Download raw body.
Fixes and improvements for the net/i2pd port
> Hello all,
>
> Attached to this email is a patch that includes one fix and several
> improvements for the net/i2pd port.
>
> First, the patch addresses an issue related to log handling. By default,
> i2pd uses a separate log file located at /var/log/i2pd/i2pd.log.
> However, this file is not rotated by newsyslog(8), causing it to grow
> without bounds. The proposed solution is to configure i2pd to write its
> logs to /var/log/daemon by updating the i2pd.conf configuration file.
>
> Second, the directory used to store port-related files changes from /
> var/lib/i2pd to /var/i2pd, which better aligns with the OpenBSD style.
> To accomplish this change, the patch updates the PLIST, the RC script,
> and the i2pd.conf configuration file.
I realized that it's better to define the "certsdir" variable in the RC
script to prevent the configuration file from overwriting it. I have
attached the updated patch to this email.
>
> Finally, the i2pd.conf and tunnels.conf configuration files are adjusted
> to improve security and usability. Specifically, the web interface and
> the default IRC tunnel are disabled, log verbosity is reduced, and
> additional address book sources for I2P aliases are configured.
>
> I look forward to any feedback or suggestions.
>
> Best regards,
> David.
Index: net/i2pd/patches/patch-contrib_i2pd_conf
===================================================================
RCS file: net/i2pd/patches/patch-contrib_i2pd_conf
diff -N net/i2pd/patches/patch-contrib_i2pd_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/i2pd/patches/patch-contrib_i2pd_conf 7 Jan 2026 14:55:16 -0000
@@ -0,0 +1,68 @@
+Index: contrib/i2pd.conf
+--- contrib/i2pd.conf.orig
++++ contrib/i2pd.conf
+@@ -8,16 +8,16 @@
+
+ ## Tunnels config file
+ ## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
+-# tunconf = /var/lib/i2pd/tunnels.conf
++tunconf = /etc/i2pd/tunnels.conf
+
+ ## Tunnels config files path
+ ## Use that path to store separated tunnels in different config files.
+ ## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+-# tunnelsdir = /var/lib/i2pd/tunnels.d
++tunnelsdir = /etc/i2pd/tunnels.d
+
+ ## Path to certificates used for verifying .su3, families
+ ## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
+-# certsdir = /var/lib/i2pd/certificates
++certsdir = /var/i2pd/certificates
+
+ ## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
+ # pidfile = /run/i2pd.pid
+@@ -30,12 +30,12 @@
+ ## * stdout - print log entries to stdout
+ ## * file - log entries to a file
+ ## * syslog - use syslog, see man 3 syslog
+-# log = file
++log = syslog
+ ## Path to logfile (default: autodetect)
+ # logfile = /var/log/i2pd/i2pd.log
+ ## Log messages above this level (debug, info, *warn, error, critical, none)
+ ## If you set it to none, logging will be disabled
+-# loglevel = warn
++loglevel = error
+ ## Write full CLF-formatted date and time to log (default: write only time)
+ # logclftime = true
+
+@@ -118,7 +118,7 @@
+ [http]
+ ## Web Console settings
+ ## Enable the Web Console (default: true)
+-# enabled = true
++enabled = false
+ ## Address and port service will listen on (default: 127.0.0.1:7070)
+ # address = 127.0.0.1
+ # port = 7070
+@@ -149,7 +149,7 @@
+ ## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
+ # addresshelper = true
+ ## Address of a proxy server inside I2P, which is used to visit regular Internet
+-# outproxy = http://false.i2p
++# outproxy = http://5d4s7pcvfdpftfk7npc7hllyujhufsdprtrf4o53i44rgsa2xbwa.b32.i2p
+ ## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+ [socksproxy]
+@@ -241,9 +241,9 @@
+ [addressbook]
+ ## AddressBook subscription URL for initial setup
+ ## Default: reg.i2p at "mainline" I2P Network
+-# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
++defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/export/hosts-all.txt
+ ## Optional subscriptions URLs, separated by comma
+-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt
++subscriptions = http://notbob.i2p/hosts-all.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt
+
+ [limits]
+ ## Maximum active transit sessions (default: 10000)
Index: net/i2pd/patches/patch-contrib_tunnels_conf
===================================================================
