-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package: i2pd Version: 2.21.1-1+b1 Severity: normal
- --- Please enter the report below this line. --- I installed i2pd again yesterday and adjusted the config to suit me better. Today when I booted my laptop I saw it in `systemctl --failed`, `journalctl -xe|grep i2pd` says: ``` - -- Subject: Unit i2pd.service has begun start-up - -- Unit i2pd.service has begun starting up. Dec 04 09:17:26 sedric audit[14357]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/i2pd" name="/etc/ssl/openssl.cnf" pid=14357 comm="i2pd" requested_mask="r" denied_mask="r" fsuid=122 ouid= 0 Dec 04 09:17:26 sedric audit[14357]: SYSCALL arch=c000003e syscall=257 success=yes exit=4 a0=ffffff9c a1=55f4869c4ca0 a2=0 a3=0 items=0 ppid=1 pid=14357 auid=4294967295 uid=122 gid=128 euid=122 suid=122 fsuid=122 egid=128 sgid=128 fsgid=128 tty=(none) ses=4294967295 comm="i2pd" exe="/usr/sbin/i2pd" subj==/usr/sbin/i2pd (complain) key=(null) Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Can't open PID file /var/run/i2pd/i2pd.pid (yet?) after start: No such file or directory - -- Subject: Unit i2pd.service has finished start-up - -- Unit i2pd.service has finished starting up. Dec 04 09:17:26 sedric audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=i2pd comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Dec 04 09:17:26 sedric audit[14366]: ANOM_ABEND auid=4294967295 uid=122 gid=128 ses=4294967295 subj==/usr/sbin/i2pd (complain) pid=14366 comm="i2pd" exe="/usr/sbin/i2pd" sig=6 res=1 Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Main process exited, code=killed, status=6/ABRT Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Failed with result 'signal'. Dec 04 09:17:26 sedric audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj==unconfined msg='unit=i2pd comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' ``` Another issue is also visible there, I have to aa-complain i2pd to start it as it wants to read /etc/openssl.conf or similar file, I guess I should report that separately, but at the moment i2pd is not functional for me. ``` └┌(%:~)┌- systemctl status i2pd -l --no-pager ● i2pd.service - I2P Router written in C++ Loaded: loaded (/lib/systemd/system/i2pd.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2018-12-04 09:17:26 EET; 1min 3s ago Docs: man:i2pd(1) https://i2pd.readthedocs.io/en/latest/ Process: 14357 ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf - --tunconf=/etc/i2pd/tunnels.conf --pidfile=/var/run/i2pd/i2pd.pid - --logfile=/var/log/i2pd/i2pd.log --daemon --service (code=exited, status=0/SUCCESS) Main PID: 14366 (code=killed, signal=ABRT) Dec 04 09:17:25 sedric systemd[1]: Starting I2P Router written in C++... Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Can't open PID file /var/run/i2pd/i2pd.pid (yet?) after start: No such file or directory Dec 04 09:17:26 sedric systemd[1]: Started I2P Router written in C++. Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Main process exited, code=killed, status=6/ABRT Dec 04 09:17:26 sedric systemd[1]: i2pd.service: Failed with result 'signal'. ``` Attached is my i2p.conf. The changes I have made from the default i2pd.conf are: * taking a random port which I have removed from the attachment just in case. * disabling IPv4 * enabling IPv6 * uncommenting `nat = true` * bandwidth = O (default: L). However I don't think those are so uncommon configuration changes to cause this issue and the config worked until reboot, I did `systemctl restart i2pd` after editing it. I also don't understand which of these prompted the apparmor error and failing to start until switching to complain mode as I think it didn't happen by default. - --- System information. --- Architecture: Kernel: Linux 4.18.0-2-amd64 Debian Release: buster/sid 990 testing sdscoq7snqtznauu.onion 990 testing deb.torproject.org 990 testing deb.debian.org 500 unstable riot.im 500 syncthing apt.syncthing.net 500 stable dl.google.com 500 buster s3-us-west-2.amazonaws.com 500 buster brave-browser-apt-dev.s3.brave.com 500 buster brave-browser-apt-beta.s3.brave.com - --- Package information. --- Depends (Version) | Installed ====================================================-+-================= = libboost-date-time1.67.0 | 1.67.0-11 libboost-filesystem1.67.0 | 1.67.0-11 libboost-program-options1.67.0 | 1.67.0-11 libboost-system1.67.0 | 1.67.0-11 libc6 (>= 2.14) | libgcc1 (>= 1:3.0) | libminiupnpc17 (>= 1.9.20140610) | libssl1.1 (>= 1.1.1) | libstdc++6 (>= 6) | zlib1g (>= 1:1.1.4) | lsb-base | Package's Recommends field is empty. Package's Suggests field is empty. - -- Mikaela Suomalainen -----BEGIN PGP SIGNATURE----- Comment: Website: https://mikaela.info/ Comment: Public key: https://mikaela.info/PGP/0xB2F32B67.txt Comment: gpg --fetch-keys https://mikaela.info/PGP/0xB2F32B67.txt Comment: Fingerprint = 2910 4A46 C561 5BF9 78A0 83F2 0C20 7F07 B2F3 2B67 iQIzBAEBCgAdFiEEKRBKRsVhW/l4oIPyDCB/B7LzK2cFAlwGLPkACgkQDCB/B7Lz K2cNhQ/9GfkY05Q9tUAIiJxou5EZainfO3tr52GOAyRAH8O50ectV5b7c27yx7LR lV5zE6GPZLkJfudzuebTig8GBFw4GTXMdKZw5zC6H0zaL4s5ZUTF5p+FNyRX5b7K /WBt4DnkE7EEY2bTtQmBHhGYvHX4Kk44XvlOB+6AOL3PF2XZb2ut1P+RxAuL/b1i XwU3HI5/ApZ8+Nr4gcYxsNFziF4fOqb3hNo+KWMAzN5Tzhca582DNM/X1z7Xj9q9 VGbNlSj8KVjmvOdi96al2/F1nfEuUys9I4Xz4NdZCXWRHvYxJjFPHIhM5bBN/cAO ZhqVauaFhxcZ9N76SAO7Ky4VCUkArEUCKipfmP7YGNdIuVH1Ix6+18AwTaghy9Um 7W8NVKQVs/PUzqH1RI1YtxZfXx199vS9Hg8LluzsrhHJR3QAzHInTllcayJmgtBD 5yTasA6wnPhaW7yKkIgStkQfheoDPkAQ1vZFaIMcGsqj+ZUnfPtUZH6xAcCRDIyV oEBVXLubAPNU8TydUzVv/qFFWhtj8Mn89c2AoTNHkvFoKmshvgF7+Sgz8k2jMxwQ nUPLHusQvOF04IzdjhYlW9KX0ake/Q0YiGIQTQyh6zh2Pv74WG0vTwwV2s5sYN4I JJWoKfpKKNtEV3yivSroHiC+qG7hu9ik4QSV8MBMesT+hmaHfQA= =AnSU -----END PGP SIGNATURE-----
## Configuration file for a typical i2pd user ## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/ ## for more options you can use in this file. ## Lines that begin with "## " try to explain what's going on. Lines ## that begin with just "#" are disabled commands: you can enable them ## by removing the "#" symbol. ## Tunnels config file ## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf # tunconf = /var/lib/i2pd/tunnels.conf ## Where to write pidfile (don't write by default) # pidfile = /var/run/i2pd.pid ## Logging configuration section ## By default logs go to stdout with level 'info' and higher ## ## Logs destination (valid values: stdout, file, syslog) ## * stdout - print log entries to stdout ## * file - log entries to a file ## * syslog - use syslog, see man 3 syslog # log = file ## Path to logfile (default - autodetect) # logfile = /var/log/i2pd.log ## Log messages above this level (debug, *info, warn, error, none) ## If you set it to none, logging will be disabled # loglevel = info ## Write full CLF-formatted date and time to log (default: write only time) # logclftime = true ## Daemon mode. Router will go to