Hello all,Attached to this email is a patch that includes one fix and several improvements for the net/i2pd port.
First, the patch addresses an issue related to log handling. By default, i2pd uses a separate log file located at /var/log/i2pd/i2pd.log. However, this file is not rotated by newsyslog(8), causing it to grow without bounds. The proposed solution is to configure i2pd to write its logs to /var/log/daemon by updating the i2pd.conf configuration file.
Second, the directory used to store port-related files changes from /var/lib/i2pd to /var/i2pd, which better aligns with the OpenBSD style. To accomplish this change, the patch updates the PLIST, the RC script, and the i2pd.conf configuration file.
Finally, the i2pd.conf and tunnels.conf configuration files are adjusted to improve security and usability. Specifically, the web interface and the default IRC tunnel are disabled, log verbosity is reduced, and additional address book sources for I2P aliases are configured.
I look forward to any feedback or suggestions. Best regards, David.
Index: net/i2pd/patches/patch-contrib_i2pd_conf =================================================================== RCS file: net/i2pd/patches/patch-contrib_i2pd_conf diff -N net/i2pd/patches/patch-contrib_i2pd_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/i2pd/patches/patch-contrib_i2pd_conf 7 Jan 2026 14:55:16 -0000 @@ -0,0 +1,68 @@ +Index: contrib/i2pd.conf +--- contrib/i2pd.conf.orig ++++ contrib/i2pd.conf +@@ -8,16 +8,16 @@ + + ## Tunnels config file + ## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf +-# tunconf = /var/lib/i2pd/tunnels.conf ++tunconf = /etc/i2pd/tunnels.conf + + ## Tunnels config files path + ## Use that path to store separated tunnels in different config files. + ## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d +-# tunnelsdir = /var/lib/i2pd/tunnels.d ++tunnelsdir = /etc/i2pd/tunnels.d + + ## Path to certificates used for verifying .su3, families + ## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates +-# certsdir = /var/lib/i2pd/certificates ++certsdir = /var/i2pd/certificates + + ## Where to write pidfile (default: /run/i2pd.pid, not used in Windows) + # pidfile = /run/i2pd.pid +@@ -30,12 +30,12 @@ + ## * stdout - print log entries to stdout + ## * file - log entries to a file + ## * syslog - use syslog, see man 3 syslog +-# log = file ++log = syslog + ## Path to logfile (default: autodetect) + # logfile = /var/log/i2pd/i2pd.log + ## Log messages above this level (debug, info, *warn, error, critical, none) + ## If you set it to none, logging will be disabled +-# loglevel = warn ++loglevel = error + ## Write full CLF-formatted date and time to log (default: write only time) + # logclftime = true + +@@ -118,7 +118,7 @@ + [http] + ## Web Console settings + ## Enable the Web Console (default: true) +-# enabled = true ++enabled = false + ## Address and port service will listen on (default: 127.0.0.1:7070) + # address = 127.0.0.1 + # port = 7070 +@@ -149,7 +149,7 @@ + ## because anyone could spoof the short domain via addresshelper and forward other users to phishing links + # addresshelper = true + ## Address of a proxy server inside I2P, which is used to visit regular Internet +-# outproxy = http://false.i2p ++# outproxy = http://5d4s7pcvfdpftfk7npc7hllyujhufsdprtrf4o53i44rgsa2xbwa.b32.i2p + ## httpproxy section also accepts I2CP parameters, like "inbound.length" etc. + + [socksproxy] +@@ -241,9 +241,9 @@ + [addressbook] + ## AddressBook subscription URL for initial setup + ## Default: reg.i2p at "mainline" I2P Network +-# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt ++defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/export/hosts-all.txt + ## Optional subscriptions URLs, separated by comma +-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt ++subscriptions = http://notbob.i2p/hosts-all.