Friday, February 06, 2026

Re: Fixes and improvements for the net/i2pd port

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/i2pd/Makefile,v
diff -u -p -r1.31 Makefile
--- Makefile 12 Nov 2025 02:13:09 -0000 1.31
+++ Makefile 15 Jan 2026 02:05:35 -0000
@@ -3,6 +3,7 @@ COMMENT = client for the I2P anonymous n
GH_ACCOUNT = PurpleI2P
GH_PROJECT = i2pd
GH_TAGNAME = 2.58.0
+REVISION = 0

CATEGORIES = net
HOMEPAGE = https://i2pd.website
Index: patches/patch-contrib_i2pd_conf
===================================================================
RCS file: patches/patch-contrib_i2pd_conf
diff -N patches/patch-contrib_i2pd_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-contrib_i2pd_conf 15 Jan 2026 02:05:35 -0000
@@ -0,0 +1,41 @@
+Index: contrib/i2pd.conf
+--- contrib/i2pd.conf.orig
++++ contrib/i2pd.conf
+@@ -8,16 +8,16 @@
+
+ ## Tunnels config file
+ ## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
+-# tunconf = /var/lib/i2pd/tunnels.conf
++tunconf = /etc/i2pd/tunnels.conf
+
+ ## Tunnels config files path
+ ## Use that path to store separated tunnels in different config files.
+ ## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+-# tunnelsdir = /var/lib/i2pd/tunnels.d
++tunnelsdir = /etc/i2pd/tunnels.d
+
+ ## Path to certificates used for verifying .su3, families
+ ## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
+-# certsdir = /var/lib/i2pd/certificates
++certsdir = /etc/i2pd/certificates
+
+ ## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
+ # pidfile = /run/i2pd.pid
+@@ -30,7 +30,7 @@
+ ## * stdout - print log entries to stdout
+ ## * file - log entries to a file
+ ## * syslog - use syslog, see man 3 syslog
+-# log = file
++log = syslog
+ ## Path to logfile (default: autodetect)
+ # logfile = /var/log/i2pd/i2pd.log
+ ## Log messages above this level (debug, info, *warn, error, critical, none)
+@@ -118,7 +118,7 @@
+ [http]
+ ## Web Console settings
+ ## Enable the Web Console (default: true)
+-# enabled = true
++enabled = false
+ ## Address and port service will listen on (default: 127.0.0.1:7070)
+ # address = 127.0.0.1
+ # port = 7070
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
diff -u -p -r1.17 PLIST
--- pkg/PLIST 12 Nov 2025 02:13:09 -0000 1.17
+++ pkg/PLIST 15 Jan 2026 02:05:35 -0000
@@ -1,5 +1,5 @@
@newgroup _i2pd:838
-@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/lib/i2pd:/sbin/nologin
+@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/i2pd:/sbin/nologin
@rcscript ${RCDIR}/i2pd
@bin bin/i2pd
include/i2pd/
@@ -69,14 +69,16 @@ include/i2pd/util.h
include/i2pd/version.h
@static-lib lib/libi2pd.a
@static-lib lib/libi2pdclient.a
+@mode 0750
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/
-@sample ${LOCALSTATEDIR}/lib/i2pd/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/router/
+@mode
+@sample ${LOCALSTATEDIR}/i2pd/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/router/
@owner
@group
@static-lib lib/libi2pdlang.a
@@ -87,127 +89,131 @@ share/examples/i2pd/certificates/family/
share/examples/i2pd/certificates/family/gostcoin.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/gostcoin.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/gostcoin.crt
@owner
@group
share/examples/i2pd/certificates/family/i2p-dev.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2p-dev.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2p-dev.crt
@owner
@group
share/examples/i2pd/certificates/family/i2pd-dev.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2pd-dev.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2pd-dev.crt
@owner
@group
share/examples/i2pd/certificates/family/mca2-i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/mca2-i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/mca2-i2p.crt
@owner
@group
share/examples/i2pd/certificates/family/stormycloud.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/stormycloud.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/stormycloud.crt
@owner
@group
share/examples/i2pd/certificates/family/volatile.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/volatile.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/volatile.crt
@owner
@group
