From: David Uhden Collado Subject: Re: Fixes and improvements for the net/i2pd port To: ports@openbsd.org Cc: openbsd@systemfailure.net Date: Thu, 8 Jan 2026 13:18:00 +0000 > Hello all, > > Attached to this email is a patch that includes one fix and several > improvements for the net/i2pd port. > > First, the patch addresses an issue related to log handling. By default, > i2pd uses a separate log file located at /var/log/i2pd/i2pd.log. > However, this file is not rotated by newsyslog(8), causing it to grow > without bounds. The proposed solution is to configure i2pd to write its > logs to /var/log/daemon by updating the i2pd.conf configuration file. > > Second, the directory used to store port-related files changes from / > var/lib/i2pd to /var/i2pd, which better aligns with the OpenBSD style. > To accomplish this change, the patch updates the PLIST, the RC script, > and the i2pd.conf configuration file. I realized that it's better to define the "certsdir" variable in the RC script to prevent the configuration file from overwriting it. I have attached the updated patch to this email. > > Finally, the i2pd.conf and tunnels.conf configuration files are adjusted > to improve security and usability. Specifically, the web interface and > the default IRC tunnel are disabled, log verbosity is reduced, and > additional address book sources for I2P aliases are configured. > > I look forward to any feedback or suggestions. > > Best regards, > David. Index: net/i2pd/patches/patch-contrib_i2pd_conf =================================================================== RCS file: net/i2pd/patches/patch-contrib_i2pd_conf diff -N net/i2pd/patches/patch-contrib_i2pd_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/i2pd/patches/patch-contrib_i2pd_conf 7 Jan 2026 14:55:16 -0000 @@ -0,0 +1,68 @@ +Index: contrib/i2pd.conf +--- contrib/i2pd.conf.orig ++++ contrib/i2pd.conf +@@ -8,16 +8,16 @@ + + ## Tunnels config file + ## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf +-# tunconf = /var/lib/i2pd/tunnels.conf ++tunconf = /etc/i2pd/tunnels.conf + + ## Tunnels config files path + ## Use that path to store separated tunnels in different config files. + ## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d +-# tunnelsdir = /var/lib/i2pd/tunnels.d ++tunnelsdir = /etc/i2pd/tunnels.d + + ## Path to certificates used for verifying .su3, families + ## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates +-# certsdir = /var/lib/i2pd/certificates ++certsdir = /var/i2pd/certificates + + ## Where to write pidfile (default: /run/i2pd.pid, not used in Windows) + # pidfile = /run/i2pd.pid +@@ -30,12 +30,12 @@ + ## * stdout - print log entries to stdout + ## * file - log entries to a file + ## * syslog - use syslog, see man 3 syslog +-# log = file ++log = syslog + ## Path to logfile (default: autodetect) + # logfile = /var/log/i2pd/i2pd.log + ## Log messages above this level (debug, info, *warn, error, critical, none) + ## If you set it to none, logging will be disabled +-# loglevel = warn ++loglevel = error + ## Write full CLF-formatted date and time to log (default: write only time) + # logclftime = true + +@@ -118,7 +118,7 @@ + [http] + ## Web Console settings + ## Enable the Web Console (default: true) +-# enabled = true ++enabled = false + ## Address and port service will listen on (default: 127.0.0.1:7070) + # address = 127.0.0.1 + # port = 7070 +@@ -149,7 +149,7 @@ + ## because anyone could spoof the short domain via addresshelper and forward other users to phishing links + # addresshelper = true + ## Address of a proxy server inside I2P, which is used to visit regular Internet +-# outproxy = http://false.i2p ++# outproxy = http://5d4s7pcvfdpftfk7npc7hllyujhufsdprtrf4o53i44rgsa2xbwa.b32.i2p + ## httpproxy section also accepts I2CP parameters, like "inbound.length" etc. + + [socksproxy] +@@ -241,9 +241,9 @@ + [addressbook] + ## AddressBook subscription URL for initial setup + ## Default: reg.i2p at "mainline" I2P Network +-# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt ++defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/export/hosts-all.txt + ## Optional subscriptions URLs, separated by comma +-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt ++subscriptions = http://notbob.i2p/hosts-all.