background after start # daemon = true ## Specify a family, router belongs to (default - none) # family = ## External IP address to listen for connections ## By default i2pd sets IP automatically # host = 1.2.3.4 ## Port to listen for connections ## By default i2pd picks random port. You MUST pick a random number too, ## don't just uncomment this port = RANDOM-PORT-REMOVED-HERE-BY-HAND ## Enable communication through ipv4 ipv4 = false ## Enable communication through ipv6 ipv6 = true ## Network interface to bind to # ifname = ## You can specify different interfaces for IPv4 and IPv6 # ifname4 = # ifname6 = ## Enable NTCP transport (default = true) # ntcp = true ## If you run i2pd behind a proxy server, you can only use NTCP transport with ntcpproxy option ## Should be http://address:port or socks://address:port # ntcpproxy = http://127.0.0.1:8118 ## Enable SSU transport (default = true) # ssu = true ## Should we assume we are behind NAT? (false only in MeshNet) nat = true ## Bandwidth configuration ## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec, ## X - unlimited ## Default is X for floodfill, L for regular node bandwidth = O ## Max % of bandwidth limit for transit. 0-100. 100 by default # share = 100 ## Router will not accept transit tunnels, disabling transit traffic completely ## (default = false) # notransit = true ## Router will be floodfill # floodfill = true [http] ## Web Console settings ## Uncomment and set to 'false' to disable Web Console # enabled = true ## Address and port service will listen on address = 127.0.0.1 port = 7070 ## Uncomment following lines to enable Web Console authentication # auth = true # user = i2pd # pass = changeme [httpproxy] ## Uncomment and set to 'false' to disable HTTP Proxy # enabled = true ## Address and port service will listen on address = 127.0.0.1 port = 4444 ## Optional keys file for proxy local destination # keys = http-proxy-keys.dat ## Enable address helper for adding .i2p domains with "jump URLs" (default: true) # addresshelper = true ## Address of a proxy server inside I2P, which is used to visit regular Internet # outproxy = http://false.i2p ## httpproxy section also accepts I2CP parameters, like "inbound.length" etc. [socksproxy] ## Uncomment and set to 'false' to disable SOCKS Proxy enabled = true ## Address and port service will listen on address = 127.0.0.1 port = 4447 ## Optional keys file for proxy local destination # keys = socks-proxy-keys.dat ## Socks outproxy. Example below is set to use Tor for all connections except i2p ## Uncomment and set to 'true' to enable using of SOCKS outproxy # outproxy.enabled = false ## Address and port of outproxy # outproxy = 127.0.0.1 # outproxyport = 9050 ## socksproxy section also accepts I2CP parameters, like "inbound.length" etc. [sam] ## Uncomment and set to 'true' to enable SAM Bridge enabled = true ## Address and port service will listen on # address = 127.0.0.1 # port = 7656 [bob] ## Uncomment and set to 'true' to enable BOB command channel # enabled = false ## Address and port service will listen on # address = 127.0.0.1 # port = 2827 [i2cp] ## Uncomment and set to 'true' to enable I2CP protocol # enabled = false ## Address and port service will listen on # address = 127.0.0.1 # port = 7654 [i2pcontrol] ## Uncomment and set to 'true' to enable I2PControl protocol # enabled = false ## Address and port service will listen on # address = 127.0.0.1 # port = 7650 ## Authentication password. "itoopie" by default # password = itoopie [precomputation] ## Enable or disable elgamal precomputation table ## By default, enabled on i386 hosts # elgamal = true [upnp] ## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID) # enabled = false ## Name i2pd appears in UPnP forwardings list (default = I2Pd) # name = I2Pd [reseed] ## Options for bootstrapping into I2P network, aka reseeding ## Enable or disable reseed data verification. verify = true ## URLs to request reseed data from, separated by comma ## Default: "mainline" I2P Network reseeds # urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/ ## Path to local reseed data file (.su3) for manual reseeding # file = /path/to/i2pseeds.su3 ## or HTTPS URL to reseed from # file = https://legit-website.com/i2pseeds.su3 ## Path to local ZIP file or HTTPS URL to reseed from # zipfile = /path/to/netDb.zip ## If you run i2pd behind a proxy server, set proxy server for reseeding here ## Should be http://address:port or socks://address:port # proxy = http://127.0.0.1:8118 ## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default # threshold = 25 [addressbook] ## AddressBook subscription URL for initial setup ## Default: inr.i2p at "mainline" I2P Network defaulturl = http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt ## Optional subscriptions URLs, separated by comma subscriptions = http://inr.i2p/export/alive-hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt [limits] ## Maximum active transit sessions (default:2500) # transittunnels = 2500 ## Limit number of open file descriptors (0 - use system limit) # openfiles = 0 ## Maximum size of corefile in Kb (0 - use system limit) # coresize = 0 ## Threshold to start probabalistic backoff with ntcp sessions (0 - use system limit) # ntcpsoft = 0 ## Maximum number of ntcp sessions (0 - use system limit) # ntcphard = 0 [trust] ## Enable explicit trust options. false by default # enabled = true ## Make direct I2P connections only to routers in specified Family. # family = MyFamily ## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities. # routers = ## Should we hide our router from other routers? false by default # hidden = true [exploratory] ## Exploratory tunnels settings with default values # inbound.length = 2 # inbound.quantity = 3 # outbound.length = 2 # outbound.quantity = 3
-----BEGIN PGP SIGNATURE----- Comment: Website: https://mikaela.info/ Comment: Public key: https://mikaela.info/PGP/0xB2F32B67.txt Comment: gpg --fetch-keys https://mikaela.info/PGP/0xB2F32B67.txt Comment: Fingerprint = 2910 4A46 C561 5BF9 78A0 83F2 0C20 7F07 B2F3 2B67 iQIzBAABCgAdFiEEKRBKRsVhW/l4oIPyDCB/B7LzK2cFAlwGLQIACgkQDCB/B7Lz K2e+8w//bHxulDmZxDcljZclth6cqwxF5qSZdjpErjhTO1C+qyimoabliERxFeg9 JTwIzvx6Vq0eB+xMOr94ENpgfreiLrQyzJlhbSJMZt1H8P/mRLmarrbIcXs75gt+ O9pKoIMhD+0f4Q9q0d6ZM58oGWVCywBFkTVkYXfYPTPrzaXThc3pM0rPJ8q5wT3q HLhwSg4uVB4bUYQn8/Lz2PpaVPkejd0WDM/vh/1j3De6P8pNL00TlXdjycxELa+H XJ/I4P1W18Qv7wlGTeHibmpxts+wwKMJUpABEH/T7n8y9PErzJLu2Lw7d6gwPfpL 4qo7aB0hZrlxyM2T8F0lbveL3q8RpWdG19npEox/MDKthpWBi0McCvyeNuV7431/ IMI+NkreSZ9iqhb5zabsWvH0WwCkbvvYmbyjV6gebTMlG5bVi0aHb8E9BCJeZUjN VkXem44OLvjDNhB0VjN8FAJNIPM7rvO3S4imgjILP5jvEY/2Lx3f1seFDPTYFZ3y I/Do7yoYJUeJwWXkOcYxLLqiIZyXV/2AFcl+x/oxg5L6Zfe92a31kyJfyneQyjnX f+f+B55LGeqz8OlpXg4SXYU8+TjOM5NFOCrYJb5Cld+SMRd8whcLtNX2yYpudni3 7MWREj/Th2w+3DS09XW2QypwW63BMLEgujDMHW6Y4kpQILlFTiU= =HNbx -----END PGP SIGNATURE-----