest: efdbec5854b5)
My stripped down compose (removed serials, networking, labels):
version: '3.8'
services:
osx:
image: sickcodes/docker-osx:naked
restart: unless-stopped
volumes:
- /srv/osx/mac_hdd_ng.img:/image
ports:
- 50922:10022
- 5999:5999
- 3001:3001
devices:
- /dev/kvm
environment:
# vnc
- EXTRA=-display none -vnc 0.0.0.0:99
Log:
nohup: failed to run command 'Xvfb': No such file or directory
might be related to #446
Edit: most likely broken by d7f0c289fcfa5966101f92937518759c4f68e2bd
I am also experiencing this issue with the latest naked image. Thanks for reporting @dumbasPL!
While running below step (docker build):
Step 11/42 : RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm && if [[ "${SCROT}" ]]; then pacman -Syu scrot base-devel --noconfirm && git clone --recurse-submodules --depth 1 https://github.com/stolk/imcat.git && cd imcat && make && sudo cp imcat /usr/bin/imcat && touch /usr/bin/scrotcat && tee -a /usr/bin/scrotcat <<< '/usr/bin/imcat <(scrot -o /dev/stdout)' && chmod +x /usr/bin/scrotcat ; else touch /usr/bin/scrotcat && echo echo >> /usr/bin/scrotcat && chmod +x /usr/bin/scrotcat ; fi ; yes | pacman -Scc
---> Running in 15ab0e538e0b
libinih-55-2-x86_64.pkg.tar.zst is detected as corrupted or has invalid sign.
:point_up: This seems to be the root cause of failed to run command 'Xvfb' which breaks docker-osx image.
checking keyring...
downloading required keys...
:: Import PGP key 0F65C7D881506130, "Maxime Gauduin <[email protected]>"? [Y/n]
checking package integrity...
:: Import PGP key 95220BE99CE6FF778AE0DC670F65C7D881506130? [Y/n] error: libinih: key "95220BE99CE6FF778AE0DC670F65C7D881506130" is unknown
:: File /var/cache/pacman/pkg/libinih-55-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
Cache directory: /var/cache/pacman/pkg/
:: Do you want to remove ALL files from cache? [y/N] y
:: Do you want to remove unused repositories? [Y/n] y
removing all files from cache...
It's interesting that it's not breaking docker build process (exiting with non-zero code) but created docker image is broken since Xvfb command could not be installed as we see in logs.
I searched for a fix or workaround and implemented below statements to docker file before RUN pacman -Syu xorg-server-xvfb...
RUN pacman-key --init
RUN pacman -Sy --noconfirm
RUN pacman -S --noconfirm archlinux-keyring
RUN pacman -Syu --noconfirm
Resources:
- https://github.com/archlinux/archinstall/issues/1092
- https://forum.endeavouros.com/t/installation-failed-with-pacstrap-error/26485
- https://www.reddit.com/r/archlinux/comments/uf6qkk/getting_invalid_or_corrupted_package_pgp/
- https://arcolinuxforum.com/viewtopic.php?t=3097
- https://suay.site/?p=2414
- https://wiki.archlinux.org/title/Pacman/Package_signing
Using -Syu on pacman forces many packages to upgrade which can cause other problems in docker build.
For example, yara upgrade bumps libyara.so to 9 which makes libguestfs-test-tool fail with error: "guestfsd: error while loading shared libraries: libyara.so.8: cannot open shared object file: No such file or directory".
So more simple fix is replacing below line in Dockerfile.naked
RUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \
with
RUN pacman -Sy xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \
(removing -u arg from pacman)
After this minor update docker build for Dockerfile.naked works fine and created docker image boots successfully without any Xvfb error.
