net-vpn/i2pd: Added

Signed-off-by: orbea <orbea@riseup.net> Closes: https://github.com/gentoo/libressl/pull/409 Signed-off-by: Quentin Retornaz <gentoo@retornaz.com>
author: orbea <orbea@riseup.net> 2022-05-08 20:17:17 -0700
committer: Quentin Retornaz <gentoo@retornaz.com> 2022-05-09 20:36:45 +0200
commit: e1d8d68eb7dd3b4dcae4131550bb81a39fec708f (patch)
tree: 68aef75764a00281f43b15ed8d202a134f46f59e /net-vpn
parent: sys-auth/pam_p11: Added (diff)
download: libressl-e1d8d68eb7dd3b4dcae4131550bb81a39fec708f.tar.gz
libressl-e1d8d68eb7dd3b4dcae4131550bb81a39fec708f.tar.bz2
libressl-e1d8d68eb7dd3b4dcae4131550bb81a39fec708f.zip
9 files changed, 243 insertions, 0 deletions
diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest
new file mode 100644
index 0000000..6f0b942
--- /dev/null
+++ b/net-vpn/i2pd/Manifest
@@ -0,0 +1 @@
+DIST i2pd-2.41.0.tar.gz 594453 BLAKE2B 36298133f057152445d3f7c83c9983d1e16476066f0139019faf0168142cb8dbed150eccee1e006c0a9f1b67670855fdb38513e8d7992e05122b581890b036a5 SHA512 10ba77d714e4b02f9640c64b16b597550f71bfacf02242bd17cfdc7fc416e0e9bc62a2f1da486161baea397dae3d260fa88359325062b1c587f509058d418d85
diff --git a/net-vpn/i2pd/files/99i2pd b/net-vpn/i2pd/files/99i2pd
new file mode 100644
index 0000000..3cf3b46
--- /dev/null
+++ b/net-vpn/i2pd/files/99i2pd
@@ -0,0 +1 @@
+CONFIG_PROTECT="/var/lib/i2pd/certificates"
diff --git a/net-vpn/i2pd/files/i2pd-2.38.0-r1.logrotate b/net-vpn/i2pd/files/i2pd-2.38.0-r1.logrotate
new file mode 100644
index 0000000..9245bca
--- /dev/null
+++ b/net-vpn/i2pd/files/i2pd-2.38.0-r1.logrotate
@@ -0,0 +1,13 @@
+/var/log/i2pd.log {
+        rotate 4
+        weekly
+        missingok
+        notifempty
+        create 640 i2pd i2pd
+        postrotate
+                if [ -f /run/i2pd/i2pd.pid ]; then
+                    /bin/kill -HUP $(/bin/cat /run/i2pd/i2pd.pid)
+                fi
+        endscript
+}
+
diff --git a/net-vpn/i2pd/files/i2pd-2.38.0.service b/net-vpn/i2pd/files/i2pd-2.38.0.service
new file mode 100644
index 0000000..99c1bf2
--- /dev/null
+++ b/net-vpn/i2pd/files/i2pd-2.38.0.service
@@ -0,0 +1,37 @@
+[Unit]
+Description=C++ daemon for accessing the I2P network
+After=network.target
+
+[Service]
+Type=forking
+Restart=on-abnormal
+User=i2pd
+Group=i2pd
+LimitNOFILE=4096
+
+# restrictions
+ProtectSystem=full
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectClock=yes
+PrivateUsers=yes
+PrivateDevices=yes
+PrivateTmp=yes
+RestrictNamespaces=yes
+RestrictSUIDSGID=yes
+CapabilityBoundingSet=
+NoNewPrivileges=yes
+
+RuntimeDirectory=i2pd
+RuntimeDirectoryMode=0700
+PIDFile=/run/i2pd/i2pd.pid
+ExecStartPre=+/bin/touch /var/log/i2pd.log
+ExecStartPre=+/bin/chown i2pd:i2pd /var/log/i2pd.log
+ExecStartPre=+/bin/chmod 600 /var/log/i2pd.log
+ExecStart=/usr/bin/i2pd --daemon --service --pidfile=${RUNTIME_DIRECTORY}/i2pd.pid --log=file --logfile=/var/log/i2pd.log --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-vpn/i2pd/files/i2pd-2.39.0.initd b/net-vpn/i2pd/files/i2pd-2.39.0.initd
new file mode 100644
index 0000000..fb4e033
--- /dev/null
+++ b/net-vpn/i2pd/files/i2pd-2.39.0.initd
