-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: i2pd
Version: 2.21.1-1+b1
Severity: normal
- --- Please enter the report below this line. ---
I installed i2pd again yesterday and adjusted the config to suit me
better. Today when I booted my laptop I saw it in `systemctl --failed`,
`journalctl -xe|grep i2pd` says:
```
- -- Subject: Unit i2pd.service has begun start-up
- -- Unit i2pd.service has begun starting up.
Dec 04 09:17:26 sedric audit[14357]: AVC apparmor="ALLOWED"
operation="open" profile="/usr/sbin/i2pd" name="/etc/ssl/openssl.cnf"
pid=14357 comm="i2pd" requested_mask="r" denied_mask="r" fsuid=122 ouid=
0
Dec 04 09:17:26 sedric audit[14357]: SYSCALL arch=c000003e syscall=257
success=yes exit=4 a0=ffffff9c a1=55f4869c4ca0 a2=0 a3=0 items=0
ppid=1 pid=14357 auid=4294967295 uid=122 gid=128 euid=122 suid=122
fsuid=122 egid=128 sgid=128 fsgid=128 tty=(none) ses=4294967295
comm="i2pd" exe="/usr/sbin/i2pd" subj==/usr/sbin/i2pd (complain)
key=(null)
Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Can't open PID file
/var/run/i2pd/i2pd.pid (yet?) after start: No such file or directory
- -- Subject: Unit i2pd.service has finished start-up
- -- Unit i2pd.service has finished starting up.
Dec 04 09:17:26 sedric audit[1]: SERVICE_START pid=1 uid=0
auid=4294967295 ses=4294967295 subj==unconfined msg='unit=i2pd
comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
Dec 04 09:17:26 sedric audit[14366]: ANOM_ABEND auid=4294967295
uid=122 gid=128 ses=4294967295 subj==/usr/sbin/i2pd (complain)
pid=14366 comm="i2pd" exe="/usr/sbin/i2pd" sig=6 res=1
Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Main process exited,
code=killed, status=6/ABRT
Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Failed with result
'signal'.
Dec 04 09:17:26 sedric audit[1]: SERVICE_STOP pid=1 uid=0
auid=4294967295 ses=4294967295 subj==unconfined msg='unit=i2pd
comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=?
res=failed'
```
Another issue is also visible there, I have to aa-complain i2pd to
start it as it wants to read /etc/openssl.conf or similar file, I
guess I should report that separately, but at the moment i2pd is not
functional for me.
```
└┌(%:~)┌- systemctl status i2pd -l --no-pager
● i2pd.service - I2P Router written in C++
Loaded: loaded (/lib/systemd/system/i2pd.service; enabled; vendor
preset: enabled)
Active: failed (Result: signal) since Tue 2018-12-04 09:17:26 EET;
1min 3s ago
Docs: man:i2pd(1)
https://i2pd.readthedocs.io/en/latest/
Process: 14357 ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf
- --tunconf=/etc/i2pd/tunnels.conf --pidfile=/var/run/i2pd/i2pd.pid
- --logfile=/var/log/i2pd/i2pd.log --daemon --service (code=exited,
status=0/SUCCESS)
Main PID: 14366 (code=killed, signal=ABRT)
Dec 04 09:17:25 sedric systemd[1]: Starting I2P Router written in C++...
Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Can't open PID file
/var/run/i2pd/i2pd.pid (yet?) after start: No such file or directory
Dec 04 09:17:26 sedric systemd[1]: Started I2P Router written in C++.
Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Main process exited,
code=killed, status=6/ABRT
Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Failed with result
'signal'.
```
Attached is my i2p.conf. The changes I have made from the default
i2pd.conf are:
* taking a random port which I have removed from the attachment just
in case.
* disabling IPv4
* enabling IPv6
* uncommenting `nat = true`
* bandwidth = O (default: L).
However I don't think those are so uncommon configuration changes to
cause this issue and the config worked until reboot, I did `systemctl
restart i2pd` after editing it. I also don't understand which of these
prompted the apparmor error and failing to start until switching to
complain mode as I think it didn't happen by default.
