temp fix for users bootstrapping their device without having a rootfs snapshot

[Banaantje04]

without this fix the device is first bootstrapped and then snappy creates a new snapshot instead of renaming because it can't find it. this will cause orig-fs to have procursus's bootstrap in it thus making it impossible to properly restore rootfs to stock. (this fix just moves the snappy commands to before disk0s1s1 is mounted r/w) i don't really know snappy's syntax so that's why i didn't actually fix it, that might come another time if i can get my hands on a snapshotless unbootstrapped checkra1n device to test things

[manrand]

Yes, the intention of snapshot part in the original code (that you propose to patch) is not entirely clear.
You are right that the snapshot is done after modifying /

IIUC the script can be initially launched from:

1. computer: device already jailbroken, snappy needs to be on rootfs already, considering bootstrap_${CFVER}.tar.gz comes with snaputil

2. device: device already jailbroken, snappy needs to be in rootfs

3. device: as part of a jailbreak procedure by some tool, again snappy needs to be there already

Assuming jailbreak procedures always create a snapshot, updating the snapshot as done here by the script shouldn't be needed in case 1 nor 2.

It could be useful in case 3. But since snappy is not part of the bootstraps used here this last execution path seems unlikely.

@m1stadev / @coolstar what's your opinion on this topic?

--
snappy: https://github.com/sbingner/snappy/blob/master/snappy.c ?
snaputil: https://github.com/ahl/apfs/blob/master/snapUtil.c ?

[Banaantje04]

Back when I made this PR there was an issue of users futurerestoring their FaceID device to iOS 14 with iOS 15 SEP, since that combination is partially incompatible on FaceID devices you'd have to interrupt the restore when it gets stuck on installing FaceID firmware. However the snapshot of the rootfs is created after this so it wouldn't get created in this case. As i said in the PR description that is a problem since Checkra1n doesn't do anything with the snapshot until you bootstrap Elucubratus which we don't want. I am not up-to-date with the snapshot issue on faceID devices with partially incompatible SEP so I don't know if this is still relevant (the issue should be fixed regardless imo but in that case properly).

I'm not sure what your intent was with this comment, do you have any question? Anyways I hope this clears up some confusion.

[manrand]

Thanks for your comment. I was not aware of the context your provided.

I'm not sure what your intent was with this comment, do you have any question? Anyways I hope this clears up some confusion.

My intention was twofold: 1) try to get some attention to this issue because your patch made sense to me, yet it had not received any comment (I do not understand the rationale behind the code currently in master); 2) share what I thought could be the rationale for the code

It'd be interesting to know what do the maintainers think about this part of the code

[Banaantje04]

Ohh now you comment makes sense! The script is for odysseyra1n so you can basically take the situation checkra1n creates for granted. So, rootfs is nit bootstrapped but there is a basic bootstrap including snappy in a ramdisk that's mounted. But checkra1n doesn't do anything with the snapshot. So I think this is just an oversight. Someone without a snapshot is quite rare anyways.

[manrand]

But checkra1n doesn't do anything with the snapshot. So I think this is just an oversight. Someone without a snapshot is quite rare anyways.

Thanks for your comment. I think I confused the intent of your patch with my own doubts about where/when is the snapshot being made; checkra1n's code would be helpful but I could not find it, do you know who (what tool) creates the initial snapshot and when?

Since this script is naming the snapshot orig-fs, I'm also wondering why it is done here (by odysseyra1n) and not by checkra1n itself. For instance, the ramdisk appears to include a ssh server and snappy, so checkra1n could have ssh'd to the device to do what the script here does, right?

[Banaantje04]

The snapshot is usually madeby the restore/update process. Stock iOS mounts the snapshot as root instead of the actual underlying fs. However since some people have to interrupt the restore you can end up without one.

The reason checkra1n doesn't do this is because checkra1n doesn't force you to bootstrap. This is precisely why odysseyra1n works. If you bootstrap with elucubratus in the checkra1n loader app instead, it does fix the snapshot for you.

[manrand]

Thanks for the insights. For what is worth, I continued trying to figure out this and came across this comment too: checkra1n/BugTracker#1052 (comment) which together with your explanations helped me understand this better.

Sorry if this kind of sidetracked your PR 😬

[Banaantje04]

Glad to help!

Hehe it's okay, I hastily made this PR because I thought this was an issue that would occur a lot and should be fixed asap. (If checkra1n even comes out for iOS 15 then it might become a bigger issue again.) I should actually redo this fix properly some time.