@@ -0,0 +1,52 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="C++ daemon for accessing the I2P network"
+description_graceful="Graceful shutdown, takes 10 minutes"
+
+command="/usr/bin/i2pd"
+command_args="${I2PD_OPTIONS}"
+user="${I2PD_USER}:${I2PD_GROUP}"
+start_stop_daemon_args="
+    --user \"${user}\"
+    --pidfile \"${I2PD_PID}\"
+    --progress
+"
+retry="SIGTERM/20/SIGKILL/20"
+
+I2PD_PID_DIR=$(dirname "${I2PD_PID}")
+
+extra_started_commands="graceful"
+
+depend() {
+    use dns logger netmount
+}
+
+start_pre() {
+    if [ -z "${I2PD_USER}" ] || \
+       [ -z "${I2PD_GROUP}" ] || \
+       [ -z "${I2PD_PID}" ] || \
+       [ -z "${I2PD_LOG}" ] || \
+       [ -z "${I2PD_OPTIONS}" ] ; then
+        eerror "Not all variables I2PD_USER, I2PD_GROUP, I2PD_PID, I2PD_OPTIONS, I2PD_LOG are defined."
+        eerror "Check your /etc/conf.d/i2pd."
+        return 1
+    fi
+    checkpath -f -o "${user}" "${I2PD_LOG}"
+    checkpath -d -m 0750 -o "${user}" "${I2PD_PID_DIR}"
+}
+
+stop_post() {
+    # #808845
+    rm -f "${I2PD_PID}"
+}
+
+graceful() {
+    # on SIGINT, i2pd stops accepting tunnels and shuts down in 600 seconds
+    ebegin "Gracefully stopping i2pd, this takes 10 minutes"
+    mark_service_stopping
+    eval start-stop-daemon --stop ${start_stop_daemon_args} \
+        --exec "${command}" --retry 'SIGINT/620/SIGTERM/20/SIGKILL/20'
+    eend $? && mark_service_stopped
+}
diff --git a/net-vpn/i2pd/files/i2pd-2.41.0-libressl.patch b/net-vpn/i2pd/files/i2pd-2.41.0-libressl.patch
new file mode 100644
index 0000000..8f18a62
--- /dev/null
+++ b/net-vpn/i2pd/files/i2pd-2.41.0-libressl.patch
@@ -0,0 +1,20 @@
+From OpenBSD:
+
+https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/i2pd/patches/patch-libi2pd_Crypto_h
+
+Fix build with opaque structs in LibreSSL 3.5
+
+Index: libi2pd/Crypto.h
+--- a/libi2pd/Crypto.h.orig
++++ b/libi2pd/Crypto.h
+@@ -29,7 +29,9 @@
+ #include "CPU.h"
+ 
+ // recognize openssl version and features
+-#if ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
++#if defined(LIBRESSL_VERSION_NUMBER)
++#   define LEGACY_OPENSSL 0
++#elif (OPENSSL_VERSION_NUMBER < 0x010100000) // 1.0.2 and below
+ #   define LEGACY_OPENSSL 1
+ #   define X509_getm_notBefore X509_get_notBefore
+ #   define X509_getm_notAfter X509_get_notAfter
diff --git a/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd b/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd
new file mode 100644
index 0000000..d2ef16b
--- /dev/null
+++ b/net-vpn/i2pd/files/i2pd-2.6.0-r3.confd
@@ -0,0 +1,12 @@
+I2PD_USER=i2pd
+I2PD_GROUP=i2pd
+I2PD_LOG=/var/log/i2pd.log
+I2PD_PID=/run/i2pd/i2pd.pid
+
+# max number of open files (for floodfill)
+rc_ulimit="-n 4096"
+
+# Options to i2pd
+I2PD_OPTIONS="--daemon --service --pidfile=${I2PD_PID} \
+--log=file --logfile=${I2PD_LOG} \
+--conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf"
diff --git a/net-vpn/i2pd/i2pd-2.41.0.ebuild b/net-vpn/i2pd/i2pd-2.41.0.ebuild
new file mode 100644
index 0000000..7a367a8
--- /dev/null
+++ b/net-vpn/i2pd/i2pd-2.41.0.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake toolchain-funcs systemd
