[HN Gopher] Run a macOS VM on Apple Silicon from a double-click ...
___________________________________________________________________
Run a macOS VM on Apple Silicon from a double-click with Vimy
Author : akyuu
Score : 93 points
Date : 2023-08-20 16:57 UTC (6 hours ago)
(HTM) web link (eclecticlight.co)
(TXT) w3m dump (eclecticlight.co)
| ChrisMarshallNY wrote:
| This looks very cool.
|
| Since it is Eclectic Light, shipping it, I will bet it's great.
| [deleted]
| bashinator wrote:
| Any example use-cases?
| throwaway-blaze wrote:
| In theory running a different version of the OS for testing. Be
| aware MacOS VMs cannot use iCloud services though, so if your
| goal is CI/CD in the VM none of your tests for iCloud will
| work.
| userbinator wrote:
| _Be aware MacOS VMs cannot use iCloud services though_
|
| I believe it needs extra work but can be done. It's a
| relatively common question in the Hackintosh community and
| they've figured it out.
| stuckkeys wrote:
| It works. You just need a legit serial number from a
| device. I have used one from my mac and it worked.
| hanniabu wrote:
| VirtualBuddy is my favorite mac vm thanks to their file sharing
| folder
|
| https://github.com/insidegui/VirtualBuddy
| Terretta wrote:
| FTA, Vimy has _" folder sharing enabled, with the Custom shared
| folder as the user's Home folder"_.
|
| So does big brother Viable:
|
| https://eclecticlight.co/virtualisation-on-apple-silicon/
| cj wrote:
| Anyone have recommendations for devs looking to run a dev
| environment on a Mac without installing a bunch of dev
| dependencies on the local machine?
|
| My plan right now is to buy a 2nd mac and use VS Code remote
| development over ssh.
| yonatan8070 wrote:
| Why not just have everything you need on your local machine?
|
| (I'm not a Mac user)
| frizlab wrote:
| I am a Mac user and I'm curious to know too
| cj wrote:
| Executing a bunch of npm modules locally, having a Mongo
| and Redis database running 24/7.
|
| I don't have a great answer. One thing I've noticed on Mac
| is that, using Activity Monitor, before installing all the
| dev dependencies for local dev nearly all processes seem to
| run under the local user's user space, but after installing
| a bunch of stuff (with sudo) a ton of processes default to
| running as "system"
|
| I haven't had time to research whether this actually has a
| meaningful impact on security, but TLDR I trust Mac's out
| of the box security, but I instantly stop trusting it the
| moment I start installing a bunch of stuff via Homebrew and
| NPM.
| chrisweekly wrote:
| Strong rec to avoid use of sudo for brew or (p)npm, not
| sure why you'd want to do that.
| newaccount74 wrote:
| sudo or not makes very little difference, unless you
| actually use multiple user accounts with different
| privileges on your Mac.
| comprev wrote:
| nvm for Node + use containers for database services?
| chrisweekly wrote:
| tangent: fnm https://github.com/Schniz/fnm is faster than
| nvm and much cleaner in its shell integration.
| cj wrote:
| nvm doesn't stop npm modules from installing locally.
| many npm modules have pre/post install scripts that
| execute binaries and such that I'd rather not execute
| locally
|
| Docker for Redis/Mongo is reasonable, but npm
| dependencies creeping into the system is something you
| can't really easily undo other than a full wipe and
| reinstall of the OS. Especially when certain modules
| require sudo to install
| [deleted]
| newaccount74 wrote:
| The nice thing about the Mac is that you can run a lot of
| unix tools natively.
|
| But of course, anything that runs on your Mac is a
| potential security hole. Obviously all 3rd party apps
| that you use can compromise security. But it can also be
| your own code: If eg. your rails app has a security
| vulnerability, which is common during development, and
| you run it with your local user, as is common during dev,
| then that vulnerability can potentially compromise all
| your data.
|
| So if you want to be safe, run all your dev stuff in VMs
| or on a separate device, or in a container or something.
|
| Of course, that is cumbersome, and whether it is
| necessary or not depends on what kind of threats you
| expect...