- --- System information. ---
Architecture: Kernel: Linux 4.18.0-2-amd64
Debian Release: buster/sid
990 testing sdscoq7snqtznauu.onion 990 testing
deb.torproject.org 990 testing deb.debian.org 500 unstable
riot.im 500 syncthing apt.syncthing.net 500 stable
dl.google.com 500 buster s3-us-west-2.amazonaws.com
500 buster brave-browser-apt-dev.s3.brave.com 500 buster
brave-browser-apt-beta.s3.brave.com
- --- Package information. ---
Depends (Version) | Installed
====================================================-+-=================
=
libboost-date-time1.67.0 | 1.67.0-11
libboost-filesystem1.67.0 | 1.67.0-11
libboost-program-options1.67.0 | 1.67.0-11
libboost-system1.67.0 | 1.67.0-11
libc6 (>= 2.14) | libgcc1
(>= 1:3.0) | libminiupnpc17
(>= 1.9.20140610) | libssl1.1 (>=
1.1.1) | libstdc++6 (>= 6) | zlib1g
(>= 1:1.1.4) | lsb-base
|
Package's Recommends field is empty.
Package's Suggests field is empty.
- --
Mikaela Suomalainen
-----BEGIN PGP SIGNATURE-----
Comment: Website: https://mikaela.info/
Comment: Public key: https://mikaela.info/PGP/0xB2F32B67.txt
Comment: gpg --fetch-keys https://mikaela.info/PGP/0xB2F32B67.txt
Comment: Fingerprint = 2910 4A46 C561 5BF9 78A0 83F2 0C20 7F07 B2F3 2B67
iQIzBAEBCgAdFiEEKRBKRsVhW/l4oIPyDCB/B7LzK2cFAlwGLPkACgkQDCB/B7Lz
K2cNhQ/9GfkY05Q9tUAIiJxou5EZainfO3tr52GOAyRAH8O50ectV5b7c27yx7LR
lV5zE6GPZLkJfudzuebTig8GBFw4GTXMdKZw5zC6H0zaL4s5ZUTF5p+FNyRX5b7K
/WBt4DnkE7EEY2bTtQmBHhGYvHX4Kk44XvlOB+6AOL3PF2XZb2ut1P+RxAuL/b1i
XwU3HI5/ApZ8+Nr4gcYxsNFziF4fOqb3hNo+KWMAzN5Tzhca582DNM/X1z7Xj9q9
VGbNlSj8KVjmvOdi96al2/F1nfEuUys9I4Xz4NdZCXWRHvYxJjFPHIhM5bBN/cAO
ZhqVauaFhxcZ9N76SAO7Ky4VCUkArEUCKipfmP7YGNdIuVH1Ix6+18AwTaghy9Um
7W8NVKQVs/PUzqH1RI1YtxZfXx199vS9Hg8LluzsrhHJR3QAzHInTllcayJmgtBD
5yTasA6wnPhaW7yKkIgStkQfheoDPkAQ1vZFaIMcGsqj+ZUnfPtUZH6xAcCRDIyV
oEBVXLubAPNU8TydUzVv/qFFWhtj8Mn89c2AoTNHkvFoKmshvgF7+Sgz8k2jMxwQ
nUPLHusQvOF04IzdjhYlW9KX0ake/Q0YiGIQTQyh6zh2Pv74WG0vTwwV2s5sYN4I
JJWoKfpKKNtEV3yivSroHiC+qG7hu9ik4QSV8MBMesT+hmaHfQA=
=AnSU
-----END PGP SIGNATURE-----
## Configuration file for a typical i2pd user
## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
## for more options you can use in this file.
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
## Tunnels config file
## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
# tunconf = /var/lib/i2pd/tunnels.conf
## Where to write pidfile (don't write by default)
# pidfile = /var/run/i2pd.pid
## Logging configuration section
## By default logs go to stdout with level 'info' and higher
##
## Logs destination (valid values: stdout, file, syslog)
## * stdout - print log entries to stdout
## * file - log entries to a file
## * syslog - use syslog, see man 3 syslog
# log = file
## Path to logfile (default - autodetect)
# logfile = /var/log/i2pd.log
## Log messages above this level (debug, *info, warn, error, none)
## If you set it to none, logging will be disabled
# loglevel = info
## Write full CLF-formatted date and time to log (default: write only time)
# logclftime = true
## Daemon mode. Router will go to background after start
# daemon = true
## Specify a family, router belongs to (default - none)
# family =
## External IP address to listen for connections
## By default i2pd sets IP automatically
# host = 1.2.3.4
## Port to listen for connections
## By default i2pd picks random port. You MUST pick a random number too,
## don't just uncomment this
port = RANDOM-PORT-REMOVED-HERE-BY-HAND
