Le Wed, 27 May 2020 13:19:47 +0100, Stuart Henderson <s...@spacehopper.org> a écrit :
> On 2020/05/27 13:58, Solene Rapenne wrote: > > Le Wed, 27 May 2020 12:33:27 +0100, > > Stuart Henderson <s...@spacehopper.org> a écrit : > > > > > On 2020/05/27 13:21, Solene Rapenne wrote: > > > > Le Wed, 27 May 2020 11:55:20 +0100, > > > > Stuart Henderson <s...@spacehopper.org> a écrit : > > > > > > > > it only need to read config in /etc/i2pd/ and read/write in > > > > /var/lib/i2pd/ > > > > > > Does it need to rewrite existing files in /var/lib/i2pd/? > > > > > > > I'm not sure to understand what you mean. /var/lib/i2pd/ is where > > i2pd create files, store cache etc.. so i2pd daemon is pretty > > active there, but that folder is only created by i2pd package and > > populated at installation, then i2pd will create more files in it. > > The version currently in ports has some files created in there by > @sample which are owned by _i2pd - the updated plist in the diff > changes those to being owned by root. > should be fine now, thank you very much for your help files under /var/lib/i2pd and /etc/i2pd are owned by _i2pd:_i2pd and files under /usr/local/ are all owned by root. Index: Makefile =================================================================== RCS file: /cvs/ports/net/i2pd/Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 Makefile --- Makefile 16 Jun 2019 22:13:55 -0000 1.1.1.1 +++ Makefile 27 May 2020 13:06:42 -0000 @@ -4,7 +4,7 @@ COMMENT = client for the I2P anonymous n GH_ACCOUNT = PurpleI2P GH_PROJECT = i2pd -GH_TAGNAME = 2.26.0 +GH_TAGNAME = 2.31.0 CATEGORIES = net HOMEPAGE = https://i2pd.website Index: distinfo =================================================================== RCS file: /cvs/ports/net/i2pd/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- distinfo 16 Jun 2019 22:13:55 -0000 1.1.1.1 +++ distinfo 27 May 2020 13:06:42 -0000 @@ -1,2 +1,2 @@ -SHA256 (i2pd-2.26.0.tar.gz) = KuGJeMh5a7a0W8jP5OHyU3fgz8n8+fRgVLCdwzhO72M= -SIZE (i2pd-2.26.0.tar.gz) = 1073024 +SHA256 (i2pd-2.31.0.tar.gz) = fjerz0np9Z72k5Bp9NdPxr8psJ3uwRG9NWECH8E0lSg= +SIZE (i2pd-2.31.0.tar.gz) = 1092238 Index: patches/patch-build_CMakeLists_txt =================================================================== RCS file: /cvs/ports/net/i2pd/patches/patch-build_CMakeLists_txt,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-build_CMakeLists_txt --- patches/patch-build_CMakeLists_txt 16 Jun 2019 22:13:55 -0000 1.1.1.1 +++ patches/patch-build_CMakeLists_txt 27 May 2020 13:06:42 -0000 @@ -3,7 +3,7 @@ $OpenBSD: patch-build_CMakeLists_txt,v 1 Index: build/CMakeLists.txt --- build/CMakeLists.txt.orig +++ build/CMakeLists.txt -@@ -473,7 +473,7 @@ if (WITH_BINARY) +@@ -456,7 +456,7 @@ if (WITH_BINARY) target_link_libraries(libi2pd ${Boost_LIBRARIES} ${ZLIB_LIBRARY}) target_link_libraries( "${PROJECT_NAME}" libi2pd libi2pdclient ${DL_LIB} ${Boost_LIBRARIES} ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${MINGW_EXTRA} ${DL_LIB} ${CMAKE_REQUIRED_LIBRARIES}) @@ -12,7 +12,7 @@ Index: build/CMakeLists.txt set (APPS "\${CMAKE_INSTALL_PREFIX}/bin/${PROJECT_NAME}${CMAKE_EXECUTABLE_SUFFIX}") set (DIRS "${Boost_LIBRARY_DIR};${OPENSSL_INCLUDE_DIR}/../bin;${ZLIB_INCLUDE_DIR}/../bin;/mingw32/bin") if (MSVC) -@@ -487,7 +487,7 @@ if (WITH_BINARY) +@@ -470,7 +470,7 @@ if (WITH_BINARY) endif () install(FILES ../LICENSE @@ -21,7 +21,7 @@ Index: build/CMakeLists.txt COMPONENT Runtime ) # Take