Rootless

Rootless is a scheme designed and implemented by the Procursus project. Since the very start of jailbreaking, packages have always been installed directly to the system partition of the device. This had advantages in ensuring package files are organised in expected locations in the filesystem, typically in /Applications, /Library, and /usr, allowing sandbox rules to work as intended. This mixed user-installed packages with the base operating system install, and write access to the system volume is now mitigated by the implementation of Sealed System Volume in iOS 15. Rootless moves all jailbreak packages to /var/jb, predominantly as a long-term solution to the problem posed by SSV. Rootless is implemented starting with palera1n 2.0.

/var/jb
/var/jb is a symbolic link to a path located at /private/preboot/''$boot-manifest-hash. '/procursus. The goal of this is two-fold: to install to a path that is writable, but not affected by sandbox rules that forbid the execution of binaries in /var, and to allow the link to be quickly and safely deleted to evade jailbreak detection.

Packaging
Packages intended for installation on rootless iOS use a deb  value of , to differentiate them from the original  , now referred to by the community as "rootful". The architecture name is misleading - this does not change anything relating to arm64 packages prior to iOS 15. APT and dpkg's excellent support for multiple architectures allows a package to be released simultaneously for both rootful and rootless devices, while retaining the same package identifier and version numbers. APT will only install the version of the package that matches the appropriate architecture, even if it has an older version number, and dpkg will refuse to install a package of an architecture it hasn't been configured to support.

Releasing on a self-hosted repo
To release a rootless package on a self-hosted repo, edit  to declare support for the new architecture:

If your repository have  or   packages, they will be available on both rootless and rootful. As the paths for rootless and rootful are different, this is usually not the desired outcome. In this case, it is recommended that repos/suites for rootless and rootful are seperated.

Zebra currently doesn't check this field, however, Sileo, Cydia, and /  require it to include the device's expected architecture, and will display an error message during refresh if it doesn't.

Once the repository has declared support for the architecture, you can release rootless packages on it just as you would have released a rootful package.

If your package still supports rootful in addition to rootless, you can release both packages on the one repo, even if the package identifier and version number are identical. If you intend to discontinue your rootful package and continue only with rootless, you can likewise continue to use the same package identifier and version numbering. APT knows to ignore packages released for architectures not supported by the device.

Ecosystem support
As can be expected, rootless requires a concerted community effort to fully support. The status of some critical pillars of the community are indicated below.

This list is intended only to document areas of the ecosystem that require attention. Specific tweaks should not be added to this list.