RCS file: net/i2pd/patches/patch-contrib_tunnels_conf
diff -N net/i2pd/patches/patch-contrib_tunnels_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/i2pd/patches/patch-contrib_tunnels_conf 7 Jan 2026 14:55:16 -0000
@@ -0,0 +1,23 @@
+Index: contrib/tunnels.conf
+--- contrib/tunnels.conf.orig
++++ contrib/tunnels.conf
+@@ -1,11 +1,11 @@
+-[IRC-ILITA]
+-type = client
+-address = 127.0.0.1
+-port = 6668
+-destination = irc.ilita.i2p
+-destinationport = 6667
+-keys = irc-keys.dat
+-i2p.streaming.profile=2
++#[IRC-ILITA]
++#type = client
++#address = 127.0.0.1
++#port = 6668
++#destination = irc.ilita.i2p
++#destinationport = 6667
++#keys = irc-keys.dat
++#i2p.streaming.profile=2
+
+ #[IRC-IRC2P]
+ #type = client
Index: net/i2pd/pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
diff -u -p -u -p -r1.17 PLIST
--- net/i2pd/pkg/PLIST 12 Nov 2025 02:13:09 -0000 1.17
+++ net/i2pd/pkg/PLIST 7 Jan 2026 14:55:16 -0000
@@ -1,5 +1,5 @@
@newgroup _i2pd:838
-@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/lib/i2pd:/sbin/nologin
+@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/i2pd:/sbin/nologin
@rcscript ${RCDIR}/i2pd
@bin bin/i2pd
include/i2pd/
@@ -72,11 +72,11 @@ include/i2pd/version.h
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/
-@sample ${LOCALSTATEDIR}/lib/i2pd/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/router/
+@sample ${LOCALSTATEDIR}/i2pd/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/
+@sample ${LOCALSTATEDIR}/i2pd/certificates/router/
@owner
@group
@static-lib lib/libi2pdlang.a
@@ -87,37 +87,37 @@ share/examples/i2pd/certificates/family/
share/examples/i2pd/certificates/family/gostcoin.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/gostcoin.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/gostcoin.crt
@owner
@group
share/examples/i2pd/certificates/family/i2p-dev.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2p-dev.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2p-dev.crt
@owner
@group
share/examples/i2pd/certificates/family/i2pd-dev.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2pd-dev.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2pd-dev.crt
@owner
@group
share/examples/i2pd/certificates/family/mca2-i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/mca2-i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/mca2-i2p.crt
@owner
@group
share/examples/i2pd/certificates/family/stormycloud.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/stormycloud.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/stormycloud.crt
@owner
@group
share/examples/i2pd/certificates/family/volatile.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/volatile.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/family/volatile.crt
@owner
@group
share/examples/i2pd/certificates/reseed/
@@ -129,73 +129,73 @@ share/examples/i2pd/certificates/reseed/
share/examples/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
@owner
@group
share/examples/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
@owner
@group
share/examples/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt
@owner
@group
share/examples/i2pd/certificates/reseed/igor_at_novg.net.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/igor_at_novg.net.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/igor_at_novg.net.crt
@owner
@group
share/examples/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
@owner _i2pd
@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
+@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
@owner
@group
share/examples/i2pd/i2pd.conf
Index: net/i2pd/pkg/i2pd.rc
===================================================================
RCS file: /cvs/ports/net/i2pd/pkg/i2pd.rc,v
diff -u -p -u -p -r1.4 i2pd.rc
--- net/i2pd/pkg/i2pd.rc 11 Mar 2022 19:46:04 -0000 1.4
+++ net/i2pd/pkg/i2pd.rc 7 Jan 2026 14:55:16 -0000
@@ -2,7 +2,7 @@
daemon="${TRUEPREFIX}/bin/i2pd --daemon"
daemon_user="_i2pd"
-daemon_flags="--service --datadir=${LOCALSTATEDIR}/lib/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d"
+daemon_flags="--service --datadir=${LOCALSTATEDIR}/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d --certsdir=/var/i2pd/certificates"
. /etc/rc.d/rc.subr
Fixes and improvements for the net/i2pd port