loveisgrief/Reseed_Tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: loveisgrief:master
Branches Tags
loveisgrief:master loveisgrief:alt-master loveisgrief:bug-cannot-autogenerate-self_signed-keys loveisgrief:bug-cannot-start-container loveisgrief:ci-build-images loveisgrief:docker loveisgrief:RTradeLtd-libp2p
loveisgrief:v0.0.9 loveisgrief:v0.0.8 loveisgrief:v0.0.4a-release loveisgrief:v_0.0.04-release loveisgrief:v.0.0.4-release loveisgrief:0.0.4_read-release loveisgrief:0.0.4.readme-release loveisgrief:v0.0.4-release loveisgrief:0.0.4-release loveisgrief:push_already loveisgrief:v_0.0.4 loveisgrief:still_testing loveisgrief:0.0.4 loveisgrief:test loveisgrief:v0.0.7 loveisgrief:v0.0.6 loveisgrief:v0.0.5 loveisgrief:v0.0.4 loveisgrief:v0.0.3 loveisgrief:v0.0.2 loveisgrief:v0.0.1
..
compare: loveisgrief:docker
Branches Tags
loveisgrief:master loveisgrief:alt-master loveisgrief:bug-cannot-autogenerate-self_signed-keys loveisgrief:bug-cannot-start-container loveisgrief:ci-build-images loveisgrief:docker loveisgrief:RTradeLtd-libp2p
loveisgrief:v0.0.9 loveisgrief:v0.0.8 loveisgrief:v0.0.4a-release loveisgrief:v_0.0.04-release loveisgrief:v.0.0.4-release loveisgrief:0.0.4_read-release loveisgrief:0.0.4.readme-release loveisgrief:v0.0.4-release loveisgrief:0.0.4-release loveisgrief:push_already loveisgrief:v_0.0.4 loveisgrief:still_testing loveisgrief:0.0.4 loveisgrief:test loveisgrief:v0.0.7 loveisgrief:v0.0.6 loveisgrief:v0.0.5 loveisgrief:v0.0.4 loveisgrief:v0.0.3 loveisgrief:v0.0.2 loveisgrief:v0.0.1

2 Commits
master ... docker

Author SHA1 Message Date
idk
c1ee187137 Merge branch 'master' of github.com:eyedeekay/i2p-tools-1 into docker 2020-05-06 20:30:44 -04:00
idk
da30f0cb31 Trigger build 2020-05-06 20:29:46 -04:00
47 changed files with 664 additions and 2481 deletions
Expand all files Collapse all files

23
.dockerignore
View File

@@ -1,23 +0,0 @@
.idea
.git
.gitlab-ci.yml
.vscode
# CI cache folder storing docker images
ci-exports
/i2p-tools
/cert.pem
/key.pem
/_netdb
i2pseeds.su3
*.pem
onion.key
tmp/
i2p-tools-*
*.crl
*.crt
*.pem
plugin
reseed-tools*
data-dir*

8
.gitignore vendored
View File

@@ -5,11 +5,3 @@
i2pseeds.su3
*.pem
onion.key
tmp/
i2p-tools-*
*.crl
*.crt
*.pem
plugin
reseed-tools*
data-dir*

106
.gitlab-ci.yml
View File

@@ -1,106 +0,0 @@
image: docker:19.03.12
stages:
- docker_test
- docker_push
variables:
# When using dind service, we need to instruct docker to talk with
# the daemon started inside of the service. The daemon is available
# with a network connection instead of the default
# /var/run/docker.sock socket. Docker 19.03 does this automatically
# by setting the DOCKER_HOST in
# https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29
#
# The 'docker' hostname is the alias of the service container as described at
# https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services.
#
# Specify to Docker where to create the certificates, Docker will
# create them automatically on boot, and will create
# `/certs/client` that will be shared between the service and job
# container, thanks to volume mount from config.toml
DOCKER_TLS_CERTDIR: "/certs"
# Use TLS https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
DOCKER_HOST: tcp://docker:2376
services:
- docker:19.03.12-dind
.docker_cache:
cache:
# The same key should be used across branches
key: "$CI_COMMIT_REF_SLUG"
paths:
- ci-exports/*.tar
# Make sure we can build a docker image
# It's cached for later jobs
build_docker:
extends:
- .docker_cache
stage: docker_test
script:
# Try to load latest branch image from local tar or from registry
- docker load ci-exports/$CI_COMMIT_REF_SLUG.tar || docker pull $CI_REGISTRY_IMAGE:latest || true
- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:latest .
- mkdir -p ci-exports/
- docker save $CI_REGISTRY_IMAGE:latest > ci-exports/$CI_COMMIT_REF_SLUG.tar
# Publishes the configured CI registry (by default that's gitlab's registry)
push_ci_registry:
extends:
- .docker_cache
stage: docker_push
cache:
policy: pull
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
- docker tag $CI_REGISTRY_IMAGE:latest $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $CI_REGISTRY_IMAGE:latest
only:
refs:
# Make sure to protect these tags!
- /^v(\d+\.){2,3}\d+$/
- /.+-release$/
variables:
- $CI_REGISTRY
- $CI_REGISTRY_USER
- $CI_REGISTRY_PASSWORD
- $CI_REGISTRY_IMAGE
# Publishes the cached image to docker
push_dockerhub_registry:
extends:
- .docker_cache
stage: docker_push
cache:
policy: pull
before_script:
- docker login -u $DOCKERHUB_REGISTRY_USER -p $DOCKERHUB_REGISTRY_PASSWORD $DOCKERHUB_REGISTRY
script:
- cat ci-exports/$CI_COMMIT_REF_SLUG.tar | docker load
- docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker tag $CI_REGISTRY_IMAGE:latest $DOCKERHUB_REGISTRY_IMAGE:latest
- docker push $DOCKERHUB_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $DOCKERHUB_REGISTRY_IMAGE:latest
# Push the readme to dockerhub
- >-
docker run -v $PWD:/workspace
-e DOCKERHUB_USERNAME="$DOCKERHUB_REGISTRY_USER"
-e DOCKERHUB_PASSWORD="$DOCKERHUB_REGISTRY_PASSWORD"
-e DOCKERHUB_REPOSITORY="$DOCKERHUB_REGISTRY_IMAGE"
-e README_FILEPATH='/workspace/README.md'
peterevans/dockerhub-description:2
only:
refs:
# Make sure to protect these tags!
- /^v(\d+\.){2,3}\d+$/
- /.+-release$/
variables:
- $DOCKERHUB_REGISTRY
- $DOCKERHUB_REGISTRY_USER
- $DOCKERHUB_REGISTRY_PASSWORD
- $DOCKERHUB_REGISTRY_IMAGE

11
CHANGELOG.md
View File

@@ -1,12 +1,3 @@
2021-12-16
* app.Version = "0.2.11"
* include license file in plugin
2021-12-14
* app.Version = "0.2.10"
* restart changelog
* fix websiteURL in plugin.config
2019-04-21
* app.Version = "0.1.7"
* enabling TLS 1.3 *only*
@@ -40,4 +31,4 @@
* numRi per su3 file: 75 --> 77
2016-01
* fork from https://i2pgit.org/idk/reseed-tools
* fork from https://github.com/MDrollette/i2p-tools

57
DOCKER.md
View File

@@ -1,57 +0,0 @@
### Docker
To make it easier to deploy reseeds, it is possible to run this software as a
Docker image. Because the software requires access to a network database to host
a reseed, you will need to mount the netDb as a volume inside your docker
container to provide access to it, and you will need to run it as the same user
and group inside the container as I2P.
When you run a reseed under Docker in this fashion, it will automatically
generate a self-signed certificate for your reseed server in a Docker volume
mamed reseed-keys. *Back up this directory*, if it is lost it is impossible
to reproduce.
Please note that Docker is not currently compatible with .onion reseeds unless
you pass the --network=host tag.
#### If I2P is running as your user, do this:
docker run -itd \
--name reseed \
--publish 443:8443 \
--restart always \
--volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
#### If I2P is running as another user, do this:
docker run -itd \
--name reseed \
--user $(I2P_UID) \
--group-add $(I2P_GID) \
--publish 443:8443 \
--restart always \
--volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
#### **Debian/Ubuntu and Docker**
In many cases I2P will be running as the Debian system user ```i2psvc```. This
is the case for all installs where Debian's Advanced Packaging Tool(apt) was
used to peform the task. If you used ```apt-get install``` this command will
work for you. In that case, just copy-and-paste:
docker run -itd \
--name reseed \
--user $(id -u i2psvc) \
--group-add $(id -g i2psvc) \
--publish 443:8443 \
--restart always \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE

10
Dockerfile
View File

@@ -1,14 +1,14 @@
FROM debian:stable-backports
ARG I2P_GID=1000
ARG I2P_UID=1000
COPY . /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools
WORKDIR /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools
COPY . /var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1
WORKDIR /var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1
RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install -y git golang-go make && \
apt-get install -y git golang-1.13-go make && \
mkdir -p /var/lib/i2p/i2p-config/reseed && \
chown -R $I2P_UID:$I2P_GID /var/lib/i2p && chmod -R o+rwx /var/lib/i2p
RUN go build -v -tags netgo -ldflags '-w -extldflags "-static"'
RUN /usr/lib/go-1.13/bin/go build -v -tags netgo -ldflags '-w -extldflags "-static"'
USER $I2P_UID
WORKDIR /var/lib/i2p/i2p-config/reseed
ENTRYPOINT [ "/var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/entrypoint.sh" ]
ENTRYPOINT [ "/var/lib/i2p/go/src/github.com/eyedeekay/i2p-tools-1/i2p-tools-1", "reseed", "--yes=true", "--netdb=/var/lib/i2p/i2p-config/netDb" ]

46
EXAMPLES.md
View File

@@ -1,46 +0,0 @@
## Example Commands:
### Without a webserver, standalone, automatic OnionV3 with TLS support
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --i2p --p2p
```
### Without a webserver, standalone, serve P2P with LibP2P
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --p2p
```
### Without a webserver, standalone, upload a single signed .su3 to github
* This one isn't working yet, I'll get to it eventually, I've got a cooler idea now.
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --github --ghrepo=reseed-tools --ghuser=eyedeekay
```
### Without a webserver, standalone, in-network reseed
```
./reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --i2p
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS
```
./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, and LibP2P
```
./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, I2P In-Network reseed, and LibP2P, self-supervising
```
./reseed-tools reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p --littleboss=start
```