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt + + [limits] + ## Maximum active transit sessions (default: 10000) Index: net/i2pd/patches/patch-contrib_tunnels_conf =================================================================== RCS file: net/i2pd/patches/patch-contrib_tunnels_conf diff -N net/i2pd/patches/patch-contrib_tunnels_conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/i2pd/patches/patch-contrib_tunnels_conf 7 Jan 2026 14:55:16 -0000 @@ -0,0 +1,23 @@ +Index: contrib/tunnels.conf +--- contrib/tunnels.conf.orig ++++ contrib/tunnels.conf +@@ -1,11 +1,11 @@ +-[IRC-ILITA] +-type = client +-address = 127.0.0.1 +-port = 6668 +-destination = irc.ilita.i2p +-destinationport = 6667 +-keys = irc-keys.dat +-i2p.streaming.profile=2 ++#[IRC-ILITA] ++#type = client ++#address = 127.0.0.1 ++#port = 6668 ++#destination = irc.ilita.i2p ++#destinationport = 6667 ++#keys = irc-keys.dat ++#i2p.streaming.profile=2 + + #[IRC-IRC2P] + #type = client Index: net/i2pd/pkg/PLIST =================================================================== RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v diff -u -p -u -p -r1.17 PLIST --- net/i2pd/pkg/PLIST 12 Nov 2025 02:13:09 -0000 1.17 +++ net/i2pd/pkg/PLIST 7 Jan 2026 14:55:16 -0000 @@ -1,5 +1,5 @@ @newgroup _i2pd:838 -@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/lib/i2pd:/sbin/nologin +@newuser _i2pd:838:838::i2pd account:${LOCALSTATEDIR}/i2pd:/sbin/nologin @rcscript ${RCDIR}/i2pd @bin bin/i2pd include/i2pd/ @@ -72,11 +72,11 @@ include/i2pd/version.h @owner _i2pd @group _i2pd @sample ${SYSCONFDIR}/i2pd/ -@sample ${LOCALSTATEDIR}/lib/i2pd/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/ -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/router/ +@sample ${LOCALSTATEDIR}/i2pd/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/ +@sample ${LOCALSTATEDIR}/i2pd/certificates/router/ @owner @group @static-lib lib/libi2pdlang.a @@ -87,37 +87,37 @@ share/examples/i2pd/certificates/family/ share/examples/i2pd/certificates/family/gostcoin.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/gostcoin.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/gostcoin.crt @owner @group share/examples/i2pd/certificates/family/i2p-dev.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2p-dev.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2p-dev.crt @owner @group share/examples/i2pd/certificates/family/i2pd-dev.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2pd-dev.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/i2pd-dev.crt @owner @group share/examples/i2pd/certificates/family/mca2-i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/mca2-i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/mca2-i2p.crt @owner @group share/examples/i2pd/certificates/family/stormycloud.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/stormycloud.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/stormycloud.crt @owner @group share/examples/i2pd/certificates/family/volatile.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/volatile.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/family/volatile.crt @owner @group share/examples/i2pd/certificates/reseed/ @@ -129,73 +129,73 @@ share/examples/i2pd/certificates/reseed/ share/examples/i2pd/certificates/reseed/acetone_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/acetone_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/admin_at_stormycloud.org.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/admin_at_stormycloud.org.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/admin_at_stormycloud.org.crt @owner @group share/examples/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt @owner @group share/examples/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/i2p-reseed_at_mk16.de.crt @owner @group share/examples/i2pd/certificates/reseed/igor_at_novg.net.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/igor_at_novg.net.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/igor_at_novg.net.crt @owner @group share/examples/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/orignal_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/orignal_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/rambler_at_mail.i2p.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/rambler_at_mail.i2p.crt @owner @group share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt @owner _i2pd @group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reseed_at_diva.exchange.crt +@sample ${LOCALSTATEDIR}/i2pd/certificates/reseed/reseed_at_diva.exchange.crt @owner @group share/examples/i2pd/i2pd.conf Index: net/i2pd/pkg/i2pd.rc =================================================================== RCS file: /cvs/ports/net/i2pd/pkg/i2pd.rc,v diff -u -p -u -p -r1.4 i2pd.rc --- net/i2pd/pkg/i2pd.rc 11 Mar 2022 19:46:04 -0000 1.4 +++ net/i2pd/pkg/i2pd.rc 7 Jan 2026 14:55:16 -0000 @@ -2,7 +2,7 @@ daemon="${TRUEPREFIX}/bin/i2pd --daemon" daemon_user="_i2pd" -daemon_flags="--service --datadir=${LOCALSTATEDIR}/lib/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d" +daemon_flags="--service --datadir=${LOCALSTATEDIR}/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d" . /etc/rc.d/rc.subr