@dumbasPL @maxlapides I found "older" docker images of naked in here. :eyes:
You can go back from broken digest: efdbec5854b5 to older images one by one for a working one.
docker pull dickhub/docker-osx:naked_backdateis_2022-May-15_03h30m01s efdbec5854b5
docker pull dickhub/docker-osx:naked_backdateis_2022-May-15_00h30m02s c97f66947c85
docker pull dickhub/docker-osx:naked_backdateis_2022-May-14_21h30m01s 4da5a80bf3ac
docker pull dickhub/docker-osx:naked_backdateis_2022-Apr-21_18h30m01s 22e066908c47
Although not tried yet, I keep it in my notes for a quick workaround for broken naked. :slightly_smiling_face:
@csonuryilmaz Thank you for finding this. efdbec5854b5 and c97f66947c85 fail to start. 4da5a80bf3ac seems to be the last working one. Booted up just fine for me.
Here is the full sha256, for anyone facing this issue. You can use this as your image name for now until this gets fixed.
sickcodes/docker-osx@sha256:4da5a80bf3aca7306e441a4fad4b92aafcd0fb5f9d0c143dbdf857d162d6903c
Hi, I'm facing the same error:
docker run -i --name ios-toolchain --device /dev/kvm -p 50922:10022 -v build:/mnt/hostshare -e 'OSX_COMMANDS=/bin/bash -c "echo alpine | sudo -S mount_9p hostshare && ls /Volumes/hostshare/src && bash build.sh "' -e 'EXTRA=-virtfs local,path=/mnt/hostshare,mount_tag=hostshare,security_model=passthrough,id=user' -e TERMS_OF_USE=i_agree -v ****:/image sickcodes/docker-osx:naked-auto
By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree
Disk is being copied between layers... Please wait a minute...
nohup: failed to run command 'Xvfb': No such file or directory
What can I do? Thanks
This solution fixed the issue
now I'm getting a new error
qemu-system-x86_64: -drive id=MacHDD,if=none,file=/image,format=qcow2: 'file' driver requires '/image' to be a regular file
Using
-Syuon pacman forces many packages to upgrade which can cause other problems in docker build.For example,
yaraupgrade bumpslibyara.soto 9 which makes libguestfs-test-tool fail with error: "guestfsd: error while loading shared libraries: libyara.so.8: cannot open shared object file: No such file or directory".So more simple fix is replacing below line in
Dockerfile.nakedRUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \with
RUN pacman -Sy xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \(removing
-uarg from pacman)After this minor update docker build for
Dockerfile.nakedworks fine and created docker image boots successfully without any Xvfb error.
this!
This solution fixed the issue
now I'm getting a new error
qemu-system-x86_64: -drive id=MacHDD,if=none,file=/image,format=qcow2: 'file' driver requires '/image' to be a regular file
This new issue was because i was passing the wrong image file in volume, fixed
now I'm getting a totally new error
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5701:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'
This is not an critical error. All it means is that the audio failed to initialize.
If you want to get sound to work then read this https://github.com/sickcodes/Docker-OSX#pulseaudio
Otherwise you can just ignore the error, the vm should be booting up at this point
This is not an critical error. All it means is that the audio failed to initialize. If you want to get sound to work then read this https://github.com/sickcodes/Docker-OSX#pulseaudio Otherwise you can just ignore the error, the vm should be booting up at this point
I'm tryna use it headlessly, no display or audio
but its stuck here for the last hour
ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'
usb_desc_get_descriptor: 2 unknown type 33 (len 10)
usb_desc_get_descriptor: 1 unknown type 33 (len 10)
Using
-Syuon pacman forces many packages to upgrade which can cause other problems in docker build.For example,
yaraupgrade bumpslibyara.soto 9 which makes libguestfs-test-tool fail with error: "guestfsd: error while loading shared libraries: libyara.so.8: cannot open shared object file: No such file or directory".So more simple fix is replacing below line in
Dockerfile.nakedRUN pacman -Syu xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \with
RUN pacman -Sy xorg-server-xvfb wget xterm xorg-xhost xorg-xrandr sshpass --noconfirm \(removing
-uarg from pacman)After this minor update docker build for
Dockerfile.nakedworks fine and created docker image boots successfully without any Xvfb error.
Thanks for posting this I was unaware there was an error in yara.
I added additional keyservers to cover the issue with keys
Is this supposed to be fixed? I'm still getting
$ docker run --rm -it sickcodes/docker-osx:naked
nohup: appending output to 'nohup.out'
nohup: failed to run command 'Xvfb': No such file or directory