+
+DESCRIPTION="A C++ daemon for accessing the I2P anonymous network"
+HOMEPAGE="https://github.com/PurpleI2P/i2pd"
+SRC_URI="https://github.com/PurpleI2P/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="cpu_flags_x86_aes cpu_flags_x86_avx i2p-hardening +upnp"
+
+RDEPEND="
+	acct-user/i2pd
+	acct-group/i2pd
+	dev-libs/boost:=[threads(+)]
+	dev-libs/openssl:0=[-bindist(-)]
+	sys-libs/zlib
+	upnp? ( net-libs/miniupnpc:= )"
+DEPEND="${RDEPEND}"
+
+CMAKE_USE_DIR="${WORKDIR}/${P}/build"
+
+DOCS=( ../README.md ../contrib/i2pd.conf ../contrib/tunnels.conf )
+
+PATCHES=( "${FILESDIR}/${P}-libressl.patch" )
+
+pkg_pretend() {
+	if use i2p-hardening && ! tc-is-gcc; then
+		die "i2p-hardening requires gcc"
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-DWITH_AESNI=$(usex cpu_flags_x86_aes ON OFF)
+		-DWITH_HARDENING=$(usex i2p-hardening ON OFF)
+		-DWITH_PCH=OFF
+		-DWITH_STATIC=OFF
+		-DWITH_UPNP=$(usex upnp ON OFF)
+		-DWITH_LIBRARY=ON
+		-DWITH_BINARY=ON
+	)
+	cmake_src_configure
+}
+
+src_install() {
+	cmake_src_install
+
+	# config
+	insinto /etc/i2pd
+	doins contrib/i2pd.conf
+	doins contrib/tunnels.conf
+
+	# working directory
+	insinto /var/lib/i2pd
+	doins -r contrib/certificates
+
+	# add /var/lib/i2pd/certificates to CONFIG_PROTECT
+	doenvd "${FILESDIR}/99i2pd"
+
+	# openrc and systemd daemon routines
+	newconfd "${FILESDIR}/i2pd-2.6.0-r3.confd" i2pd
+	newinitd "${FILESDIR}/i2pd-2.39.0.initd" i2pd
+	systemd_newunit "${FILESDIR}/i2pd-2.38.0.service" i2pd.service
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/i2pd-2.38.0-r1.logrotate" i2pd
+}
+
+pkg_postinst() {
+	if [[ -f ${EROOT}/etc/i2pd/subscriptions.txt ]]; then
+		ewarn
+		ewarn "Configuration of the subscriptions has been moved from"
+		ewarn "subscriptions.txt to i2pd.conf. We recommend updating"
+		ewarn "i2pd.conf accordingly and deleting subscriptions.txt."
+	fi
+}
diff --git a/net-vpn/i2pd/metadata.xml b/net-vpn/i2pd/metadata.xml
new file mode 100644
index 0000000..0c76e2d
--- /dev/null
+++ b/net-vpn/i2pd/metadata.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>kaikaikai@yandex.ru</email>
+		<name>Alexey Korepanov</name>
+	</maintainer>
+	<maintainer type="project" proxied="proxy">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<maintainer type="person" proxied="yes">
+		<email>klondike@gentoo.org</email>
+		<name>Francisco Blas Izquierdo Riera</name>
+	</maintainer>
+	<use>
+		<flag name="i2p-hardening">
+			Compile with hardening on vanilla compilers/linkers
+		</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">PurpleI2P/i2pd</remote-id>
+	</upstream>
+</pkgmetadata>
author	orbea <orbea@riseup.net>	2022-05-08 20:17:17 -0700
committer	Quentin Retornaz <gentoo@retornaz.com>	2022-05-09 20:36:45 +0200
commit	e1d8d68eb7dd3b4dcae4131550bb81a39fec708f (patch)
tree	68aef75764a00281f43b15ed8d202a134f46f59e /net-vpn
parent	sys-auth/pam_p11: Added (diff)
download	libressl-e1d8d68eb7dd3b4dcae4131550bb81a39fec708f.tar.gz libressl-e1d8d68eb7dd3b4dcae4131550bb81a39fec708f.tar.bz2 libressl-e1d8d68eb7dd3b4dcae4131550bb81a39fec708f.zip