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt + + [limits] + ## Maximum active transit sessions (default: 10000) Index: net/i2pd/patches/patch-contrib_tunnels_conf =================================================================== RCS file: net/i2pd/patches/patch-contrib_tunnels_conf diff -N net/i2pd/patches/patch-contrib_tunnels_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/i2pd/patches/patch-contrib_tunnels_conf 7 Jan 2026 14:55:16 -0000 @@ -0,0 +1,23 @@ +Index: contrib/tunnels.conf +--- contrib/tunnels.conf.orig ++++ contrib/tunnels.conf +@@ -1,11 +1,11 @@ +-[IRC-ILITA] +-type = client +-address = 127.0.0.1 +-port = 6668 +-destination = irc.ilita.i2p +-destinationport = 6667 +-keys = irc-keys.dat +-i2p.streaming.profile=2 ++#[IRC-ILITA] ++#type = client ++#address = 127.0.0.1 ++#port = 6668 ++#destination = irc.ilita.i2p ++#destinationport = 6667 ++#keys = irc-keys.dat ++#i2p.streaming.profile=2 + + #[IRC-IRC2P] + #type = client Index: net/i2pd/pkg/PLIST =================================================================== RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v diff -u -p -u -p -r1.17 PLIST --- net/i2pd/pkg/PLIST 12 Nov 2025 02:13:09 -0000 1.17 +++ net/i2pd/pkg/PLIST 7 Jan 2026 14:55:16 -0000 @@ -1,5 +1,5 @@ @newgroup _i2pd:838 -@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/lib/i2pd:/sbin/nologin +@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/i2pd:/sbin/nologin @rcscript ${RCDIR}/i2pd @bin bin/i2pd include/i2pd/ @@ -72,11 +72,11 @@ include/i2pd/version.h @owner _i2pd @group _i2pd @sample ${SYSCONFDIR}/i2pd/ -@sample ${LOCALSTATEDIR}/lib/i2pd/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/router/ +@sample ${LOCALSTATEDIR}/i2pd/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/router/ @owner @group @static-lib lib/libi2pdlang.a @@ -87,37 +87,37 @@ share/examples/i2pd/certificates/family/ share/examples/i2pd/certificates/family/gostcoin.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/gostcoin.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/gostcoin.crt @owner @group share/examples/i2pd/certificates/family/i2p-dev.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2p-dev.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2p-dev.crt @owner @group share/examples/i2pd/certificates/family/i2pd-dev.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2pd-dev.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2pd-dev.crt @owner @group share/examples/i2pd/certificates/family/mca2-i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/mca2-i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/mca2-i2p.crt @owner @group share/examples/i2pd/certificates/family/stormycloud.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/stormycloud.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/stormycloud.crt @owner @group share/examples/i2pd/certificates/family/volatile.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/volatile.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/volatile.crt @owner @group share/examples/i2pd/certificates/reseed/ @@ -129,73 +129,73 @@ share/examples/i2pd/certificates/reseed/ share/examples/i2pd/certificates/reseed/acetone_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/acetone_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/admin_at_stormycloud.org.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/admin_at_stormycloud.org.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/admin_at_stormycloud.org.crt @owner @group share/examples/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt @owner @group share/examples/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt @owner @group share/examples/i2pd/certificates/reseed/igor_at_novg.net.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/igor_at_novg.net.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/igor_at_novg.net.crt @owner @group share/examples/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/orignal_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/orignal_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/rambler_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/rambler_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reseed_at_diva.exchange.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/reseed_at_diva.exchange.crt @owner @group share/examples/i2pd/i2pd.conf Index: net/i2pd/pkg/i2pd.rc =================================================================== RCS file: /cvs/ports/net/i2pd/pkg/i2pd.rc,v diff -u -p -u -p -r1.4 i2pd.rc --- net/i2pd/pkg/i2pd.rc 11 Mar 2022 19:46:04 -0000 1.4 +++ net/i2pd/pkg/i2pd.rc 7 Jan 2026 14:55:16 -0000 @@ -2,7 +2,7 @@ daemon="${TRUEPREFIX}/bin/i2pd --daemon" daemon_user="_i2pd" -daemon_flags="--service --datadir=${LOCALSTATEDIR}/lib/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d" +daemon_flags="--service --datadir=${LOCALSTATEDIR}/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d --certsdir=/var/i2pd/certificates" . /etc/rc.d/rc.subr