262
Makefile
View File

@@ -1,107 +1,71 @@
VERSION=0.2.12
APP=reseed-tools
VERSION=0.0.3
APP=i2p-tools-1
USER_GH=eyedeekay
CGO_ENABLED=0
export CGO_ENABLED=0
PLUGIN_PORT=7671
export PLUGIN_PORT=7671
GOOS?=$(shell uname -s | tr A-Z a-z)
GOARCH?="amd64"
ARG=-v -tags netgo -ldflags '-w -extldflags "-static"'
#MIN_GO_VERSION=`ls /usr/lib/go-1.14 2>/dev/null >/dev/null && echo 1.14`
MIN_GO_VERSION?=1.15
MIN_GO_VERSION=`ls /usr/lib/go-1.14 2>/dev/null >/dev/null && echo 1.14`
MIN_GO_VERSION?=1.13
I2P_UID=$(shell id -u i2psvc)
I2P_GID=$(shell id -g i2psvc)
WHOAMI=$(shell whoami)
echo:
@echo "type make version to do release $(APP) $(VERSION) $(GOOS) $(GOARCH) $(MIN_GO_VERSION) $(I2P_UID) $(I2P_GID)"
index:
@echo "<!DOCTYPE html>" > index.html
@echo "<html>" >> index.html
@echo "<head>" >> index.html
@echo " <title>Reseed Tools</title>" >> index.html
@echo " <link rel=\"stylesheet\" type=\"text/css\" href =\"/style.css\" />" >> index.html
@echo "</head>" >> index.html
@echo "<body>" >> index.html
pandoc README.md >> index.html
@echo "</body>" >> index.html
@echo "</html>" >> index.html
version:
cat README.md | gothub release -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
build:
go build $(ARG) -o reseed-tools-$(GOOS)-$(GOARCH)
edit:
cat README.md | gothub edit -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
1.15-build: gofmt
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build $(ARG) -o reseed-tools-$(GOOS)-$(GOARCH)
upload: binary tar
gothub upload -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f ../i2p-tools.tar.xz -n "i2p-tools.tar.xz"
build: gofmt
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build $(ARG) -o i2p-tools-$(GOOS)-$(GOARCH)
clean:
rm reseed-tools-* tmp -rfv *.deb plugin reseed-tools
rm i2p-tools-* *.key *.i2pKeys *.crt *.crl *.pem tmp -rf
binary:
GOOS=darwin GOARCH=amd64 make build
GOOS=linux GOARCH=386 make build
GOOS=linux GOARCH=amd64 make build
GOOS=linux GOARCH=arm make build
GOOS=linux GOARCH=arm64 make build
GOOS=openbsd GOARCH=amd64 make build
GOOS=freebsd GOARCH=386 make build
GOOS=freebsd GOARCH=amd64 make build
tar:
tar --exclude="./.git" --exclude="./tmp" --exclude=".vscode" --exclude="./*.pem" --exclude="./*.crl" --exclude="./*.crt" -cvf ../reseed-tools.tar.xz .
tar --exclude="./.git" --exclude="./tmp" -cvf ../i2p-tools.tar.xz .
install:
install -m755 reseed-tools-$(GOOS)-$(GOARCH) /usr/bin/reseed-tools
install -m644 etc/default/reseed /etc/default/reseed
install -m755 i2p-tools-$(GOOS)-$(GOARCH) /usr/local/bin/i2p-tools
install -m755 etc/init.d/reseed /etc/init.d/reseed
mkdir -p /etc/systemd/system/reseed.d/
mkdir -p /var/lib/i2p
install -g i2psvc -o i2psvc -d /var/lib/i2p/i2p-config/reseed/
cp -r content /var/lib/i2p/i2p-config/reseed/content
chown -R i2psvc:i2psvc /var/lib/i2p/i2p-config/reseed/
install -m644 etc/systemd/system/reseed.d/reseed.conf /etc/systemd/system/reseed.d/reseed.conf
install -m644 etc/systemd/system/reseed.d/reseed.service /etc/systemd/system/reseed.d/reseed.service
uninstall:
rm /usr/bin/reseed-tools
rm /etc/default/reseed
rm /etc/init.d/reseed
rm /etc/systemd/system/reseed.d/reseed.conf
rm /etc/systemd/system/reseed.d/reseed.service
rm -rf /var/lib/i2p/i2p-config/reseed/
checkinstall: build
fakeroot checkinstall \
--default \
--install=no \
--fstrans=yes \
--pkgname=reseed-tools \
--pkgversion=$(VERSION) \
--pkggroup=net \
--pkgrelease=1 \
--pkgsource="https://i2pgit.org/idk/reseed-tools" \
--maintainer="$(SIGNER)" \
--requires="i2p,i2p-router" \
--suggests="i2p,i2p-router,syndie,tor,tsocks" \
--nodoc \
--deldoc=yes \
--deldesc=yes \
--backup=no
### You shouldn't need to use these now that the go mod require rule is fixed,
## but I'm leaving them in here because it made it easier to test that both
## versions behaved the same way. -idk
build-fork:
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o reseed-tools-idk
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o i2p-tools-idk
build-unfork:
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o reseed-tools-md
/usr/lib/go-$(MIN_GO_VERSION)/bin/go build -o i2p-tools-md
fork:
sed -i 's|idk/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|MDrollette/i2p-tools|eyedeekay/i2p-tools-1|g' main.go cmd/*.go reseed/*.go su3/*.go
make gofmt build-fork
unfork:
sed -i 's|idk/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|RTradeLtd/reseed-tools|idk/reseed-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|eyedeekay/i2p-tools-1|MDrollette/i2p-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
sed -i 's|RTradeLtd/i2p-tools-1|MDrollette/i2p-tools|g' main.go cmd/*.go reseed/*.go su3/*.go
make gofmt build-unfork
gofmt:
@@ -110,18 +74,18 @@ gofmt:
try:
mkdir -p tmp && \
cd tmp && \
../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p
../i2p-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=start
stop:
mkdir -p tmp && \
cd tmp && \
../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p
../i2p-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=stop
docker:
docker build -t eyedeekay/reseed .
docker-push: docker
docker push --disable-content-trust=false eyedeekay/reseed:$(VERSION)
docker push --disable-content-trust false eyedeekay/reseed:$(VERSION)
users:
docker run --rm eyedeekay/reseed cat /etc/passwd
@@ -143,170 +107,18 @@ docker-server:
--publish 8443:8443 \
--restart=always \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
--volume /var/lib/i2p/i2p-config/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer=hankhill19580@gmail.com
docker logs -f reseed
docker-run:
docker run -itd \
docker run --rm -itd \
--name reseed \
--user $(I2P_UID) \
--group-add $(I2P_GID) \
--publish 8443:8443 \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
--volume /var/lib/i2p/i2p-config/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer=hankhill19580@gmail.com
docker-homerun:
docker run -itd \
--name reseed \
--user 1000 \
--group-add 1000 \
--publish 8443:8443 \
--volume $(HOME)/i2p/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed:z \
eyedeekay/reseed \
--signer=hankhill19580@gmail.com
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre/
export CGO_CFLAGS=-I/usr/lib/jvm/java-8-openjdk-amd64/include/ -I/usr/lib/jvm/java-8-openjdk-amd64/include/linux/
gojava:
go get -u -v github.com/sridharv/gojava
cp -v ~/go/bin/gojava ./gojava
jar: gojava
echo $(JAVA_HOME)
./gojava -v -o reseed.jar -s . build ./reseed
release: version upload checkinstall upload-single-deb plugins upload-su3s upload-bin
version:
cat README.md | gothub release -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -; true
delete-version:
gothub delete -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION)
edit:
cat README.md | gothub edit -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
upload: tar
gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f ../reseed-tools.tar.xz -n "reseed-tools.tar.xz"
binary:
GOOS=darwin GOARCH=amd64 make build
GOOS=darwin GOARCH=arm64 make build
GOOS=linux GOARCH=386 make build
GOOS=linux GOARCH=amd64 make build
GOOS=linux GOARCH=arm make build
GOOS=linux GOARCH=arm64 make build
GOOS=openbsd GOARCH=amd64 make build
GOOS=freebsd GOARCH=386 make build
GOOS=freebsd GOARCH=amd64 make build
GOOS=windows GOARCH=amd64 make build
GOOS=windows GOARCH=386 make build
plugins: binary
GOOS=darwin GOARCH=amd64 make su3s
GOOS=darwin GOARCH=arm64 make su3s
GOOS=linux GOARCH=386 make su3s
GOOS=linux GOARCH=amd64 make su3s
GOOS=linux GOARCH=arm make su3s
GOOS=linux GOARCH=arm64 make su3s
GOOS=openbsd GOARCH=amd64 make su3s
GOOS=freebsd GOARCH=386 make su3s
GOOS=freebsd GOARCH=amd64 make su3s
GOOS=windows GOARCH=amd64 make su3s
GOOS=windows GOARCH=386 make su3s
upload-bin:
GOOS=darwin GOARCH=amd64 make upload-single-bin
GOOS=darwin GOARCH=arm64 make upload-single-bin
GOOS=linux GOARCH=386 make upload-single-bin
GOOS=linux GOARCH=amd64 make upload-single-bin
GOOS=linux GOARCH=arm make upload-single-bin
GOOS=linux GOARCH=arm64 make upload-single-bin
GOOS=openbsd GOARCH=amd64 make upload-single-bin
GOOS=freebsd GOARCH=386 make upload-single-bin
GOOS=freebsd GOARCH=amd64 make upload-single-bin
GOOS=windows GOARCH=amd64 make upload-single-bin
GOOS=windows GOARCH=386 make upload-single-bin
rm-su3s:
rm *.su3 -f
download-su3s:
GOOS=darwin GOARCH=amd64 make download-single-su3
GOOS=darwin GOARCH=arm64 make download-single-su3
GOOS=linux GOARCH=386 make download-single-su3
GOOS=linux GOARCH=amd64 make download-single-su3
GOOS=linux GOARCH=arm make download-single-su3
GOOS=linux GOARCH=arm64 make download-single-su3
GOOS=openbsd GOARCH=amd64 make download-single-su3
GOOS=freebsd GOARCH=386 make download-single-su3
GOOS=freebsd GOARCH=amd64 make download-single-su3
GOOS=windows GOARCH=amd64 make download-single-su3
GOOS=windows GOARCH=386 make download-single-su3
upload-su3s:
GOOS=darwin GOARCH=amd64 make upload-single-su3
GOOS=darwin GOARCH=arm64 make upload-single-su3
GOOS=linux GOARCH=386 make upload-single-su3
GOOS=linux GOARCH=amd64 make upload-single-su3
GOOS=linux GOARCH=arm make upload-single-su3
GOOS=linux GOARCH=arm64 make upload-single-su3
GOOS=openbsd GOARCH=amd64 make upload-single-su3
GOOS=freebsd GOARCH=386 make upload-single-su3
GOOS=freebsd GOARCH=amd64 make upload-single-su3
GOOS=windows GOARCH=amd64 make upload-single-su3
GOOS=windows GOARCH=386 make upload-single-su3
download-single-su3:
wget -N -c "https://github.com/eyedeekay/reseed-tools/releases/download/v$(VERSION)/reseed-tools-$(GOOS)-$(GOARCH).su3"
upload-single-deb:
gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f reseed-tools_$(VERSION)-1_amd64.deb -l "`sha256sum reseed-tools_$(VERSION)-1_amd64.deb`" -n "reseed-tools_$(VERSION)-1_amd64.deb"
upload-single-bin:
gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f reseed-tools-"$(GOOS)"-"$(GOARCH)" -l "`sha256sum reseed-tools-$(GOOS)-$(GOARCH)`" -n "reseed-tools-$(GOOS)"-"$(GOARCH)"
upload-single-su3:
gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f reseed-tools-"$(GOOS)"-"$(GOARCH).su3" -l "`sha256sum reseed-tools-$(GOOS)-$(GOARCH).su3`" -n "reseed-tools-$(GOOS)"-"$(GOARCH).su3"
tmp/content:
mkdir -p tmp
cp -rv content tmp/content
echo "you@mail.i2p" > tmp/signer
tmp/lib:
mkdir -p tmp/lib
cp "$(HOME)/Workspace/GIT_WORK/i2p.i2p/build/shellservice.jar" tmp/lib/shellservice.jar
tmp/LICENSE:
cp LICENSE.md tmp/LICENSE
su3s: tmp/content tmp/lib tmp/LICENSE
i2p.plugin.native -name=reseed-tools-$(GOOS)-$(GOARCH) \
-signer=hankhill19580@gmail.com \
-version "$(VERSION)" \
-author=hankhill19580@gmail.com \
-autostart=true \
-clientname=reseed-tools-$(GOOS)-$(GOARCH) \
-command="reseed-tools-$(GOOS)-$(GOARCH) reseed --yes --signer=\$$PLUGIN/signer --port=$(PLUGIN_PORT)" \
-consolename="Reseed Tools" \
-consoleurl="https://127.0.0.1:$(PLUGIN_PORT)" \
-updateurl="http://idk.i2p/reseed-tools/reseed-tools-$(GOOS)-$(GOARCH).su3" \
-website="http://idk.i2p/reseed-tools/" \
-icondata="content/images/reseed-icon.png" \
-delaystart="1" \
-desc="`cat description-pak`" \
-exename=reseed-tools-$(GOOS)-$(GOARCH) \
-targetos="$(GOOS)" \
-res=tmp/ \
-license=MIT
unzip -o reseed-tools-$(GOOS)-$(GOARCH).zip -d reseed-tools-$(GOOS)-$(GOARCH)-zip
#export sumbblinux=`sha256sum "../reseed-tools-linux.su3"`
#export sumbbwindows=`sha256sum "../reseed-tools-windows.su3"`