## Enable communication through ipv4
ipv4 = false
## Enable communication through ipv6
ipv6 = true
## Network interface to bind to
# ifname =
## You can specify different interfaces for IPv4 and IPv6
# ifname4 =
# ifname6 =
## Enable NTCP transport (default = true)
# ntcp = true
## If you run i2pd behind a proxy server, you can only use NTCP transport with
ntcpproxy option
## Should be http://address:port or socks://address:port
# ntcpproxy = http://127.0.0.1:8118
## Enable SSU transport (default = true)
# ssu = true
## Should we assume we are behind NAT? (false only in MeshNet)
nat = true
## Bandwidth configuration
## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
## X - unlimited
## Default is X for floodfill, L for regular node
bandwidth = O
## Max % of bandwidth limit for transit. 0-100. 100 by default
# share = 100
## Router will not accept transit tunnels, disabling transit traffic completely
## (default = false)
# notransit = true
## Router will be floodfill
# floodfill = true
[http]
## Web Console settings
## Uncomment and set to 'false' to disable Web Console
# enabled = true
## Address and port service will listen on
address = 127.0.0.1
port = 7070
## Uncomment following lines to enable Web Console authentication
# auth = true
# user = i2pd
# pass = changeme
[httpproxy]
## Uncomment and set to 'false' to disable HTTP Proxy
# enabled = true
## Address and port service will listen on
address = 127.0.0.1
port = 4444
## Optional keys file for proxy local destination
# keys = http-proxy-keys.dat
## Enable address helper for adding .i2p domains with "jump URLs" (default:
true)
# addresshelper = true
## Address of a proxy server inside I2P, which is used to visit regular Internet
# outproxy = http://false.i2p
## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
[socksproxy]
## Uncomment and set to 'false' to disable SOCKS Proxy
enabled = true
## Address and port service will listen on
address = 127.0.0.1
port = 4447
## Optional keys file for proxy local destination
# keys = socks-proxy-keys.dat
## Socks outproxy. Example below is set to use Tor for all connections except
i2p
## Uncomment and set to 'true' to enable using of SOCKS outproxy
# outproxy.enabled = false
## Address and port of outproxy
# outproxy = 127.0.0.1
# outproxyport = 9050
## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
[sam]
## Uncomment and set to 'true' to enable SAM Bridge
enabled = true
## Address and port service will listen on
# address = 127.0.0.1
# port = 7656
[bob]
## Uncomment and set to 'true' to enable BOB command channel
# enabled = false
## Address and port service will listen on
# address = 127.0.0.1
# port = 2827
[i2cp]
## Uncomment and set to 'true' to enable I2CP protocol
# enabled = false
## Address and port service will listen on
# address = 127.0.0.1
# port = 7654
[i2pcontrol]
## Uncomment and set to 'true' to enable I2PControl protocol
# enabled = false
## Address and port service will listen on
# address = 127.0.0.1
# port = 7650
## Authentication password. "itoopie" by default
# password = itoopie
[precomputation]
## Enable or disable elgamal precomputation table
## By default, enabled on i386 hosts
# elgamal = true
[upnp]
## Enable or disable UPnP: automatic port forwarding (enabled by default in
WINDOWS, ANDROID)
# enabled = false
## Name i2pd appears in UPnP forwardings list (default = I2Pd)
# name = I2Pd
[reseed]