a copy on Appveyor -@@ -498,8 +498,8 @@ install(FILES "C:/projects/openssl-$ENV{OPENSSL}/LICEN +@@ -481,8 +481,8 @@ install(FILES "C:/projects/openssl-$ENV{OPENSSL}/LICEN OPTIONAL # for local builds only! ) @@ -32,7 +32,7 @@ Index: build/CMakeLists.txt # install(DIRECTORY ../ DESTINATION src/ # # OPTIONAL # COMPONENT Source FILES_MATCHING -@@ -508,7 +508,7 @@ install(FILES ${I2PD_SOURCES} DESTINATION src/ COMPONE +@@ -491,7 +491,7 @@ install(FILES ${I2PD_SOURCES} DESTINATION src/ COMPONE # ) file(GLOB I2PD_HEADERS "../libi2pd/*.h" "../libi2pd_client/*.h" "../daemon/*.h") Index: patches/patch-tests_Makefile =================================================================== RCS file: /cvs/ports/net/i2pd/patches/patch-tests_Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-tests_Makefile --- patches/patch-tests_Makefile 16 Jun 2019 22:13:55 -0000 1.1.1.1 +++ patches/patch-tests_Makefile 27 May 2020 13:06:42 -0000 @@ -14,7 +14,7 @@ Index: tests/Makefile test-x25519: ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/Crypto.cpp test-x25519.cpp $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system -@@ -22,11 +22,11 @@ test-x25519: ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndi +@@ -22,14 +22,14 @@ test-x25519: ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndi test-aeadchacha20poly1305: ../libi2pd/Crypto.cpp ../libi2pd/ChaCha20.cpp ../libi2pd/Poly1305.cpp test-aeadchacha20poly1305.cpp $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system @@ -22,6 +22,9 @@ Index: tests/Makefile - $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system +test-blinding: ../libi2pd/Crypto.cpp ../libi2pd/Config.cpp ../libi2pd/Blinding.cpp ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/util.cpp ../libi2pd/Identity.cpp ../libi2pd/Signature.cpp ../libi2pd/Timestamp.cpp test-blinding.cpp + $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system -lboost_program_options-mt + + test-elligator: ../libi2pd/Elligator.cpp ../libi2pd/Crypto.cpp test-elligator.cpp + $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system run: $(TESTS) - @for TEST in $(TESTS); do ./$$TEST ; done Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 PLIST --- pkg/PLIST 16 Jun 2019 22:13:55 -0000 1.1.1.1 +++ pkg/PLIST 27 May 2020 13:06:42 -0000 @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST,v 1.1.1.1 2019/06/16 22:13:55 sthen Exp $ +@comment $OpenBSD: PLIST,v$ @newgroup _i2pd:838 @newuser _i2pd:838:838:daemon:i2pd account:${LOCALSTATEDIR}/lib/i2pd:/sbin/nologin @rcscript ${RCDIR}/i2pd @@ -34,12 +34,16 @@ include/i2pd/DaemonQT.cpp include/i2pd/DaemonWin32.cpp include/i2pd/Datagram.cpp include/i2pd/Datagram.h +include/i2pd/DelayedSaveManager.cpp +include/i2pd/DelayedSaveManagerImpl.cpp include/i2pd/Destination.cpp include/i2pd/Destination.h +include/i2pd/ECIESX25519AEADRatchetSession.cpp +include/i2pd/ECIESX25519AEADRatchetSession.h include/i2pd/Ed25519.cpp include/i2pd/Ed25519.h -include/i2pd/Event.cpp -include/i2pd/Event.h +include/i2pd/Elligator.cpp +include/i2pd/Elligator.h include/i2pd/FS.cpp include/i2pd/FS.h include/i2pd/Family.cpp @@ -106,6 +110,8 @@ include/i2pd/SSUData.cpp include/i2pd/SSUData.h include/i2pd/SSUSession.cpp include/i2pd/SSUSession.h +include/i2pd/Saver.cpp +include/i2pd/SaverImpl.cpp include/i2pd/ServerTunnelPane.cpp include/i2pd/Signature.cpp include/i2pd/Signature.h @@ -136,10 +142,6 @@ include/i2pd/TunnelPool.h include/i2pd/UPnP.cpp