210
README.md
View File

@@ -1,128 +1,156 @@
I2P Reseed Tools
==================
This tool provides a secure and efficient reseed server for the I2P network.
There are several utility commands to create, sign, and validate SU3 files.
Please note that this requires at least Go version 1.13, and uses Go Modules.
Standard reseeds are distributed with the I2P packages. To get your reseed
included, apply on [zzz.i2p](http://zzz.i2p).
## Dependencies
`go`, `git`, and optionally `make` are required to build the project.
Precompiled binaries for most platforms are available at my github mirror
https://github.com/eyedeekay/i2p-tools-1.
In order to install the build-dependencies on Ubuntu or Debian, you may use:
```sh
sudo apt-get install golang-go git make
```
This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to create, sign, and validate SU3 files.
## Installation
Reseed-tools can be run as a user, as a freestanding service, or be installed
as an I2P Plugin. It will attempt to configure itself automatically. You should
make sure to set the `--signer` flag or the `RESEED_EMAIL` environment variable
to configure your signing keys/contact info.
#### Plugin install URL's
Plugin releases are available inside of i2p at http://idk.i2p/reseed-tools/
and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases.
These can be installed by adding them on the
[http://127.0.0.1:7657/configplugins](http://127.0.0.1:7657/configplugins).
After installing the plugin, you should immediately edit the `$PLUGIN/signer`
file in order to set your `--signer` email, which is used to name your keys.
You can find the `$PLUGIN` directory in your I2P config directory, which is
usually `$HOME/.i2p` on Unixes.
This will allow the developers to contact you if your reseed has issues
and will authenticate your reseed to the I2P routers that use it.
- darwin/amd64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3)
- darwin/arm64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3)
- linux/386: [http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3)
- linux/amd64: [http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3)
- linux/arm: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3)
- linux/arm64: [http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3)
- openbsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3)
- freebsd/386: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3)
- freebsd/amd64: [http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3)
- windows/amd64: [http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3)
- windows/386: [http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3](http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3)
### Installation(From Source)
If you have go installed you can download, build, and install this tool with `go get`
```
git clone https://i2pgit.org/idk/reseed-tools
cd reseed-tools
make build
# Optionally, if you want to install to /usr/bin/reseed-tools
sudo make install
go get github.com/MDrollette/i2p-tools
i2p-tools -h
```
## Usage
#### Debian/Ubuntu note:
### Docker!
Debian users who are running I2P as a system service must also run the
`reseed-tools` as the same user. This is so that the reseed-tools can access
the I2P service's netDb directory. On Debian and Ubuntu, that user is `i2psvc`
and the netDb directory is: `/var/lib/i2p/i2p-config/netDb`.
To make it easier to deploy reseeds, it is possible to run this software as a
Docker image. Because the software requires access to a network database to host
a reseed, you will need to mount the netDb as a volume inside your docker
container to provide access to it, and you will need to run it as the same user
and group inside the container as I2P.
##### Systemd Service
When you run a reseed under Docker in this fashion, it will automatically
generate a self-signed certificate for your reseed server in a Docker volume
under your I2P directory. *Back up this directory*, if it is lost it is
impossible to reproduce.
A systemd service is provided which should work with the I2P Debian package
when reseed-tools is installed in `/usr/bin/reseed-tools`. If you install with
`make install` this service is also installed. This service will cause the
bundles to regenerate every 12 hours.
Please note that Docker is not currently compatible with .onion reseeds unless
you pass the --network=host tag.
The contact email for your reseed should be added in:
`/etc/systemd/system/reseed.d/reseed.conf`.
#### If I2P is running as your user, do this:
Self-signed certificates will be auto-generated for these services. To change
this you should edit the `/etc/systemd/system/reseed.d/reseed.service`.
docker run -itd \
--name reseed \
--publish 443:8443 \
--restart always \
--volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
--volume $HOME/i2p/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
- To enable starting the reseed service automatically with the system: `sudo systemctl enable reseed.service`
- To run the service manually: `sudo sysctl start reseed.service`
- To reload the systemd services: `sudo systemctl daemon-reload`
- To view the status/logs: `sudo journalctl -u reseed.service`
#### If I2P is running as another user, do this:
##### SysV Service
docker run -itd \
--name reseed \
--user $(I2P_UID) \
--group-add $(I2P_GID) \
--publish 443:8443 \
--restart always \
--volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume /PATH/TO/USER/I2P/HERE/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
An initscript is also provided. The initscript, unlike the systemd service,
cannot schedule itself to restart. You should restart the service roughly once
a day to ensure that the information does not expire.
#### **Debian/Ubuntu and Docker**
The contact email for your reseed should be added in:
`/etc/init.d/reseed`.
In many cases I2P will be running as the Debian system user ```i2psvc```. This
is the case for all installs where Debian's Advanced Packaging Tool(apt) was
used to peform the task. If you used ```apt-get install``` this command will
work for you. In that case, just copy-and-paste:
Self-signed certificates will be auto-generated for these services. To change
this you should edit the `/etc/init.d/reseed`.
docker run -itd \
--name reseed \
--user $(id -u i2psvc) \
--group-add $(id -g i2psvc) \
--publish 443:8443 \
--restart always \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume /var/lib/i2p/i2p-config/reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
## Example Commands:
### Locally behind a webserver (reverse proxy setup), preferred:
```
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
```
### Without a webserver, standalone with TLS support
```
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
```
If this is your first time running a reseed server (ie. you don't have any existing keys),
you can simply run the command and follow the prompts to create the appropriate keys, crl and certificates.
Afterwards an HTTPS reseed server will start on the default port and generate 6 files in your current directory
(a TLS key, certificate and crl, and a su3-file signing key, certificate and crl).
```
reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
```
Get the source code here on github or a pre-build binary anonymously on
### Locally behind a webserver (reverse proxy setup), preferred:
http://reseed.i2p/
http://j7xszhsjy7orrnbdys7yykrssv5imkn4eid7n5ikcnxuhpaaw6cq.b32.i2p/
If you are using a reverse proxy server it may provide the TLS certificate instead.
also a short guide and complete tech info.
## Experimental, currently only available from eyedeekay/i2p-tools-1 fork
Requires ```go mod``` and at least go 1.13. To build the eyedeekay/i2p-tools-1
fork, from anywhere:
git clone https://github.com/eyedeekay/i2p-tools-1
cd i2p-tools-1
make build
### Without a webserver, standalone, self-supervising(Automatic restarts)
```
reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --restart=start
```
- **Usage** [More examples can be found here.](EXAMPLES.md)
- **Docker** [Docker examples can be found here](DOCKER.md)
### Without a webserver, standalone, automatic OnionV3 with TLS support
```
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --i2p --p2p
```
### Without a webserver, standalone, serve P2P with LibP2P
```
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --p2p
```
### Without a webserver, standalone, upload a single signed .su3 to github
* This one isn't working yet, look for it by ~Monday.
```
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --github --ghrepo=i2p-tools-1 --ghuser=eyedeekay
```
### Without a webserver, standalone, in-network reseed
```
./i2p-tools-1 reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --i2p
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS
```
./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, and LibP2P
```
./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p
```
### Without a webserver, standalone, Regular TLS, OnionV3 with TLS, I2P In-Network reseed, and LibP2P, self-supervising
```
./i2p-tools-1 reseed --tlsHost=your-domain.tld --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion --p2p --restart=start
```

13
cmd/keygen.go
View File

@@ -3,7 +3,7 @@ package cmd
import (
"fmt"
"github.com/urfave/cli"
"github.com/codegangsta/cli"
)
func NewKeygenCommand() cli.Command {
@@ -27,7 +27,6 @@ func NewKeygenCommand() cli.Command {
func keygenAction(c *cli.Context) {
signerID := c.String("signer")
tlsHost := c.String("tlsHost")
trustProxy := c.Bool("trustProxy")
if signerID == "" && tlsHost == "" {
fmt.Println("You must specify either --tlsHost or --signer")
@@ -41,12 +40,10 @@ func keygenAction(c *cli.Context) {
}
}
if trustProxy {
if tlsHost != "" {
if err := createTLSCertificate(tlsHost); nil != err {
fmt.Println(err)
return
}
if tlsHost != "" {
if err := createTLSCertificate(tlsHost); nil != err {
fmt.Println(err)
return
}
}
}

