Rootless

From The Apple Wiki
This article is about the filesystem scheme for jailbreak packages. For the macOS feature originally codenamed "rootless", see System Integrity Protection.

Rootless is a scheme designed and implemented by the Procursus project. Since the very start of jailbreaking, packages have always been installed directly to the system partition of the device. This had advantages in ensuring package files are organised in expected locations in the filesystem, typically in /Applications, /Library, and /usr, allowing sandbox rules to work as intended. This mixed user-installed packages with the base operating system install, and write access to the system volume is now mitigated by the implementation of Sealed System Volume in iOS 15. Rootless moves all jailbreak packages to /var/jb, predominantly as a long-term solution to the problem posed by SSV. Rootless is implemented starting with palera1n 2.0.[1][2]

/var/jb

Main page: Filesystem:/private/var/jb

/var/jb is a symbolic link to a path located at /private/preboot/$boot-manifest-hash$/procursus. The goal of this is two-fold: to install to a path that is writable, but not affected by sandbox rules that forbid the execution of binaries in /var, and to allow the link to be quickly and safely deleted to evade jailbreak detection.

Packaging

Packages intended for installation on rootless iOS use a deb Architecture value of iphoneos-arm64, to differentiate them from the original iphoneos-arm, now referred to by the community as "rootful". The architecture name is misleading - this does not change anything relating to arm64 packages prior to iOS 15. APT and dpkg's excellent support for multiple architectures allows a package to be released simultaneously for both rootful and rootless devices, while retaining the same package identifier and version numbers. APT will only install the version of the package that matches the appropriate architecture, even if it has an older version number, and dpkg will refuse to install a package of an architecture it hasn't been configured to support.

Releasing on a self-hosted repo

To release a rootless package on a self-hosted repo, edit Release to declare support for the new architecture: 

Architecture: iphoneos-arm iphoneos-arm64

If your repository have Architecture: all or Architecture: any packages, they will be available on both rootless and rootful. As the paths for rootless and rootful are different, this is usually not the desired outcome. In this case, it is recommended that repos/suites for rootless and rootful are seperated.

Zebra currently doesn't check this field, however, Sileo, Cydia, and apt/apt-get require it to include the device's expected architecture, and will display an error message during refresh if it doesn't.

Once the repository has declared support for the architecture, you can release rootless packages on it just as you would have released a rootful package.

If your package still supports rootful in addition to rootless, you can release both packages on the one repo, even if the package identifier and version number are identical. If you intend to discontinue your rootful package and continue only with rootless, you can likewise continue to use the same package identifier and version numbering. APT knows to ignore packages released for architectures not supported by the device.

Ecosystem support

See also: Dev:Updating extensions for iOS 15/16

As can be expected, rootless requires a concerted community effort to fully support. The status of some critical pillars of the community are indicated below.

This list is intended only to document areas of the ecosystem that require attention. Specific tweaks should not be added to this list.

Package Support Notes
Sileo Yes Fully supported as of 2.4.2, partially supported in nightly builds prior to that. Previous versions are not guaranteed to handle multiple architectures correctly.
Zebra Yes Supported as of 1.1.29. Previous versions are not guaranteed to handle multiple architectures correctly.
Cydia No A rootless release of Cydia is currently not expected to be implemented. Packages released as both rootful and rootless will display twice in search results, section lists, etc. However, tapping either item will display the package with the correct architecture for the device.
Theos Yes Supported as of 26 March 2023.
ElleKit Yes ElleKit is used as the hooking platform of palera1n 2.x and Dopamine.
Substitute No A rootless release of Substitute is currently not expected to be implemented.
BigBoss repo Yes Supported as of 6 April 2023.[3]
Chariz repo Yes Supported as of 18 March 2023.
Havoc repo Yes Supported as of 15 March 2023.

References

  1. ^ https://www.reddit.com/r/jailbreak/comments/110le54/discussion_what_does_rootless_mean_for_end_users/ [Archived 2023-02-14 at the Wayback Machine]
  2. ^ https://www.idownloadblog.com/2022/05/13/f-a-q-rootless-ios-15-jailbreak/
  3. ^ https://twitter.com/opa334dev/status/1643999366464565248
Retrieved from "https://theapplewiki.com/index.php?title=Rootless&oldid=213367"