| eyelidlessness wrote:
| You generally shouldn't ever use sudo with either
| Homebrew or NPM.
|
| Homebrew is specifically designed to be used without
| elevated privileges. This has the downside that packages
| are owned by the user which first ran the install (which
| might lead to those packages running with elevated
| privileges after a sudo install as well? I don't know,
| and I'm not eager to find out).
|
| NPM packages are typically either project local (and
| these _definitely_ shouldn't be installed with sudo), or
| "global" (which _should be_ global in the sense of being
| installed on the user's PATH, and thus shouldn't require
| sudo for any normal setup either).
|
| You're right to be cautious about the security
| implications of this.
| jfoutz wrote:
| So, Mac doesn't come with a package manager. There are things
| you can do with port and brew, to alleviate some pain.
|
| Me personally, I fool around with a lot of languages, and
| sometimes I don't quite keep every project up to date with
| the latest version. For work, the situation is even more
| challenging, because I don't have the authority to go tell
| teams to upgrade or not upgrade, but sometimes I need to
| build their projects.
|
| None of this is really Mac specific. I used to use virtual
| box for this, which worked pretty well. I could set up a
| baseline environment and snapshot new boxes with new language
| revs.
|
| Docker can kind of cover this, but I tend to over do it,
| breaking things out into the one you build with, and the one
| you run with, and it's fine, but it's a lot to keep in my
| head. So, I'm kinda flakey about that.
|
| Now, I'm slowly building up some proficiency with nix. I
| think this is what I really want, to swap out the whole chain
| of system dependencies, and build docker containers or vms
| out of that if I need them.
|
| Perhaps I'm a poor sysadmin. _everything_ locally installed
| makes things real weird after a while (years).
| jbverschoor wrote:
| Use orbstack, install things in their own container, Mount
| local volumes
| cj wrote:
| > Perhaps I'm a poor sysadmin. _everything_ locally
| installed makes things real weird after a while (years).
|
| Same experience here (years). Because it's something that
| creeps up over time, the problems aren't obvious overnight.
| fsflover wrote:
| This is one of the good reasons to use Qubes OS.
| moojd wrote:
| My path was vm -> containers -> nix. With nix flakes and
| the direnv extension in vscode you can get a clean per-
| project dev environment with zero docker overhead and
| without dev tools cluttering up your global environment
| and causing issues.
| bonestamp2 wrote:
| [delayed]
| coffeeri wrote:
| Depends on what you are trying to solve. If you don't like the
| fragmentations of dependencies on your system, this won't go
| away on a second machine. Also, I'd point you to hosted VS Code
| environments such as GitHubs code spaces or Gitpod.
|
| You may use something that encapsulates your dev dependencies.
| Some use containers like docker, others use Nix (can be run on
| MacOS ). As Nix has quite a steep learning curve, there are
| abstractions such as devenv or devbox, which I haven't used.
| lostlogin wrote:
| Would UTM be an option?
|
| https://mac.getutm.app/
| chaxor wrote:
| Utm is just qemu, and qemu is actually open source. Utm hides
| an enormous amount of what they do (just saying not open
| source again in a different way), and that's definitely not
| what you want in a base system.
|
| So it would likely be much better to simply install qemu
| instead.
| noodlesUK wrote:
| UTM is open source (Apache2). You can also add any argument
| supported by the bundled version of QEMU using the GUI.
|
| https://github.com/utmapp/UTM/blob/main/LICENSE
| c-hendricks wrote:
| UTM uses qemu or Apple's own virtualization framework,
| which runs macOS.
| navels wrote:
| Current setup on my M1 for dev is to use docker with containers
| for mysql, localstack, rabbitmq, redis, and ruby (debian
| bullseye), all arm64 images, and then VS Code with the remote
| container extension. Was pretty rough going when the M1 first
| came out but is now flawless and lightning fast. Onboarding new
| devs takes an hour instead of a day.