183
cmd/reseed.go
View File

@@ -2,8 +2,6 @@ package cmd
import (
"context"
"strings"
//"flag"
"fmt"
"io/ioutil"
@@ -14,6 +12,9 @@ import (
"strconv"
"time"
//"crawshaw.io/littleboss"
"github.com/MDrollette/i2p-tools/reseed"
"github.com/codegangsta/cli"
"github.com/cretz/bine/tor"
"github.com/cretz/bine/torutil"
"github.com/cretz/bine/torutil/ed25519"
@@ -21,37 +22,9 @@ import (
"github.com/eyedeekay/sam3/i2pkeys"
"github.com/libp2p/go-libp2p"
"github.com/libp2p/go-libp2p-core/host"
"github.com/urfave/cli"
"i2pgit.org/idk/reseed-tools/reseed"
"github.com/eyedeekay/checki2cp/getmeanetdb"
)
func getDefaultSigner() string {
intentionalsigner := os.Getenv("RESEED_EMAIL")
if intentionalsigner == "" {
adminsigner := os.Getenv("MAILTO")
if adminsigner != "" {
return adminsigner
}
return ""
}
return intentionalsigner
}
func getHostName() string {
hostname := os.Getenv("RESEED_HOSTNAME")
if hostname == "" {
hostname, _ = os.Hostname()
}
return hostname
}
func NewReseedCommand() cli.Command {
ndb, err := getmeanetdb.WhereIstheNetDB()
if err != nil {
log.Fatal(err)
}
return cli.Command{
Name: "reseed",
Usage: "Start a reseed server",
@@ -59,12 +32,10 @@ func NewReseedCommand() cli.Command {
Flags: []cli.Flag{
cli.StringFlag{
Name: "signer",
Value: getDefaultSigner(),
Usage: "Your su3 signing ID (ex. something@mail.i2p)",
},
cli.StringFlag{
Name: "tlsHost",
Value: getHostName(),
Usage: "The public hostname used on your TLS certificate",
},
cli.BoolFlag{
@@ -86,7 +57,6 @@ func NewReseedCommand() cli.Command {
},
cli.StringFlag{
Name: "netdb",
Value: ndb,
Usage: "Path to NetDB directory containing routerInfos",
},
cli.StringFlag{
@@ -114,7 +84,7 @@ func NewReseedCommand() cli.Command {
},
cli.IntFlag{
Name: "numSu3",
Value: 50,
Value: 0,
Usage: "Number of su3 files to build (0 = automatic based on size of netdb)",
},
cli.StringFlag{
@@ -158,14 +128,10 @@ func NewReseedCommand() cli.Command {
Value: "127.0.0.1:7656",
Usage: "Use this SAM address to set up I2P connections for in-network reseed",
},
cli.BoolFlag{
Name: "acme",
Usage: "Automatically generate a TLS certificate with the ACME protocol, defaults to Let's Encrypt",
},
cli.StringFlag{
Name: "acmeserver",
Value: "https://acme-staging-v02.api.letsencrypt.org/directory",
Usage: "Use this server to issue a certificate with the ACME protocol",
Name: "littleboss",
Value: "start",
Usage: "Self-Supervise this application",
},
},
}
@@ -216,17 +182,12 @@ func LoadKeys(keysPath string, c *cli.Context) (i2pkeys.I2PKeys, error) {
}
}
// fileExists checks if a file exists and is not a directory before we
// try using it to prevent further errors.
func fileExists(filename string) bool {
info, err := os.Stat(filename)
if os.IsNotExist(err) {
return false
}
return !info.IsDir()
}
func reseedAction(c *cli.Context) {
// validate flags
if c.String("littleboss") != "start" {
log.Println("--littleboss", c.String("littleboss"))
return
}
netdbDir := c.String("netdb")
if netdbDir == "" {
fmt.Println("--netdb is required")
@@ -234,22 +195,10 @@ func reseedAction(c *cli.Context) {
}
signerID := c.String("signer")
if signerID == "" || signerID == "you@mail.i2p" {
if signerID == "" {
fmt.Println("--signer is required")
return
}
if !strings.Contains(signerID, "@") {
if !fileExists(signerID) {
fmt.Println("--signer must be an email address or a file containing an email address.")
return
}
bytes, err := ioutil.ReadFile(signerID)
if err != nil {
fmt.Println("--signer must be an email address or a file containing an email address.")
return
}
signerID = string(bytes)
}
var tlsCert, tlsKey string
tlsHost := c.String("tlsHost")
@@ -259,56 +208,13 @@ func reseedAction(c *cli.Context) {
var i2pTlsCert, i2pTlsKey string
var i2pkey i2pkeys.I2PKeys
if tlsHost != "" {
onionTlsHost = tlsHost
i2pTlsHost = tlsHost
tlsKey = c.String("tlsKey")
// if no key is specified, default to the host.pem in the current dir
if tlsKey == "" {
tlsKey = tlsHost + ".pem"
onionTlsKey = tlsHost + ".pem"
i2pTlsKey = tlsHost + ".pem"
}
tlsCert = c.String("tlsCert")
// if no certificate is specified, default to the host.crt in the current dir
if tlsCert == "" {
tlsCert = tlsHost + ".crt"
onionTlsCert = tlsHost + ".crt"
i2pTlsCert = tlsHost + ".crt"
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
ignore := c.Bool("ignore")
if !ignore {
// use ACME?
acme := c.Bool("acme")
if acme {
acmeserver := c.String("acmeserver")
err := checkUseAcmeCert(tlsHost, signerID, acmeserver, &tlsCert, &tlsKey, auto)
if nil != err {
log.Fatalln(err)
}
} else {
err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
if nil != err {
log.Fatalln(err)
}
}
}
}
if c.Bool("i2p") {
var err error
i2pkey, err = LoadKeys("reseed.i2pkeys", c)
if err != nil {
log.Fatalln(err)
}
if i2pTlsHost == "" {
i2pTlsHost = i2pkey.Addr().Base32()
}
i2pTlsHost = i2pkey.Addr().Base32()
if i2pTlsHost != "" {
// if no key is specified, default to the host.pem in the current dir
if i2pTlsKey == "" {
@@ -321,13 +227,10 @@ func reseedAction(c *cli.Context) {
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
ignore := c.Bool("trustProxy")
if !ignore {
err := checkOrNewTLSCert(i2pTlsHost, &i2pTlsCert, &i2pTlsKey, auto)
if nil != err {
log.Fatalln(err)
}
auto := c.Bool("yes")
err := checkOrNewTLSCert(i2pTlsHost, &i2pTlsCert, &i2pTlsKey, auto)
if nil != err {
log.Fatalln(err)
}
}
}
@@ -347,9 +250,7 @@ func reseedAction(c *cli.Context) {
}
ok = []byte(key.PrivateKey())
}
if onionTlsHost == "" {
onionTlsHost = torutil.OnionServiceIDFromPrivateKey(ed25519.PrivateKey(ok)) + ".onion"
}
onionTlsHost = torutil.OnionServiceIDFromPrivateKey(ed25519.PrivateKey(ok)) + ".onion"
err = ioutil.WriteFile(c.String("onionKey"), ok, 0644)
if err != nil {
log.Fatalln(err.Error())
@@ -366,17 +267,35 @@ func reseedAction(c *cli.Context) {
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
ignore := c.Bool("trustProxy")
if !ignore {
err := checkOrNewTLSCert(onionTlsHost, &onionTlsCert, &onionTlsKey, auto)
if nil != err {
log.Fatalln(err)
}
auto := c.Bool("yes")
err := checkOrNewTLSCert(onionTlsHost, &onionTlsCert, &onionTlsKey, auto)
if nil != err {
log.Fatalln(err)
}
}
}
if tlsHost != "" {
tlsKey = c.String("tlsKey")
// if no key is specified, default to the host.pem in the current dir
if tlsKey == "" {
tlsKey = tlsHost + ".pem"
}
tlsCert = c.String("tlsCert")
// if no certificate is specified, default to the host.crt in the current dir
if tlsCert == "" {
tlsCert = tlsHost + ".crt"
}
// prompt to create tls keys if they don't exist?
auto := c.Bool("yes")
err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
if nil != err {
log.Fatalln(err)
}
}
reloadIntvl, err := time.ParseDuration(c.String("interval"))
if nil != err {
fmt.Printf("'%s' is not a valid time interval.\n", reloadIntvl)
@@ -390,7 +309,7 @@ func reseedAction(c *cli.Context) {
}
// load our signing privKey
auto := c.Bool("yes")
auto := c.Bool("yes")
privKey, err := getOrNewSigningCert(&signerKey, signerID, auto)
if nil != err {
log.Fatalln(err)
@@ -434,7 +353,7 @@ func reseedAction(c *cli.Context) {
reseedP2P(c, reseeder)
}
}
if !c.Bool("trustProxy") {
if tlsHost != "" && tlsCert != "" && tlsKey != "" {
log.Printf("HTTPS server starting\n")
reseedHTTPS(c, tlsCert, tlsKey, reseeder)
} else {
@@ -443,7 +362,7 @@ func reseedAction(c *cli.Context) {
}
}
func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder *reseed.ReseederImpl) {
func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -472,7 +391,7 @@ func reseedHTTPS(c *cli.Context, tlsCert, tlsKey string, reseeder *reseed.Reseed
}
}
func reseedHTTP(c *cli.Context, reseeder *reseed.ReseederImpl) {
func reseedHTTP(c *cli.Context, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -509,7 +428,7 @@ func makeRandomHost(port int) (host.Host, error) {
return host, nil
}
func reseedP2P(c *cli.Context, reseeder *reseed.ReseederImpl) {
func reseedP2P(c *cli.Context, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -547,7 +466,7 @@ func reseedP2P(c *cli.Context, reseeder *reseed.ReseederImpl) {
}
}
func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder *reseed.ReseederImpl) {
func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
@@ -622,7 +541,7 @@ func reseedOnion(c *cli.Context, onionTlsCert, onionTlsKey string, reseeder *res
log.Printf("Onion server started on %s\n", server.Addr)
}
func reseedI2P(c *cli.Context, i2pTlsCert, i2pTlsKey string, i2pIdentKey i2pkeys.I2PKeys, reseeder *reseed.ReseederImpl) {
func reseedI2P(c *cli.Context, i2pTlsCert, i2pTlsKey string, i2pIdentKey i2pkeys.I2PKeys, reseeder reseed.Reseeder) {
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
server.Reseeder = reseeder
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))