share/examples/i2pd/certificates/reseed/
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/
+@sample ${LOCALSTATEDIR}/
@owner
@group
share/examples/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
@owner
@group
share/examples/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
@owner
@group
share/examples/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt
@owner
@group
share/examples/i2pd/certificates/reseed/igor_at_novg.net.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/igor_at_novg.net.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/igor_at_novg.net.crt
@owner
@group
share/examples/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
@owner
@group
share/examples/i2pd/i2pd.conf
+@mode 0640
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/i2pd.conf
+@mode
@owner
@group
share/examples/i2pd/tunnels.conf
+@mode 0640
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/tunnels.conf
+@mode
@owner
@group
share/examples/login.conf.d/i2pd
Index: pkg/README
===================================================================
RCS file: /cvs/ports/net/i2pd/pkg/README,v
diff -u -p -r1.4 README
--- pkg/README 16 Apr 2024 15:22:32 -0000 1.4
+++ pkg/README 15 Jan 2026 02:05:35 -0000
@@ -24,3 +24,48 @@ and also edit /etc/login.conf.d/i2pd:
:openfiles-cur=8192:\
:openfiles-max=8192:\
:tc=daemon:
+
+
+The HTTP interface
+==================
+
+On OpenBSD, i2pd's HTTP interface is disabled by default, because it
+allows any user on the system to perform actions on the daemon, such
+as shutting it down, or access private data, such as the router
+identity and the tunnels' B32 addresses.
+
+If you want to use this interface anyway, you can reenable it in
+/etc/i2pd/i2pd.conf under the [http] section.
+
+
+Graceful shutdown
+=================
+
+It is good practice to shutdown the i2pd daemon gracefully, to avoid
+immediatly severing all connections, which would disconnect all
+your peers and affect the overall operation of the I2P network.
+
+You can initiate a graceful shutdown without the HTTP interface by
+sending a signal to the i2pd daemon like this:
+
+ kill -INT $(cat /var/i2pd/i2pd.pid)
+
+When it shuts down gracefully, the i2pd daemon waits for all transit
+tunnels to expire, which usually takes 10 minutes.
+
+
+Logging
+=======
+
+By default, the OpenBSD port of ${PKGSTEM} sends its log messages to
+syslogd(8), which writes them to the /var/log/daemon file.
+
+The default log level of ${PKGSTEM} ("warn") can be very verbose. You
+may want to reduce this log verbosity by changing the "loglevel"
+parameter in /etc/i2pd/i2pd.conf.
+
+If you want log messages to be written to another file, e.g.
+/var/i2pd/i2pd.log, you can change the "log" and "logfile" parameters
+in /etc/i2pd/i2pd.conf. To have this log file rotated automatically,
+see `man 8 newsyslog.conf`, and please take into account that the i2pd
+daemon should be restarted gracefully at each rotation.
Index: pkg/i2pd.rc
===================================================================
RCS file: /cvs/ports/net/i2pd/pkg/i2pd.rc,v
diff -u -p -r1.4 i2pd.rc
--- pkg/i2pd.rc 11 Mar 2022 19:46:04 -0000 1.4
+++ pkg/i2pd.rc 15 Jan 2026 02:05:35 -0000
@@ -2,7 +2,7 @@

daemon="${TRUEPREFIX}/bin/i2pd --daemon"
daemon_user="_i2pd"
-daemon_flags="--service --datadir=${LOCALSTATEDIR}/lib/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d"
+daemon_flags="--service --datadir=${LOCALSTATEDIR}/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d --certsdir=${LOCALSTATEDIR}/i2pd/certificates"

. /etc/rc.d/rc.subr

> Here's the patch I came up with, taking into account your remarks and David's proposals:
>
> - /var/i2pd is set as working directory instead of /var/lib/i2pd
> - logs are sent to syslogd by default
> - HTTP interface is disabled by default
> - /etc/i2pd is mode 750, and the config files within this directory are mode 640
>
> Lightly tested on amd64 for now. The port builds fine, all tests are still passing, and it seems to run just fine, as far as I tested.
>
> I hope it will be OK like that.


Could someone commit it? I think the maintainer doesn't have commit
access to the repository.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)