search

sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
48.73k stars 2.72k forks source link

APFS Image Slimming Critical Task #210

Open sickcodes opened 3 years ago

sickcodes commented 3 years ago

Big Sur is using APFS only...

Failed (read only) image

APFS mountable in Linux but READ ONLY

Therefore it must be done inside OSX.

Secondly, Big Sur must be used to mount Big Sur

How to mount Big Sur writable:

Boot into recovery mode with two disks https://github.com/sickcodes/Docker-OSX#mount-a-disk-inside-osx-from-the-host

Disable SIP

# inside Recovery Disk shell
csrutil authenticated-root disable
csrutil disable
reboot

Log into Big Sur good one

Unmount the only other disk that you can unmount in disk utility.

Sometimes it's disk3 disk4 or disk5

Remount as writable, as shown below thanks to https://mobile.twitter.com/ebadtweet/status/1275454103900971012

The partition to remount is always s2

sudo mount -o nobrowse -t apfs /dev/diskNsM /path/to/mntpoint

cd your mountpoint

ncdu is handy for finding large files today delete

After finishing, create a snapshot and reboot sudo bless --folder /path/to/mntpoint/System/Library/CoreServices --bootefi --create-snapshot

image

However this image will not shrink when using https://github.com/sickcodes/Docker-OSX#how-to-reduce-the-size-of-the-image

This is crucial for development as we need much smaller images, 40GB is unwieldy for security research and takes even a few minutes on a good SSD to copy it.

sickcodes commented 3 years ago

image

Ultimate

rm -rf mnt/usr/share/man/*
rm -rf mnt/System/Library/Desktop\ Pictures/*

Okay

rm -rf mnt/System/Applications/Music.app/*
rm -rf mnt/System/Applications/Books.app/*
rm -rf mnt/System/Applications/TV.app/*
rm -rf mnt/System/Applications/Maps.app/*
rm -rf mnt/System/Applications/Podcasts.app/*
rm -rf mnt/System/Applications/Music.app/*

Fail


rm -rf mnt/usr/share/tokenizer/*
rm -rf mnt/System/iOSSupport/System/Library/PrivateFrameworks/*
rm -rf mnt/System/iOSSupport/System/Library/Frameworks/*
rm -rf mnt/System/iOSSupport/System/Library/AccessibilityBundles/*
rm -rf mnt/System/Library/Templates/*

Not sure


rm -rf mnt/System/Library/SpeechBase/*
rm -rf mnt/System/Library/Audio/*
rm -rf mnt/System/Library/Frameworks/Vision.Framework/Versions/A/Resources/*
Diassico commented 3 years ago

Big Sur is using

Failed (read only) image

APFS mountable in Linux but READ ONLY

Therefore it must be done inside OSX.

Secondly, Big Sur must be used to mount Big Sur

How to mount Big Sur writable:

Boot into recovery mode with two disks https://github.com/sickcodes/Docker-OSX#mount-a-disk-inside-osx-from-the-host

Disable SIP

# inside Recovery Disk shell
csrutil authenticated-root disable
csrutil disable
reboot

Log into Big Sur good one

Unmount the only other disk that you can unmount in disk utility.

Sometimes it's disk3 disk4 or disk5

Remount as writable, as shown below thanks to https://mobile.twitter.com/ebadtweet/status/1275454103900971012

The partition to remount is always s2

sudo mount -o nobrowse -t apfs /dev/diskNsM /path/to/mntpoint

cd your mountpoint

ncdu is handy for finding large files today delete

After finishing, create a snapshot and reboot sudo bless --folder /path/to/mntpoint/System/Library/CoreServices --bootefi --create-snapshot

image

However this image will not shrink when using https://github.com/sickcodes/Docker-OSX#how-to-reduce-the-size-of-the-image

This is crucial for development as we need much smaller images, 40GB is unwieldy for security research and takes even a few minutes on a good SSD to copy it.

sickcodes commented 3 years ago

Reasonable explanation for 40GB image lol!

40gb

sickcodes commented 3 years ago

Testing non-qcow images currently!

EDIT: useless code below do not use!

FAIL READ ONLY

touch "${APFS_NAME}"
fallocate --zero-range --length 50G "${APFS_NAME}" 
mkfs.apfs "${APFS_NAME}"

mkdir -p ./mnt
sudo losetup -f 
sudo losetup /dev/loop0 "${APFS_NAME}"
sudo apfs-fuse -o uid=0,gid=0,allow_other -p 1 /dev/loop0 ./mnt
# mount the disk
ls ./mnt
# private-dir  root
sudo umount ./mnt
sleep 1
sudo losetup -d /dev/loop0

Boot two disks

IMAGE_NAME=${PWD}/mac_hdd_ng_big_sur.img"
DISK_TWO="${PWD}/mac_hdd_ng_nonqcow.img"
docker run -it \
    --device /dev/kvm \
    -e "DISPLAY=${DISPLAY:-:0.0}" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -e RAM=10 \
    -p 50922:10022 \
    -e GENERATE_SPECIFIC=true \
    -e DEVICE_MODEL="${DEVICE_MODEL}" \
    -e SERIAL="${SERIAL}" \
    -e BOARD_SERIAL="${BOARD_SERIAL}" \
    -e UUID="${UUID}" \
    -e MAC_ADDRESS="${MAC_ADDRESS}" \
    -e NETWORKING=vmxnet3 \
    -v "${IMAGE_NAME}":/image \
    -e WIDTH=1600 \
    -e HEIGHT=900 \
    -v "${DISK_TWO}:/disktwo" \
    -e EXTRA='-device ide-hd,bus=sata.5,drive=DISKTWO -drive id=DISKTWO,if=none,file=/disktwo,format=raw' \
    -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
    sickcodes/docker-osx:naked

Installing now...

sickcodes commented 3 years ago

Image can be shrunk later, using a second disk's Big Sur image.

Must be done on another Big Sur.

And must be done on a separate disk as above code because you can't resize while you're booted off recovery EFI disk.

Screenshot_2021-03-19_23-05-52

sickcodes commented 3 years ago

Got it down to 17GB, will be adding :big-sur-auto or :auto-big-sur shortly, or just name it both lol