206
cmd/utils.go
View File

@@ -2,12 +2,10 @@ package cmd
import (
"bufio"
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
@@ -18,15 +16,8 @@ import (
"strings"
"time"
"i2pgit.org/idk/reseed-tools/reseed"
"i2pgit.org/idk/reseed-tools/su3"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge/http01"
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/registration"
"github.com/MDrollette/i2p-tools/reseed"
"github.com/MDrollette/i2p-tools/su3"
)
func loadPrivateKey(path string) (*rsa.PrivateKey, error) {
@@ -44,24 +35,6 @@ func loadPrivateKey(path string) (*rsa.PrivateKey, error) {
return privKey, nil
}
// Taken directly from the lego example, since we need very minimal support
// https://go-acme.github.io/lego/usage/library/
type MyUser struct {
Email string
Registration *registration.Resource
key crypto.PrivateKey
}
func (u *MyUser) GetEmail() string {
return u.Email
}
func (u MyUser) GetRegistration() *registration.Resource {
return u.Registration
}
func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
return u.key
}
func signerFile(signerID string) string {
return strings.Replace(signerID, "@", "_at_", 1)
}
@@ -69,14 +42,14 @@ func signerFile(signerID string) string {
func getOrNewSigningCert(signerKey *string, signerID string, auto bool) (*rsa.PrivateKey, error) {
if _, err := os.Stat(*signerKey); nil != err {
fmt.Printf("Unable to read signing key '%s'\n", *signerKey)
if !auto {
fmt.Printf("Would you like to generate a new signing key for %s? (y or n): ", signerID)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')
if []byte(input)[0] != 'y' {
return nil, fmt.Errorf("A signing key is required")
}
if !auto {
fmt.Printf("Would you like to generate a new signing key for %s? (y or n): ", signerID)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')
if []byte(input)[0] != 'y' {
return nil, fmt.Errorf("A signing key is required")
}
}
if err := createSigningCertificate(signerID); nil != err {
return nil, err
}
@@ -87,165 +60,6 @@ func getOrNewSigningCert(signerKey *string, signerID string, auto bool) (*rsa.Pr
return loadPrivateKey(*signerKey)
}
func checkUseAcmeCert(tlsHost, signer, cadirurl string, tlsCert, tlsKey *string, auto bool) error {
_, certErr := os.Stat(*tlsCert)
_, keyErr := os.Stat(*tlsKey)
if certErr != nil || keyErr != nil {
if certErr != nil {
fmt.Printf("Unable to read TLS certificate '%s'\n", *tlsCert)
}
if keyErr != nil {
fmt.Printf("Unable to read TLS key '%s'\n", *tlsKey)
}
if !auto {
fmt.Printf("Would you like to generate a new certificate with Let's Encrypt or a custom ACME server? '%s'? (y or n): ", tlsHost)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')
if []byte(input)[0] != 'y' {
fmt.Println("Continuing without TLS")
return nil
}
}
} else {
TLSConfig := &tls.Config{}
TLSConfig.NextProtos = []string{"http/1.1"}
TLSConfig.Certificates = make([]tls.Certificate, 1)
var err error
TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(*tlsCert, *tlsKey)
if err != nil {
return err
}
if time.Now().Sub(TLSConfig.Certificates[0].Leaf.NotAfter) < (time.Hour * 48) {
ecder, err := ioutil.ReadFile(tlsHost + signer + ".acme.key")
if err != nil {
return err
}
privateKey, err := x509.ParseECPrivateKey(ecder)
if err != nil {
return err
}
user := MyUser{
Email: signer,
key: privateKey,
}
config := lego.NewConfig(&user)
config.CADirURL = cadirurl
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
return err
}
renewAcmeIssuedCert(client, user, tlsHost, tlsCert, tlsKey)
} else {
return nil
}
}
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return err
}
ecder, err := x509.MarshalECPrivateKey(privateKey)
if err != nil {
return err
}
filename := tlsHost + signer + ".acme.key"
keypem, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return err
}
defer keypem.Close()
err = pem.Encode(keypem, &pem.Block{Type: "EC PRIVATE KEY", Bytes: ecder})
if err != nil {
return err
}
user := MyUser{
Email: signer,
key: privateKey,
}
config := lego.NewConfig(&user)
config.CADirURL = cadirurl
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
return err
}
return newAcmeIssuedCert(client, user, tlsHost, tlsCert, tlsKey)
}
func renewAcmeIssuedCert(client *lego.Client, user MyUser, tlsHost string, tlsCert, tlsKey *string) error {
var err error
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "8000"))
if err != nil {
return err
}
err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", "8443"))
if err != nil {
return err
}
// New users will need to register
if user.Registration, err = client.Registration.QueryRegistration(); err != nil {
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return err
}
user.Registration = reg
}
resource, err := client.Certificate.Get(tlsHost, true)
if err != nil {
return err
}
certificates, err := client.Certificate.Renew(*resource, true, false, "")
if err != nil {
return err
}
ioutil.WriteFile(tlsHost+".pem", certificates.PrivateKey, 0600)
ioutil.WriteFile(tlsHost+".crt", certificates.Certificate, 0600)
// ioutil.WriteFile(tlsHost+".crl", certificates.PrivateKey, 0600)
*tlsCert = tlsHost + ".crt"
*tlsKey = tlsHost + ".pem"
return nil
}
func newAcmeIssuedCert(client *lego.Client, user MyUser, tlsHost string, tlsCert, tlsKey *string) error {
var err error
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "8000"))
if err != nil {
return err
}
err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", "8443"))
if err != nil {
return err
}
// New users will need to register
if user.Registration, err = client.Registration.QueryRegistration(); err != nil {
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
return err
}
user.Registration = reg
}
request := certificate.ObtainRequest{
Domains: []string{tlsHost},
Bundle: true,
}
certificates, err := client.Certificate.Obtain(request)
if err != nil {
return err
}
ioutil.WriteFile(tlsHost+".pem", certificates.PrivateKey, 0600)
ioutil.WriteFile(tlsHost+".crt", certificates.Certificate, 0600)
// ioutil.WriteFile(tlsHost+".crl", certificates.PrivateKey, 0600)
*tlsCert = tlsHost + ".crt"
*tlsKey = tlsHost + ".pem"
return nil
}
func checkOrNewTLSCert(tlsHost string, tlsCert, tlsKey *string, auto bool) error {
_, certErr := os.Stat(*tlsCert)
_, keyErr := os.Stat(*tlsKey)
@@ -257,7 +71,7 @@ func checkOrNewTLSCert(tlsHost string, tlsCert, tlsKey *string, auto bool) error
fmt.Printf("Unable to read TLS key '%s'\n", *tlsKey)
}
if !auto {
if auto {
fmt.Printf("Would you like to generate a new self-signed certificate for '%s'? (y or n): ", tlsHost)
reader := bufio.NewReader(os.Stdin)
input, _ := reader.ReadString('\n')

6
cmd/verify.go
View File

@@ -4,9 +4,9 @@ import (
"fmt"
"io/ioutil"
"github.com/urfave/cli"
"i2pgit.org/idk/reseed-tools/reseed"
"i2pgit.org/idk/reseed-tools/su3"
"github.com/MDrollette/i2p-tools/reseed"
"github.com/MDrollette/i2p-tools/su3"
"github.com/codegangsta/cli"
)
func NewSu3VerifyCommand() cli.Command {

BIN
content/images/reseed-icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 18 KiB

BIN
content/images/reseed.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 116 KiB

10
content/index.html
View File

@@ -1,10 +0,0 @@
<h1 id="you-have-found-an-i2p-reseed">You have found an I2P Reseed</h1>
<p>Maybe it was by accident, or maybe you visited the URL because you saw it in the software somewhere. While weve got your attention, were going to take this opportunity to tell you a little about what we do here. I2P is a peer-to-peer network which uses “Garlic Routing” to maintain privacy. Reseed nodes help you get connected to I2P for the first time, and even though you should only have to use them once in a great while, they are very important services.</p>
<h2 id="to-learn-more-about-i2p-visit"><a href="https://geti2p.net">To learn more about I2P, visit</a></h2>
<p><a href="https://geti2p.net"><img src="images/reseed.png" alt="Help reseed" /></a></p>
<ul>
<li><a href="https://geti2p.net/en/docs/reseed">Learn more about reseeds here:</a></li>
<li><a href="https://geti2p.net/en/get-involved/guides/reseed">Learn how to run a reseed here:</a></li>
<li><a href="https://i2pgit.org/idk/reseed-tools">Read the reseed server code and learn about more reseed options here:</a></li>
</ul>
<p>Here on purpose? Heres a one-time link to a reseed bundle for you.</p>

18
content/lang/ar/homepage.md
View File

@@ -1,18 +0,0 @@
هذا هو خادم I2P Reseed
=============================
I2P هي شبكة نظير إلى نظير تستخدم "توجيه الثوم" للحفاظ على الخصوصية.
تساعدك عقد Reseed على الاتصال بـ I2P لأول مرة ، وعلى الرغم من ذلك
يجب عليك فقط استخدامها مرة واحدة كل فترة ، فهي مهمة جدًا
خدمات.
[لمزيد من المعلومات حول I2P ، قم بزيارة موقع المشروع] (https://geti2p.net)
------------------------------------------------------------------------
[! [إعادة المساعدة] (images / reseed.png)] (https://geti2p.net)
- [مزيد من المعلومات حول عمليات إعادة التوريد] (https://geti2p.net/en/docs/reseed)
- [تعرف على كيفية تشغيل Reseed] (https://geti2p.net/en/get-involved/guides/reseed)
- [اقرأ رمز خادم إعادة التزويد وتعرّف على المزيد من خيارات إعادة التزويد] (https://i2pgit.org/idk/reseed-tools)
### هل لديك مشاكل في الاتصال؟ إليك رابط لمرة واحدة لحزمة إعادة إرسال لك.

18
content/lang/bn/homepage.md
View File

@@ -1,18 +0,0 @@
এটি একটি I2P রিসিড সার্ভার
============================
I2P হল একটি পিয়ার-টু-পিয়ার নেটওয়ার্ক যা গোপনীয়তা বজায় রাখতে "গার্লিক রাউটিং" ব্যবহার করে।
রিসিড নোড আপনাকে প্রথমবার I2P এর সাথে সংযুক্ত হতে সাহায্য করে, এবং যদিও
আপনি শুধুমাত্র একটি মহান সময়ের মধ্যে একবার তাদের ব্যবহার করা উচিত, তারা খুবই গুরুত্বপূর্ণ
সেবা.
[I2P সম্পর্কে আরও জানতে, প্রকল্পের ওয়েবসাইট দেখুন](https://geti2p.net)
-------------------------------------------------------------------------------------
[![রিসিড করতে সাহায্য করুন](images/reseed.png)](https://geti2p.net)
- [রিসিড সম্পর্কে আরও জানুন](https://geti2p.net/en/docs/reseed)
- [কিভাবে রিসিড চালাতে হয় তা জানুন](https://geti2p.net/en/get-involved/guides/reseed)
- [রিসিড সার্ভার কোড পড়ুন এবং আরও রিসিড বিকল্প সম্পর্কে জানুন](https://i2pgit.org/idk/reseed-tools)
### সংযোগ সমস্যা হচ্ছে? এখানে আপনার জন্য একটি রিসিড বান্ডেলের একটি এককালীন লিঙ্ক রয়েছে৷

18
content/lang/de/homepage.md
View File

@@ -1,18 +0,0 @@
Dies ist ein I2P-Reseed-Server
============================
I2P ist ein Peer-to-Peer-Netzwerk, das „Garlic Routing“ verwendet, um die Privatsphäre zu wahren.
Reseed-Knoten helfen Ihnen, zum ersten Mal mit I2P verbunden zu werden, und das obwohl
Sie sollten sie nur ab und zu verwenden müssen, sie sind sehr wichtig
Dienstleistungen.
[Um mehr über I2P zu erfahren, besuchen Sie die Projektwebsite](https://geti2p.net)
------------------------------------------------------------------------
[![Hilfe neu aussäen](images/reseed.png)](https://geti2p.net)
- [Erfahren Sie mehr über Reseeds](https://geti2p.net/en/docs/reseed)
- [Erfahren Sie, wie Sie einen Reseed ausführen](https://geti2p.net/en/get-involved/guides/reseed)
- [Lesen Sie den Re-Seed-Server-Code und erfahren Sie mehr über Re-Seed-Optionen](https://i2pgit.org/idk/reseed-tools)
### Haben Sie Verbindungsprobleme? Hier ist ein einmaliger Link zu einem Re-Seed-Bundle für Sie.

18
content/lang/en/homepage.md
View File

@@ -1,18 +0,0 @@
This is an I2P Reseed Server
============================
I2P is a peer-to-peer network which uses “Garlic Routing” to maintain privacy.
Reseed nodes help you get connected to I2P for the first time, and even though
you should only have to use them once in a great while, they are very important
services.
[To learn more about I2P, visit the project website](https://geti2p.net)
------------------------------------------------------------------------
[![Help reseed](images/reseed.png)](https://geti2p.net)
- [Learn more about reseeds](https://geti2p.net/en/docs/reseed)
- [Learn how to run a reseed](https://geti2p.net/en/get-involved/guides/reseed)
- [Read the reseed server code and learn about more reseed options](https://i2pgit.org/idk/reseed-tools)
### Having connection issues? Here is a one-time link to a reseed bundle for you.