| fredoliveira wrote:
| I've tried a few things:
|
| - Docker, but the docker on mac experience has never been great
| (even if Colima or Orbstack makes that much better)
|
| - A VM running on my mac where I install whatever I need. Tried
| debian, silverblue, and used the opportunity to properly learn
| Nix and use NixOS
|
| - My current setup, especially for hairy projects with
| dependencies I dislike: an intel NUC running in my local
| network that I set up with NixOS which runs everything I need.
| Because I install Tailscale everywhere, I can use it even when
| working from outside my home.
| vorpalhex wrote:
| Raspberry pi or other compact linux machine with code-server
| running in docker. Gets you a web UI that works from anything
| (ie iPad) and you can do docker-in-docker for other containers.
|
| SBCs have less horsepower but you can always run them from a
| USB battery bank, letting you dev on the go.
| syntaxing wrote:
| Are you building apps for Mac/iOS? If not, I have a 12 core
| Ryzen with a 3090 that was the same price as a higher ram Mac
| mini ($1K). I recommend that over another Mac if you're ok
| running *nix.
| rafram wrote:
| The OP is clearly asking about setting up a _Mac_ dev
| environment, so suggesting that they buy a non-Mac machine is
| not helpful.
| smw wrote:
| Does nix or devbox [1] do what you want? Technically installing
| on the local machine, but not in any way that effects you
| unless you ask for it?
|
| [1] https://www.jetpack.io/devbox
| moondev wrote:
| Is it possible to run asahi Linux inside this or any other
| hypervisor on macos?
| vbezhenar wrote:
| Asahi linux made for apple hardware. For virtual hardware you
| can run almost any popular distro like Ubuntu, Fedora.
| pxc wrote:
| I think you can still take advantage of paravirtualization
| without running an OS built for Apple Silicon specifically. You
| can emulate peripherals and the motherboard and stuff without
| emulating the CPU, so you would probably do better just to run
| the regular ARM variant of whatever distro.
|
| Both Arch and Fedora, which some releases of Asahi are based
| on, have regular, shmegular ARM variants.
| _joel wrote:
| It's designed to make future linux easier to run out of the box
| on Mac silicon, not really intended to be run as linux in a VM.
| If you want vms, use UTM https://mac.getutm.app/
| pxc wrote:
| Tart is also very cool. It's not F/OSS but it is source-
| available and its license is liberal about non-commercial and
| small-scale commercial use:
|
| https://github.com/cirruslabs/tart
|
| The very cool thing about Tart is how it uses OCI for OS
| images, so you can use your existing image registry
| infrastructure to host and pull down OS images.
|
| Cilicon is a compatible F/OSS clone that currently only
| supports a subset of that functionality:
| https://github.com/traderepublic/Cilicon
|
| These are more CI-oriented but I like how that makes it easy
| to manage state with them.
|
| If you're _focused_ on Linux VMs and maybe not on GUI stuff
| (although I 'm sure you can make that work), Lima seems to be
| the go-to in the user 'community', as it were:
| https://github.com/lima-vm/lima
|
| If you use ARM guests on Apple Silicon, you should get good
| perf just like with stuff in the OP. (Like UTM, Lima is based
| on QEMU.)
| _joel wrote:
| Yes, played with Tart, forgot about it actually until you
| mentioned it again and not heard of the F/OSS one, so
| thanks for that :)
| chaxor wrote:
| You mean qemu.
|
| Utm is qemu, but they just removed the open source part. So
| it's just definitely worse.
| _joel wrote:
| You can use UTM with Apple's Virtualisation backend too,
| have been for a while and works fine for me
| https://docs.getutm.app/settings-apple/settings-apple/
| robin_reala wrote:
| UTM is open source too though:
| https://github.com/utmapp/UTM#license
| syntaxing wrote:
| This is absolutely awesome and something I always wanted (I'm in
| a 8GB M1 though which I regret often not going to a 16GB). I just
| want to sandbox some of the applications I need to use but don't
| trust on my computer (looking at you Bambu studios). I tried
| using the sandbox feature on macOS but it's unusable for me on
| Ventura.
___________________________________________________________________
(page generated 2023-08-20 23:00 UTC)