commit: e1d8d68eb7dd3b4dcae4131550bb81a39fec708f Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Mon May 9 03:17:17 2022 +0000 Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com> CommitDate: Mon May 9 18:36:45 2022 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e1d8d68e
net-vpn/i2pd: Added Signed-off-by: orbea <orbea <AT> riseup.net> Closes: https://github.com/gentoo/libressl/pull/409 Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com> net-vpn/i2pd/Manifest | 1 + net-vpn/i2pd/files/99i2pd | 1 + net-vpn/i2pd/files/i2pd-2.38.0-r1.logrotate | 13 +++++ net-vpn/i2pd/files/i2pd-2.38.0.service | 37 ++++++++++++ net-vpn/i2pd/files/i2pd-2.39.0.initd | 52 +++++++++++++++++ net-vpn/i2pd/files/i2pd-2.41.0-libressl.patch | 20 +++++++ net-vpn/i2pd/files/i2pd-2.6.0-r3.confd | 12 ++++ net-vpn/i2pd/i2pd-2.41.0.ebuild | 83 +++++++++++++++++++++++++++ net-vpn/i2pd/metadata.xml | 24 ++++++++ 9 files changed, 243 insertions(+) diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest new file mode 100644 index 0000000..6f0b942 --- /dev/null +++ b/net-vpn/i2pd/Manifest @@ -0,0 +1 @@ +DIST i2pd-2.41.0.tar.gz 594453 BLAKE2B 36298133f057152445d3f7c83c9983d1e16476066f0139019faf0168142cb8dbed150eccee1e006c0a9f1b67670855fdb38513e8d7992e05122b581890b036a5 SHA512 10ba77d714e4b02f9640c64b16b597550f71bfacf02242bd17cfdc7fc416e0e9bc62a2f1da486161baea397dae3d260fa88359325062b1c587f509058d418d85 diff --git a/net-vpn/i2pd/files/99i2pd b/net-vpn/i2pd/files/99i2pd new file mode 100644 index 0000000..3cf3b46 --- /dev/null +++ b/net-vpn/i2pd/files/99i2pd @@ -0,0 +1 @@ +CONFIG_PROTECT="/var/lib/i2pd/certificates" diff --git a/net-vpn/i2pd/files/i2pd-2.38.0-r1.logrotate b/net-vpn/i2pd/files/i2pd-2.38.0-r1.logrotate new file mode 100644 index 0000000..9245bca --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.38.0-r1.logrotate @@ -0,0 +1,13 @@ +/var/log/i2pd.log { + rotate 4 + weekly + missingok + notifempty + create 640 i2pd i2pd + postrotate + if [ -f /run/i2pd/i2pd.pid ]; then + /bin/kill -HUP $(/bin/cat /run/i2pd/i2pd.pid) + fi + endscript +} + diff --git a/net-vpn/i2pd/files/i2pd-2.38.0.service b/net-vpn/i2pd/files/i2pd-2.38.0.service new file mode 100644 index 0000000..99c1bf2 --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.38.0.service @@ -0,0 +1,37 @@ +[Unit] +Description=C++ daemon for accessing the I2P network +After=network.target + +[Service] +Type=forking +Restart=on-abnormal +User=i2pd +Group=i2pd +LimitNOFILE=4096 + +# restrictions +ProtectSystem=full +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectClock=yes +PrivateUsers=yes +PrivateDevices=yes +PrivateTmp=yes +RestrictNamespaces=yes +RestrictSUIDSGID=yes +CapabilityBoundingSet= +NoNewPrivileges=yes + +RuntimeDirectory=i2pd +RuntimeDirectoryMode=0700 +PIDFile=/run/i2pd/i2pd.pid +ExecStartPre=+/bin/touch /var/log/i2pd.log +ExecStartPre=+/bin/chown i2pd:i2pd /var/log/i2pd.log +ExecStartPre=+/bin/chmod 600 /var/log/i2pd.log +ExecStart=/usr/bin/i2pd --daemon --service --pidfile=${RUNTIME_DIRECTORY}/i2pd.pid --log=file --logfile=/var/log/i2pd.log --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/i2pd/files/i2pd-2.39.0.initd b/net-vpn/i2pd/files/i2pd-2.39.0.initd new file mode 100644 index 0000000..fb4e033 --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.39.0.initd @@ -0,0 +1,52 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +description="C++ daemon for accessing the I2P network" +description_graceful="Graceful shutdown, takes 10 minutes" + +command="/usr/bin/i2pd" +command_args="${I2PD_OPTIONS}" +user="${I2PD_USER}:${I2PD_GROUP}" +start_stop_daemon_args=" + --user \"${user}\" + --pidfile \"${I2PD_PID}\" + --progress +" +retry="SIGTERM/20/SIGKILL/20" + +I2PD_PID_DIR=$(dirname "${I2PD_PID}") + +extra_started_commands="graceful" + +depend() { + use dns logger netmount +} + +start_pre() { + if [ -z "${I2PD_USER}" ] || \ + [ -z "${I2PD_GROUP}" ] || \ + [ -z "${I2PD_PID}" ] || \ + [ -z "${I2PD_LOG}" ] || \ + [ -z "${I2PD_OPTIONS}" ] ; then + eerror "Not all variables I2PD_USER, I2PD_GROUP, I2PD_PID, I2PD_OPTIONS, I2PD_LOG are defined." + eerror "Check your /etc/conf.d/i2pd." + return 1 + fi + checkpath -f -o "${user}" "${I2PD_LOG}" + checkpath -d -m 0750 -o "${user}" "${I2PD_PID_DIR}" +} + +stop_post() { + # #808845 + rm -f "${I2PD_PID}" +} + +graceful() { + # on SIGINT, i2pd stops accepting tunnels and shuts down in 600 seconds + ebegin "Gracefully stopping i2pd, this takes 10 minutes" + mark_service_stopping + eval start-stop-daemon --stop ${start_stop_daemon_args} \ + --exec "${command}" --retry 'SIGINT/620/SIGTERM/20/SIGKILL/20' + eend $? && mark_service_stopped +} diff --git a/net-vpn/i2pd/files/i2pd-2.41.0-libressl.patch b/net-vpn/i2pd/files/i2pd-2.41.0-libressl.patch new file mode 100644 index 0000000..8f18a62 --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.41.0-libressl.patch @@ -0,0 +1,20 @@ +From OpenBSD: + +https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/i2pd/patches/patch-libi2pd_Crypto_h + +Fix build with opaque structs in LibreSSL 3.5 + +Index: libi2pd/Crypto.h +--- a/libi2pd/Crypto.h.orig ++++ b/libi2pd/Crypto.h +@@ -29,7 +29,9 @@ + #include "CPU.h" + + // recognize openssl version and features +-#if ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL ++#if defined(LIBRESSL_VERSION_NUMBER) ++# define LEGACY_OPENSSL 0 ++#elif (OPENSSL_VERSION_NUMBER < 0x010100000) // 1.0.2 and below + # define LEGACY_OPENSSL 1 + # define X509_getm_notBefore X509_get_notBefore + # define X509_getm_notAfter X509_get_notAfter diff --git a/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd b/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd new file mode 100644 index 0000000..d2ef16b --- /dev/null +++ b/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd @@ -0,0 +1,12 @@ +I2PD_USER=i2pd +I2PD_GROUP=i2pd +I2PD_LOG=/var/log/i2pd.log +I2PD_PID=/run/i2pd/i2pd.pid + +# max number of open files (for floodfill) +rc_ulimit="-n 4096" + +# Options to i2pd +I2PD_OPTIONS="--daemon --service --pidfile=${I2PD_PID} \ +--log=file --logfile=${I2PD_LOG} \ +--conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf" diff --git a/net-vpn/i2pd/i2pd-2.41.0.ebuild b/net-vpn/i2pd/i2pd-2.41.0.ebuild new file mode 100644 index 0000000..7a367a8 --- /dev/null +++ b/net-vpn/i2pd/i2pd-2.41.0.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit cmake toolchain-funcs systemd + +DESCRIPTION="A C++ daemon for accessing the I2P anonymous network" +HOMEPAGE="https://github.com/PurpleI2P/i2pd"; +SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="cpu_flags_x86_aes cpu_flags_x86_avx i2p-hardening +upnp" + +RDEPEND=" + acct-user/i2pd + acct-group/i2pd + dev-libs/boost:=[threads(+)] + dev-libs/openssl:0=[-bindist(-)] + sys-libs/zlib + upnp? ( net-libs/miniupnpc:= )" +DEPEND="${RDEPEND}" + +CMAKE_USE_DIR="${WORKDIR}/${P}/build" + +DOCS=( ../README.md ../contrib/i2pd.conf ../contrib/tunnels.conf ) + +PATCHES=( "${FILESDIR}/${P}-libressl.patch" ) + +pkg_pretend() { + if use i2p-hardening && ! tc-is-gcc; then + die "i2p-hardening requires gcc" + fi +} + +src_configure() { + local mycmakeargs=( + -DWITH_AESNI=$(usex cpu_flags_x86_aes ON OFF) + -DWITH_HARDENING=$(usex i2p-hardening ON OFF) + -DWITH_PCH=OFF + -DWITH_STATIC=OFF + -DWITH_UPNP=$(usex upnp ON OFF) + -DWITH_LIBRARY=ON + -DWITH_BINARY=ON + ) + cmake_src_configure +} + +src_install() { + cmake_src_install + + # config + insinto /etc/i2pd + doins contrib/i2pd.conf + doins contrib/tunnels.conf + + # working directory + insinto /var/lib/i2pd + doins -r contrib/certificates + + # add /var/lib/i2pd/certificates to CONFIG_PROTECT + doenvd "${FILESDIR}/99i2pd" + + # openrc and systemd daemon routines + newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd + newinitd "${FILESDIR}/i2pd-2.39.0.initd" i2pd + systemd_newunit "${FILESDIR}/i2pd-2.38.0.service" i2pd.service + + # logrotate + insinto /etc/logrotate.d + newins "${FILESDIR}/i2pd-2.38.0-r1.logrotate" i2pd +} + +pkg_postinst() { + if [[ -f ${EROOT}/etc/i2pd/subscriptions.txt ]]; then + ewarn + ewarn "Configuration of the subscriptions has been moved from" + ewarn "subscriptions.txt to i2pd.conf. We recommend updating" + ewarn "i2pd.conf accordingly and deleting subscriptions.txt." + fi +} diff --git a/net-vpn/i2pd/metadata.xml b/net-vpn/i2pd/metadata.xml new file mode 100644 index 0000000..0c76e2d --- /dev/null +++ b/net-vpn/i2pd/metadata.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person" proxied="yes"> + <email>[email protected]</email> + <name>Alexey Korepanov</name> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>[email protected]</email> + <name>Proxy Maintainers</name> + </maintainer> + <maintainer type="person" proxied="yes"> + <email>[email protected]</email> + <name>Francisco Blas Izquierdo Riera</name> + </maintainer> + <use> + <flag name="i2p-hardening"> + Compile with hardening on vanilla compilers/linkers + </flag> + </use> + <upstream> + <remote-id type="github">PurpleI2P/i2pd</remote-id> + </upstream> +</pkgmetadata>