18
content/lang/es/homepage.md
View File

@@ -1,18 +0,0 @@
Este es un servidor de reinicio I2P
============================
I2P es una red de igual a igual que utiliza "Enrutamiento de ajo" para mantener la privacidad.
Los nodos de reseed le ayudan a conectarse a I2P por primera vez, y aunque
solo debería tener que usarlos de vez en cuando, son muy importantes
servicios.
[Para obtener más información sobre I2P, visite el sitio web del proyecto] (https://geti2p.net)
------------------------------------------------------------------------
[! [Help reseed] (images / reseed.png)] (https://geti2p.net)
- [Obtenga más información sobre reseeds] (https://geti2p.net/en/docs/reseed)
- [Aprenda a ejecutar un reseed] (https://geti2p.net/en/get-involved/guides/reseed)
- [Lea el código del servidor reseed y conozca más opciones de reseed] (https://i2pgit.org/idk/reseed-tools)
### ¿Tienes problemas de conexión? Aquí hay un enlace único a un paquete reseed para usted.

18
content/lang/fr/homepage.md
View File

@@ -1,18 +0,0 @@
Ceci est un serveur de réensemencement I2P
============================
I2P est un réseau peer-to-peer qui utilise le « routage à l'ail » pour maintenir la confidentialité.
Les nœuds de réamorçage vous aident à vous connecter à I2P pour la première fois, et même si
vous ne devriez avoir à les utiliser qu'une fois de temps en temps, ils sont très importants
prestations de service.
[Pour en savoir plus sur I2P, visitez le site Web du projet](https://geti2p.net)
------------------------------------------------------------------------
[![Aide à reseed](images/reseed.png)](https://geti2p.net)
- [En savoir plus sur les réensemencements](https://geti2p.net/en/docs/reseed)
- [Apprenez à exécuter un reseed](https://geti2p.net/en/get-involved/guides/reseed)
- [Lire le code du serveur de réensemencement et en savoir plus sur les options de réensemencement] (https://i2pgit.org/idk/reseed-tools)
### Vous avez des problèmes de connexion ? Voici un lien unique vers un paquet de graines pour vous.

18
content/lang/hi/homepage.md
View File

@@ -1,18 +0,0 @@
यह एक I2P शोधित सर्वर है
===========================
I2P एक पीयर-टू-पीयर नेटवर्क है जो गोपनीयता बनाए रखने के लिए "लहसुन रूटिंग" का उपयोग करता है।
रीसेड नोड्स आपको पहली बार I2P से कनेक्ट होने में मदद करते हैं, और भले ही
आपको उन्हें केवल एक बार ही उपयोग करना चाहिए, वे बहुत महत्वपूर्ण हैं
सेवाएं।
[I2P के बारे में अधिक जानने के लिए, प्रोजेक्ट वेबसाइट पर जाएँ](https://geti2p.net)
-------------------------------------------------------------------------
[![Reseed में मदद करें](images/reseed.png)](https://geti2p.net)
- [रिसेड्स के बारे में और जानें](https://geti2p.net/hi/docs/reseed)
- [रिसेड चलाना सीखें](https://geti2p.net/hi/get-involved/guides/reseed)
- [रीडेड सर्वर कोड पढ़ें और अधिक शोध विकल्पों के बारे में जानें](https://i2pgit.org/idk/reseed-tools)
### कनेक्शन की समस्या आ रही है? यहां आपके लिए एक शोधित बंडल का वन-टाइम लिंक दिया गया है।

18
content/lang/id/homepage.md
View File

@@ -1,18 +0,0 @@
Ini adalah Server Reseed I2P
==============================
I2P adalah jaringan peer-to-peer yang menggunakan "Garlic Routing" untuk menjaga privasi.
Reseed node membantu Anda terhubung ke I2P untuk pertama kalinya, dan meskipun
Anda hanya perlu menggunakannya sesekali, itu sangat penting
jasa.
[Untuk mempelajari lebih lanjut tentang I2P, kunjungi situs web proyek](https://geti2p.net)
-------------------------------------------------- -----------------------
[![Bantu reseed](images/reseed.png)](https://geti2p.net)
- [Pelajari lebih lanjut tentang reseed](https://geti2p.net/en/docs/reseed)
- [Pelajari cara menjalankan reseed](https://geti2p.net/en/get-involved/guides/reseed)
- [Baca kode server reseed dan pelajari tentang opsi reseed lainnya](https://i2pgit.org/idk/reseed-tools)
### Mengalami masalah koneksi? Berikut ini tautan satu kali ke bundel reseed untuk Anda.

18
content/lang/jp/homepage.md
View File

@@ -1,18 +0,0 @@
これはI2PReseedServerです
============================
I2Pは、プライバシーを維持するために「GarlicRouting」を使用するピアツーピアネットワークです。
再シードードは、I2Pに初めて接続するのに役立ちます。
たまに一度だけ使用する必要があります、それらは非常に重要です
サービス。
[I2Pの詳細については、プロジェクトのWebサイトにアクセスしてください]https://geti2p.net
------------------------------------------------------------------------
[[再シードのヘルプ]images / reseed.png]https://geti2p.net
-[再シードの詳細]https://geti2p.net/en/docs/reseed
-[再シードの実行方法を学ぶ]https://geti2p.net/en/get-involved/guides/reseed
-[再シードサーバーコードを読み、再シードオプションの詳細を確認してください]https://i2pgit.org/idk/reseed-tools
###接続に問題がありますか? これがあなたのための再シードバンドルへのワンタイムリンクです。

18
content/lang/ko/homepage.md
View File

@@ -1,18 +0,0 @@
I2P Reseed 서버입니다.
==============================
I2P는 "Garlic Routing"을 사용하여 개인 정보를 유지하는 P2P 네트워크입니다.
Reseed 노드는 처음으로 I2P에 연결하는 데 도움이 됩니다.
아주 가끔은 한 번만 사용해야 하므로 매우 중요합니다.
서비스.
[I2P에 대한 자세한 내용은 프로젝트 웹 사이트를 방문하십시오.](https://geti2p.net)
------------------------------------------------------------------------
[![Help reseed](images/reseed.png)](https://geti2p.net)
- [리시드에 대해 자세히 알아보기](https://geti2p.net/en/docs/reseed)
- [리시드 실행 방법 알아보기](https://geti2p.net/en/get-involved/guides/reseed)
- [리시드 서버 코드를 읽고 더 많은 리시드 옵션에 대해 알아보세요](https://i2pgit.org/idk/reseed-tools)
### 연결 문제가 있습니까? 다음은 reseed 번들에 대한 일회성 링크입니다.

18
content/lang/pr/homepage.md
View File

@@ -1,18 +0,0 @@
Este é um servidor I2P Reseed
==============================
I2P é uma rede ponto a ponto que usa “Roteamento de alho” para manter a privacidade.
Nós Reseed ajudam você a se conectar ao I2P pela primeira vez, e mesmo que
você só deve ter que usá-los de vez em quando, eles são muito importantes
Serviços.
[Para saber mais sobre I2P, visite o site do projeto] (https://geti2p.net)
------------------------------------------------------------------------
[! [Help reseed] (images / reseed.png)] (https://geti2p.net)
- [Saiba mais sobre reseeds] (https://geti2p.net/en/docs/reseed)
- [Saiba como executar uma nova propagação] (https://geti2p.net/en/get-involved/guides/reseed)
- [Leia o código do servidor de nova propagação e aprenda sobre mais opções de nova propagação] (https://i2pgit.org/idk/reseed-tools)
### Tendo problemas de conexão? Aqui está um link único para um pacote reenviado para você.

18
content/lang/ru/homepage.md
View File

@@ -1,18 +0,0 @@
Это сервер I2P Reseed
============================
I2P - это одноранговая сеть, которая использует «Garlic Routing» для обеспечения конфиденциальности.
Узлы с повторным заполнением помогут вам впервые подключиться к I2P, и даже если
вы должны использовать их только время от времени, они очень важны
Сервисы.
[Чтобы узнать больше об I2P, посетите сайт проекта] (https://geti2p.net)
------------------------------------------------------------------------
[! [Повторное заполнение справки] (images / Reseed.png)] (https://geti2p.net)
- [Подробнее о Reseeds] (https://geti2p.net/en/docs/reseed)
- [Узнайте, как запустить повторное заполнение] (https://geti2p.net/en/get-involved/guides/reseed)
- [Прочтите код сервера повторного заполнения и узнайте о дополнительных параметрах повторного заполнения] (https://i2pgit.org/idk/reseed-tools)
### Возникли проблемы с подключением? Вот вам одноразовая ссылка на набор повторных рассылок.

18
content/lang/zh/homepage.md
View File

@@ -1,18 +0,0 @@
这是一个 I2P Reseed 服务器
============================
I2P 是一种点对点网络,它使用“大蒜路由”来维护隐私。
Reseed 节点可帮助您首次连接到 I2P即使
你应该只需要偶尔使用它们,它们非常重要
服务。
【了解更多关于I2P请访问项目网站】(https://geti2p.net)
-----------------------------------------------------------------
[![帮助重新播种](images/reseed.png)](https://geti2p.net)
- [了解更多关于 reseeds](https://geti2p.net/en/docs/reseed)
- [了解如何进行重新播种](https://geti2p.net/en/get-involved/guides/reseed)
- [阅读 reseed 服务器代码并了解更多 reseed 选项](https://i2pgit.org/idk/reseed-tools)
### 有连接问题? 这是为您提供的重新种子包的一次性链接。

0
content/script.js
View File

72
content/style.css
View File

@@ -1,72 +0,0 @@
body {
font-family: "Roboto", monospace;
text-align: justify;
background-color: #D9D9D9;
}
h1 {
width: 55%;
margin-left: 45%;
margin-top: 5%;
}
h2 {
width: 55%;
margin-left: 45%;
}
#homepage > h2:nth-child(3) > a:nth-child(1) {
text-decoration: none;
}
h3 {
width: 55%;
margin-left: 45%;
}
ul {
width: 55%;
display: block;
margin-left: 40%;
}
li {
margin-top: 1%;
margin-left: 20%;
}
p {
max-width: 55%;
font-size: 1.2em;
margin-right: 2%;
}
#homepage > p:nth-child(2){
margin-left: 45%;
}
img {
position: absolute;
margin-top: 3%;
top: 5%;
left: 5%;
width: 35%;
display: inline;
margin-bottom: 5%;
padding-bottom: 5%;
}
.inline {
display: inline;
}
.link-button {
margin-top: 3%;
padding: 2%;
padding-left: 5%;
padding-right: 5%;
margin-left: -3%;
border-radius: 20%;
border-style: groove;
}
.link-button:focus {
outline: none;
}
.link-button:active {
color:red;
}

1
description-pak
View File

@@ -1 +0,0 @@
Reseed tools is a self-contained, easy-to-configure I2P reseed service which can be run on any OS.

