Hacker News Daily 上看到的工具:「Quickly create and run optimised Windows, macOS and Linux desktop virtual machines.」,對應的討論在「Quickemu: Quickly create and run optimised Win-10,11/macOS/Linux on Linux (github.com/wimpysworld)」這邊可以看到,可以減少自己要設定一堆 QEMU 參數。
雖然專案是支援多系統,但其實 Microsoft Windows 與 Linux 的部份在其他虛擬軟體都很簡單 (像是用 VirtaulBox),大家馬上會注意到的重點還是 macOS 的部份,如果有自己弄過就會知道這東西有夠難裝的,而且跨版本有不同的安裝方式...
目前 Quickemu 支援四個版本:
Supported macOS releases:
- High Sierra
- Mojave
- Catalina (Recommended)
- Big Sur
然後可以看到幾乎所有目前能支援的功能都有設定上去了,包括 VirtIO 與 USB 的部份。
然後一些經典的問題,像是 Big Sur 的音源問題還是沒解:
Full Duplex audio works on macOS High Sierra, Mojave and Catalina.
- macOS Big Sur has no audio at all.
在 Hacker News 的討論串裡面有提到有很多地方沒有檢查,這會是風險:
While I appreciate the effort, and the code is very readable. I just want to give a friendly warning that these shell scripts just download random stuff from the internet and run this random stuff without checking any integrity/signature.
下面的討論另外看到個冷知識,關於蘋果故意走 HTTP 下載 recovery image 是因為 HTTPS 太複雜,在 UEFI firmware 裡面實做容易產生被攻擊的點,所以決定自己透過其他機制確認正確性:
Apple Internet recoveryOS images are served over plain http, on purpose. The macrecovery.py script used by Quickemu uses http¹, though the server supports https.
https://support.apple.com/guide/security/recoveryos-and-diagnostics-environments-sec2512a0c09/web
> When the internet recovery and diagnostic modes were added to Mac computers in 2011, it was decided that it would be better to use the simpler HTTP transport, and handle content authentication using the chunklist mechanism, rather than implement the more complicated HTTPS functionality in the UEFI firmware, and thus increase the firmwareʼs attack surface.
¹https://github.com/acidanthera/OpenCorePkg/blob/4a740c3f256e285c66ca3b65e42b60af6826d343/Utilities/macrecovery/macrecovery.py#L123
[edit] Added macrecovery.py info
另外為了避免直接在 shell script 裡面出現「神秘字串」,可以看到特別的寫法 XDDD
Took a little while to find the magic words in there: https://github.com/wimpysworld/quickemu/blob/af26f41440d63a069045660fad860c797011310a/quickemu#L351
可以想到一些用途,像是在機房裡面跑 CI 的 worker,但要注意這個搞法不符合蘋果的 EULA,現在不抓不代表以後也不會有事,請自己謹慎評估...
然後往 ARM-based 架構後應該門檻就更高了,現在還有 Intel-based 的環境可以用加減用...