include/i2pd/UPnP.h include/i2pd/UnixDaemon.cpp -include/i2pd/WebSocks.cpp -include/i2pd/WebSocks.h -include/i2pd/Websocket.cpp -include/i2pd/Websocket.h include/i2pd/Win32App.cpp include/i2pd/Win32Service.cpp include/i2pd/api.cpp @@ -152,6 +154,7 @@ include/i2pd/pagewithbackbutton.cpp include/i2pd/test-aeadchacha20poly1305.cpp include/i2pd/test-base-64.cpp include/i2pd/test-blinding.cpp +include/i2pd/test-elligator.cpp include/i2pd/test-gost-sig.cpp include/i2pd/test-gost.cpp include/i2pd/test-http-merge_chunked.cpp @@ -166,8 +169,8 @@ include/i2pd/util.h include/i2pd/version.h include/i2pd/widgetlock.cpp include/i2pd/widgetlockregistry.cpp -lib/libi2pd.a -lib/libi2pdclient.a +@static-lib lib/libi2pd.a +@static-lib lib/libi2pdclient.a @bin sbin/i2pd @owner _i2pd @group _i2pd @@ -181,10 +184,10 @@ lib/libi2pdclient.a @group share/doc/i2pd/ share/doc/i2pd/LICENSE +share/doc/pkg-readmes/${PKGSTEM} share/examples/i2pd/ share/examples/i2pd/certificates/ share/examples/i2pd/certificates/family/ -@sample ${LOCALSTATEDIR}/lib/ share/examples/i2pd/certificates/family/gostcoin.crt @owner _i2pd @group _i2pd @@ -213,13 +216,12 @@ share/examples/i2pd/certificates/family/ @owner _i2pd @group _i2pd @sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/volatile.crt -share/examples/i2pd/certificates/reseed/ @owner @group -share/examples/i2pd/certificates/reseed/backup_at_mail.i2p.crt +share/examples/i2pd/certificates/reseed/ @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/backup_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/lib/ @owner @group share/examples/i2pd/certificates/reseed/bugme_at_mail.i2p.crt @@ -241,6 +243,11 @@ share/examples/i2pd/certificates/reseed/ @owner @group share/examples/i2pd/certificates/reseed/hottuna_at_mail.i2p.crt +@owner _i2pd +@group _i2pd +@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hottuna_at_mail.i2p.crt +@owner +@group share/examples/i2pd/certificates/reseed/igor_at_novg.net.crt @owner _i2pd @group _i2pd @@ -265,7 +272,6 @@ share/examples/i2pd/certificates/reseed/ @sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt @owner @group -share/examples/i2pd/certificates/reseed/reseedi2pnetin_at_mail.i2p.crt share/examples/i2pd/certificates/router/ share/examples/i2pd/certificates/router/orignal_at_mail.i2p.crt @owner _i2pd Index: pkg/README =================================================================== RCS file: pkg/README diff -N pkg/README --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pkg/README 27 May 2020 13:06:42 -0000 @@ -0,0 +1,26 @@ +$OpenBSD: README,v 1.2 2020/04/07 17:45:32 kn Exp $ + ++----------------------------------------------------------------------- +| Running ${PKGSTEM} on OpenBSD ++----------------------------------------------------------------------- + +Resource Limits: File Descriptors +================================= + +By default, the _i2pd user, and so the i2pd process runs in the login(1) +class of "daemon". The default limits on file descriptors are +insufficient to run i2pd; instead you should put the _i2pd user and +process in their own login(1) class with tuned resources. You should +also raise the system-wide maxfiles limit. + +1. Configure i2pd login class in the login.conf(5) file: + + i2pd:\ + :openfiles-cur=8192:\ + :openfiles-max=8192:\ + :tc=daemon: + +2. Adjust kern.maxfiles, if needed: + + # sysctl kern.maxfiles=16000 + # echo "kern.maxfiles=16000" >> /etc/sysctl.conf