7
entrypoint.sh
View File

@@ -1,7 +0,0 @@
#! /usr/bin/env sh
cd /var/lib/i2p/i2p-config/reseed
cp -r /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/content ./content
/var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/reseed-tools reseed --yes=true --netdb=/var/lib/i2p/i2p-config/netDb $@

2
etc/default/reseed
View File

@@ -1,2 +0,0 @@
#Edit the contact/signing email used by your reseed server here
export RESEED_EMAIL=""

33
etc/init.d/reseed
View File

@@ -8,31 +8,42 @@
# Description: <DESCRIPTION>
### END INIT INFO
SCRIPT='/usr/bin/reseed-tools'
SCRIPT='/usr/local/bin/i2p-tools'
RUNAS=i2psvc
NETDBDIR=/var/lib/i2p/i2p-config/netDb
RUNDIR=/var/lib/i2p/i2p-config/reseed
SIGNER=you@mail.i2p
MORE_OPTIONS=""
if [ -f /etc/default/reseed ]; then
. /etc/default/reseed
source /etc/default/reseed
fi
RUNOPTS=" reseed --yes=true --netdb=$NETDBDIR $MORE_OPTIONS "
RUNOPTS=" reseed --signer=$SIGNER --netdb=$NETDBDIR $MORE_OPTIONS "
rundir(){
if [ !-d $RUNDIR ]; then
install -d -oi2psvc -m2770 $RUNDIR
fi
cd $RUNDIR
}
start() {
start-stop-daemon --user $RUNAS --chuid $RUNAS --exec $SCRIPT --chdir $RUNDIR --make-pidfile --pidfile $RUNDIR/reseed.pid --start -- $RUNOPTS
rundir
su - $RUNAS $SCRIPT $RUNOPTS --restart=start
}
stop() {
start-stop-daemon --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --remove-pidfile --pidfile $RUNDIR/reseed.pid --stop
rundir
su - $RUNAS $SCRIPT $RUNOPTS --restart=stop
}
start() {
rundir
su - $RUNAS $SCRIPT $RUNOPTS --restart=restart
}
status() {
start-stop-daemon --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --remove-pidfile --pidfile $RUNDIR/reseed.pid --status
}
restart() {
stop
start
rundir
su - $RUNAS $SCRIPT $RUNOPTS --restart=status
}
uninstall() {

5
etc/systemd/system/reseed.d/reseed.conf
View File

@@ -1,5 +0,0 @@
# Use this file to configure the contact/signer email used for the reseed service.
# without it the reseed will fail to start.
[Service]
Environment="RESEED_EMAIL="

17
etc/systemd/system/reseed.d/reseed.service
View File

@@ -1,17 +0,0 @@
[Unit]
Description=I2P reseed service
After=network.target
StartLimitIntervalSec=0
Requires=i2p.service
[Service]
User=i2psvc
RuntimeDirectory=/var/lib/i2p/i2p-config/reseed
WorkingDirectory=/var/lib/i2p/i2p-config/reseed
ExecStart=/usr/bin/reseed-tools reseed --yes=true --netdb=/var/lib/i2p/i2p-config/netDb
Restart=always
RestartSec=10
RuntimeMaxSec=43200
[Install]
WantedBy=multi-user.target

37
go.mod
View File

@@ -1,28 +1,25 @@
module i2pgit.org/idk/reseed-tools
module github.com/eyedeekay/i2p-tools-1
go 1.13
require (
crawshaw.io/littleboss v0.0.0-20190317185602-8957d0aedcce // indirect
github.com/MDrollette/i2p-tools v0.0.0
github.com/codegangsta/cli v1.22.1
github.com/cretz/bine v0.1.0
github.com/eyedeekay/checki2cp v0.0.21
github.com/eyedeekay/sam3 v0.32.32
github.com/go-acme/lego/v4 v4.3.1
github.com/gorilla/handlers v1.5.1
github.com/justinas/alice v1.2.0
github.com/libp2p/go-libp2p v0.13.0
github.com/libp2p/go-libp2p-core v0.8.0
github.com/libp2p/go-libp2p-gostream v0.3.1
github.com/libp2p/go-libp2p-http v0.2.0
github.com/throttled/throttled/v2 v2.7.1
github.com/urfave/cli v1.22.5
gitlab.com/golang-commonmark/markdown v0.0.0-20191127184510-91b5b3c99c19
golang.org/x/text v0.3.5
github.com/eyedeekay/sam3 v0.32.2
github.com/gomodule/redigo v1.8.0 // indirect
github.com/gorilla/handlers v1.4.2
github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da
github.com/libp2p/go-libp2p v0.6.0
github.com/libp2p/go-libp2p-core v0.5.0
github.com/libp2p/go-libp2p-gostream v0.2.1
github.com/libp2p/go-libp2p-http v0.1.5
github.com/shurcooL/go v0.0.0-20190704215121-7189cc372560 // indirect
github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041 // indirect
github.com/throttled/throttled v2.2.4+incompatible
)
replace github.com/libp2p/go-libp2p => github.com/libp2p/go-libp2p v0.13.0
replace github.com/MDrollette/i2p-tools v0.0.0 => ./
replace github.com/libp2p/go-libp2p-core => github.com/libp2p/go-libp2p-core v0.8.0
replace github.com/libp2p/go-libp2p-gostream => github.com/libp2p/go-libp2p-gostream v0.3.1
replace github.com/libp2p/go-libp2p-http => github.com/libp2p/go-libp2p-http v0.2.0
replace github.com/codegangsta/cli v1.22.1 => github.com/urfave/cli v1.22.1

1190
go.sum
View File

File diff suppressed because it is too large Load Diff

2
history.txt
View File

@@ -41,4 +41,4 @@
* numRi per su3 file: 75 --> 77
2016-01
* fork from https://i2pgit.org/idk/reseed-tools
* fork from https://github.com/MDrollette/i2p-tools

70
index.html
View File

@@ -1,70 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Reseed Tools</title>
<link rel="stylesheet" type="text/css" href ="/style.css" />
</head>
<body>
<h1 id="i2p-reseed-tools">I2P Reseed Tools</h1>
<p>This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to create, sign, and validate SU3 files. Please note that this requires at least Go version 1.13, and uses Go Modules.</p>
<p>Standard reseeds are distributed with the I2P packages. To get your reseed included, apply on <a href="http://zzz.i2p">zzz.i2p</a>.</p>
<h2 id="dependencies">Dependencies</h2>
<p><code>go</code>, <code>git</code>, and optionally <code>make</code> are required to build the project. Precompiled binaries for most platforms are available at my github mirror https://github.com/eyedeekay/i2p-tools-1.</p>
<p>In order to install the build-dependencies on Ubuntu or Debian, you may use:</p>
<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true"></a><span class="fu">sudo</span> apt-get install golang-go git make</span></code></pre></div>
<h2 id="installation">Installation</h2>
<p>Reseed-tools can be run as a user, as a freestanding service, or be installed as an I2P Plugin. It will attempt to configure itself automatically. You should make sure to set the <code>--signer</code> flag or the <code>RESEED_EMAIL</code> environment variable to configure your signing keys/contact info.</p>
<h4 id="plugin-install-urls">Plugin install URLs</h4>
<p>Plugin releases are available inside of i2p at http://idk.i2p/reseed-tools/ and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases. These can be installed by adding them on the <a href="http://127.0.0.1:7657/configplugins">http://127.0.0.1:7657/configplugins</a>.</p>
<p>After installing the plugin, you should immediately edit the <code>$PLUGIN/signer</code> file in order to set your <code>--signer</code> email, which is used to name your keys. You can find the <code>$PLUGIN</code> directory in your I2P config directory, which is usually <code>$HOME/.i2p</code> on Unixes.</p>
<p>This will allow the developers to contact you if your reseed has issues and will authenticate your reseed to the I2P routers that use it.</p>
<ul>
<li>darwin/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3</a></li>
<li>darwin/arm64: <a href="http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3">http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3</a></li>
<li>linux/386: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3</a></li>
<li>linux/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-amd64.su3</a></li>
<li>linux/arm: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-arm.su3</a></li>
<li>linux/arm64: <a href="http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3">http://idk.i2p/reseed-tools/reseed-tools-linux-arm64.su3</a></li>
<li>openbsd/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-openbsd-amd64.su3</a></li>
<li>freebsd/386: <a href="http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3">http://idk.i2p/reseed-tools/reseed-tools-freebsd-386.su3</a></li>
<li>freebsd/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-freebsd-amd64.su3</a></li>
<li>windows/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-windows-amd64.su3</a></li>
<li>windows/386: <a href="http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3">http://idk.i2p/reseed-tools/reseed-tools-windows-386.su3</a></li>
</ul>
<h3 id="installationfrom-source">Installation(From Source)</h3>
<pre><code>git clone https://i2pgit.org/idk/reseed-tools
cd reseed-tools
make build
# Optionally, if you want to install to /usr/bin/reseed-tools
sudo make install</code></pre>
<h2 id="usage">Usage</h2>
<h4 id="debianubuntu-note">Debian/Ubuntu note:</h4>
<p>Debian users who are running I2P as a system service must also run the <code>reseed-tools</code> as the same user. This is so that the reseed-tools can access the I2P services netDb directory. On Debian and Ubuntu, that user is <code>i2psvc</code> and the netDb directory is: <code>/var/lib/i2p/i2p-config/netDb</code>.</p>
<h5 id="systemd-service">Systemd Service</h5>
<p>A systemd service is provided which should work with the I2P Debian package when reseed-tools is installed in <code>/usr/bin/reseed-tools</code>. If you install with <code>make install</code> this service is also installed. This service will cause the bundles to regenerate every 12 hours.</p>
<p>The contact email for your reseed should be added in: <code>/etc/systemd/system/reseed.d/reseed.conf</code>.</p>
<p>Self-signed certificates will be auto-generated for these services. To change this you should edit the <code>/etc/systemd/system/reseed.d/reseed.service</code>.</p>
<ul>
<li>To enable starting the reseed service automatically with the system: <code>sudo systemctl enable reseed.service</code></li>
<li>To run the service manually: <code>sudo sysctl start reseed.service</code><br />
</li>
<li>To reload the systemd services: <code>sudo systemctl daemon-reload</code></li>
<li>To view the status/logs: <code>sudo journalctl -u reseed.service</code></li>
</ul>
<h5 id="sysv-service">SysV Service</h5>
<p>An initscript is also provided. The initscript, unlike the systemd service, cannot schedule itself to restart. You should restart the service roughly once a day to ensure that the information does not expire.</p>
<p>The contact email for your reseed should be added in: <code>/etc/init.d/reseed</code>.</p>
<p>Self-signed certificates will be auto-generated for these services. To change this you should edit the <code>/etc/init.d/reseed</code>.</p>
<h2 id="example-commands">Example Commands:</h2>
<h3 id="without-a-webserver-standalone-with-tls-support">Without a webserver, standalone with TLS support</h3>
<p>If this is your first time running a reseed server (ie. you dont have any existing keys), you can simply run the command and follow the prompts to create the appropriate keys, crl and certificates. Afterwards an HTTPS reseed server will start on the default port and generate 6 files in your current directory (a TLS key, certificate and crl, and a su3-file signing key, certificate and crl).</p>
<pre><code>reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld</code></pre>
<h3 id="locally-behind-a-webserver-reverse-proxy-setup-preferred">Locally behind a webserver (reverse proxy setup), preferred:</h3>
<p>If you are using a reverse proxy server it may provide the TLS certificate instead.</p>
<pre><code>reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy</code></pre>
<ul>
<li><strong>Usage</strong> <a href="EXAMPLES.md">More examples can be found here.</a></li>
<li><strong>Docker</strong> <a href="DOCKER.md">Docker examples can be found here</a></li>
</ul>
</body>
</html>