## Options for bootstrapping into I2P network, aka reseeding
## Enable or disable reseed data verification.
verify = true
## URLs to request reseed data from, separated by comma
## Default: "mainline" I2P Network reseeds
# urls =
https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
## Path to local reseed data file (.su3) for manual reseeding
# file = /path/to/i2pseeds.su3
## or HTTPS URL to reseed from
# file = https://legit-website.com/i2pseeds.su3
## Path to local ZIP file or HTTPS URL to reseed from
# zipfile = /path/to/netDb.zip
## If you run i2pd behind a proxy server, set proxy server for reseeding here
## Should be http://address:port or socks://address:port
# proxy = http://127.0.0.1:8118
## Minimum number of known routers, below which i2pd triggers reseeding. 25 by
default
# threshold = 25
[addressbook]
## AddressBook subscription URL for initial setup
## Default: inr.i2p at "mainline" I2P Network
defaulturl =
http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt
## Optional subscriptions URLs, separated by comma
subscriptions =
http://inr.i2p/export/alive-hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
[limits]
## Maximum active transit sessions (default:2500)
# transittunnels = 2500
## Limit number of open file descriptors (0 - use system limit)
# openfiles = 0
## Maximum size of corefile in Kb (0 - use system limit)
# coresize = 0
## Threshold to start probabalistic backoff with ntcp sessions (0 - use system
limit)
# ntcpsoft = 0
## Maximum number of ntcp sessions (0 - use system limit)
# ntcphard = 0
[trust]
## Enable explicit trust options. false by default
# enabled = true
## Make direct I2P connections only to routers in specified Family.
# family = MyFamily
## Make direct I2P connections only to routers specified here. Comma separated
list of base64 identities.
# routers =
## Should we hide our router from other routers? false by default
# hidden = true
[exploratory]
## Exploratory tunnels settings with default values
# inbound.length = 2
# inbound.quantity = 3
# outbound.length = 2
# outbound.quantity = 3
-----BEGIN PGP SIGNATURE-----
Comment: Website: https://mikaela.info/
Comment: Public key: https://mikaela.info/PGP/0xB2F32B67.txt
Comment: gpg --fetch-keys https://mikaela.info/PGP/0xB2F32B67.txt
Comment: Fingerprint = 2910 4A46 C561 5BF9 78A0 83F2 0C20 7F07 B2F3 2B67
iQIzBAABCgAdFiEEKRBKRsVhW/l4oIPyDCB/B7LzK2cFAlwGLQIACgkQDCB/B7Lz
K2e+8w//bHxulDmZxDcljZclth6cqwxF5qSZdjpErjhTO1C+qyimoabliERxFeg9
JTwIzvx6Vq0eB+xMOr94ENpgfreiLrQyzJlhbSJMZt1H8P/mRLmarrbIcXs75gt+
O9pKoIMhD+0f4Q9q0d6ZM58oGWVCywBFkTVkYXfYPTPrzaXThc3pM0rPJ8q5wT3q
HLhwSg4uVB4bUYQn8/Lz2PpaVPkejd0WDM/vh/1j3De6P8pNL00TlXdjycxELa+H
XJ/I4P1W18Qv7wlGTeHibmpxts+wwKMJUpABEH/T7n8y9PErzJLu2Lw7d6gwPfpL
4qo7aB0hZrlxyM2T8F0lbveL3q8RpWdG19npEox/MDKthpWBi0McCvyeNuV7431/
IMI+NkreSZ9iqhb5zabsWvH0WwCkbvvYmbyjV6gebTMlG5bVi0aHb8E9BCJeZUjN
VkXem44OLvjDNhB0VjN8FAJNIPM7rvO3S4imgjILP5jvEY/2Lx3f1seFDPTYFZ3y
I/Do7yoYJUeJwWXkOcYxLLqiIZyXV/2AFcl+x/oxg5L6Zfe92a31kyJfyneQyjnX
f+f+B55LGeqz8OlpXg4SXYU8+TjOM5NFOCrYJb5Cld+SMRd8whcLtNX2yYpudni3
7MWREj/Th2w+3DS09XW2QypwW63BMLEgujDMHW6Y4kpQILlFTiU=
=HNbx
-----END PGP SIGNATURE-----