8
main.go
View File

@@ -4,8 +4,8 @@ import (
"os"
"runtime"
"github.com/urfave/cli"
"i2pgit.org/idk/reseed-tools/cmd"
"github.com/MDrollette/i2p-tools/cmd"
"github.com/codegangsta/cli"
)
func main() {
@@ -18,8 +18,8 @@ func main() {
runtime.GOMAXPROCS(runtime.NumCPU() / 2)
app := cli.NewApp()
app.Name = "reseed-tools"
app.Version = "0.2.9"
app.Name = "i2p-tools-1"
app.Version = "0.1.7"
app.Usage = "I2P tools and reseed server"
app.Author = "eyedeekay"
app.Email = "hankhill19580@gmail.com"

35
postinstall-pak
View File

@@ -1,35 +0,0 @@
#! /usr/bin/env sh
RESEED_MESSAGE="Reseed Tools requires you to set an email for contact purposes.
This is in case your reseed goes down.
Please enter your email below."
RESEED_CONF="# Use this file to configure the contact/signer email used for the reseed service.
# without it the reseed will fail to start.
[Service]
Environment=\"RESEED_EMAIL="
RESEED_DEFAULT="#Edit the contact/signing email used by your reseed server here
export RESEED_EMAIL=\""
mkdir -p /etc/systemd/system/reseed.d/
if [ -f /usr/bin/zenity ]; then
RESEED_EMAIL=$(zenity --entry --title "Reseed Configuration" --text "$RESEED_MESSAGE" 10 30 3>&1 1>&2 2>&3)
echo "$RESEED_DEFAULT$RESEED_EMAIL\"" >> /etc/default/reseed
echo "$RESEED_CONF$RESEED_EMAIL\"" >> /etc/systemd/system/reseed.d/reseed.conf
exit 0
fi
if [ -t 1 ] ; then
echo "proceeding with terminal";
else
exit 0
fi
if [ -f /usr/bin/whiptail ]; then
RESEED_EMAIL=$(whiptail --inputbox "$RESEED_MESSAGE" 10 30 3>&1 1>&2 2>&3)
echo "$RESEED_DEFAULT$RESEED_EMAIL\"" >> /etc/default/reseed
echo "$RESEED_CONF$RESEED_EMAIL\"" >> /etc/systemd/system/reseed.d/reseed.conf
exit 0
fi

154
reseed/homepage.go
View File

@@ -1,154 +0,0 @@
package reseed
import (
"io/ioutil"
"log"
"net/http"
"os"
"path/filepath"
"strings"
"gitlab.com/golang-commonmark/markdown"
"golang.org/x/text/language"
)
var SupportedLanguages = []language.Tag{
language.English,
language.Russian,
language.SimplifiedChinese,
language.Arabic,
language.Portuguese,
language.German,
language.French,
language.Spanish,
language.Indonesian,
language.Hindi,
language.Japanese,
language.Korean,
language.Bengali,
}
var CachedLanguagePages = map[string]string{}
var CachedDataPages = map[string][]byte{}
var BaseContentPath, ContentPathError = ContentPath()
var matcher = language.NewMatcher(SupportedLanguages)
var header = []byte(`<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>This is an I2P Reseed Server</title>
<link rel="stylesheet" href="style.css">
<script src="script.js"></script>
</head>
<body>`)
var footer = []byte(` </body>
</html>`)
var md = markdown.New(markdown.XHTMLOutput(true), markdown.HTML(true))
func ContentPath() (string, error) {
exPath, err := os.Getwd()
if err != nil {
return "", err
}
//exPath := filepath.Dir(ex)
if _, err := os.Stat(filepath.Join(exPath, "content")); err != nil {
return "", err
}
return filepath.Join(exPath, "content"), nil
}
func (srv *Server) HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
if ContentPathError != nil {
http.Error(w, "403 Forbidden", http.StatusForbidden)
return
}
lang, _ := r.Cookie("lang")
accept := r.Header.Get("Accept-Language")
log.Printf("lang: '%s', accept: '%s'\n", lang, accept)
for name, values := range r.Header {
// Loop over all values for the name.
for _, value := range values {
log.Printf("name: '%s', value: '%s'\n", name, value)
}
}
tag, _ := language.MatchStrings(matcher, lang.String(), accept)
log.Printf("tag: '%s'\n", tag)
base, _ := tag.Base()
log.Printf("base: '%s'\n", base)
switch r.URL.Path {
case "/style.css":
w.Header().Set("Content-Type", "text/css")
HandleAFile(w, "", "style.css")
case "/script.js":
w.Header().Set("Content-Type", "text/javascript")
HandleAFile(w, "", "script.js")
default:
image := strings.Replace(r.URL.Path, "/", "", -1)
if strings.HasPrefix(image, "images") {
w.Header().Set("Content-Type", "image/png")
HandleAFile(w, "images", strings.TrimPrefix(strings.TrimPrefix(r.URL.Path, "/"), "images"))
} else {
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(header))
HandleALocalizedFile(w, base.String())
w.Write([]byte(`<ul><li><form method="post" action="/i2pseeds" class="inline">
<input type="hidden" name="onetime" value="` + srv.Acceptable() + `">
<button type="submit" name="submit_param" value="submit_value" class="link-button">
Reseed
</button>
</form></li></ul>`))
w.Write([]byte(footer))
}
}
}
func HandleAFile(w http.ResponseWriter, dirPath, file string) {
file = filepath.Join(dirPath, file)
if _, prs := CachedDataPages[file]; prs == false {
path := filepath.Join(BaseContentPath, file)
f, err := ioutil.ReadFile(path)
if err != nil {
w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
return
}
CachedDataPages[file] = f
w.Write([]byte(CachedDataPages[file]))
} else {
w.Write(CachedDataPages[file])
}
}
func HandleALocalizedFile(w http.ResponseWriter, dirPath string) {
if _, prs := CachedLanguagePages[dirPath]; prs == false {
dir := filepath.Join(BaseContentPath, "lang", dirPath)
files, err := ioutil.ReadDir(dir)
if err != nil {
w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
}
var f []byte
for _, file := range files {
if !strings.HasSuffix(file.Name(), ".md") {
return
}
trimmedName := strings.TrimSuffix(file.Name(), ".md")
path := filepath.Join(dir, file.Name())
b, err := ioutil.ReadFile(path)
if err != nil {
w.Write([]byte("Oops! Something went wrong handling your language. Please file a bug at https://i2pgit.org/idk/reseed-tools\n\t" + err.Error()))
return
}
f = append(f, []byte(`<div id="`+trimmedName+`">`)...)
f = append(f, []byte(md.RenderToString(b))...)
f = append(f, []byte(`</div>`)...)
}
CachedLanguagePages[dirPath] = string(f)
w.Write([]byte(CachedLanguagePages[dirPath]))
} else {
w.Write([]byte(CachedLanguagePages[dirPath]))
}
}

99
reseed/server.go
View File

@@ -3,7 +3,6 @@ package reseed
import (
"bytes"
"context"
"crypto/rand"
"crypto/tls"
"io"
"log"
@@ -21,8 +20,8 @@ import (
"github.com/libp2p/go-libp2p-core/host"
gostream "github.com/libp2p/go-libp2p-gostream"
p2phttp "github.com/libp2p/go-libp2p-http"
throttled "github.com/throttled/throttled/v2"
"github.com/throttled/throttled/v2/store"
"github.com/throttled/throttled"
"github.com/throttled/throttled/store"
)
const (
@@ -35,10 +34,9 @@ type Server struct {
I2PSession *sam3.StreamSession
I2PListener *sam3.StreamListener
I2PKeys i2pkeys.I2PKeys
Reseeder *ReseederImpl
Reseeder Reseeder
Blacklist *Blacklist
OnionListener *tor.OnionService
acceptables map[string]time.Time
}
func NewServer(prefix string, trustProxy bool) *Server {
@@ -67,7 +65,6 @@ func NewServer(prefix string, trustProxy bool) *Server {
server := Server{Server: h, Reseeder: nil}
th := throttled.RateLimit(throttled.PerHour(4), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000))
thw := throttled.RateLimit(throttled.PerHour(30), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000))
middlewareChain := alice.New()
if trustProxy {
@@ -82,85 +79,13 @@ func NewServer(prefix string, trustProxy bool) *Server {
})
mux := http.NewServeMux()
mux.Handle("/", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware, thw.Throttle, server.browsingMiddleware).Then(errorHandler))
mux.Handle("/", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware).Then(errorHandler))
mux.Handle(prefix+"/i2pseeds.su3", middlewareChain.Append(disableKeepAliveMiddleware, loggingMiddleware, verifyMiddleware, th.Throttle).Then(http.HandlerFunc(server.reseedHandler)))
server.Handler = mux
return &server
}
// See use of crypto/rand on:
// https://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-go
const (
letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" // 52 possibilities
letterIdxBits = 6 // 6 bits to represent 64 possibilities / indexes
letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
)
func SecureRandomAlphaString() string {
length := 16
result := make([]byte, length)
bufferSize := int(float64(length) * 1.3)
for i, j, randomBytes := 0, 0, []byte{}; i < length; j++ {
if j%bufferSize == 0 {
randomBytes = SecureRandomBytes(bufferSize)
}
if idx := int(randomBytes[j%length] & letterIdxMask); idx < len(letterBytes) {
result[i] = letterBytes[idx]
i++
}
}
return string(result)
}
// SecureRandomBytes returns the requested number of bytes using crypto/rand
func SecureRandomBytes(length int) []byte {
var randomBytes = make([]byte, length)
_, err := rand.Read(randomBytes)
if err != nil {
log.Fatal("Unable to generate random bytes")
}
return randomBytes
}
//
func (srv *Server) Acceptable() string {
if srv.acceptables == nil {
srv.acceptables = make(map[string]time.Time)
}
if len(srv.acceptables) > 50 {
for val := range srv.acceptables {
srv.CheckAcceptable(val)
}
for val := range srv.acceptables {
if len(srv.acceptables) < 50 {
break
}
delete(srv.acceptables, val)
}
}
acceptme := SecureRandomAlphaString()
srv.acceptables[acceptme] = time.Now()
return acceptme
}
func (srv *Server) CheckAcceptable(val string) bool {
if srv.acceptables == nil {
srv.acceptables = make(map[string]time.Time)
}
if timeout, ok := srv.acceptables[val]; ok {
checktime := time.Now().Sub(timeout)
if checktime > (4 * time.Minute) {
delete(srv.acceptables, val)
return false
}
delete(srv.acceptables, val)
return true
}
return false
}
func (srv *Server) ListenAndServe() error {
addr := srv.Addr
if addr == "" {
@@ -320,7 +245,7 @@ func (srv *Server) ListenAndServeI2P(samaddr string, I2PKeys i2pkeys.I2PKeys) er
if err != nil {
return err
}
log.Printf("I2P server started on http://%v.b32.i2p\n", srv.I2PListener.Addr().(i2pkeys.I2PAddr).Base32())
log.Printf("I2P server started on http://%v.onion\n", srv.OnionListener.ID)
return srv.Serve(srv.I2PListener)
}
@@ -366,20 +291,6 @@ func loggingMiddleware(next http.Handler) http.Handler {
return handlers.CombinedLoggingHandler(os.Stdout, next)
}
func (srv *Server) browsingMiddleware(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
if srv.CheckAcceptable(r.FormValue("onetime")) {
srv.reseedHandler(w, r)
}
if i2pUserAgent != r.UserAgent() {
srv.HandleARealBrowser(w, r)
return
}
next.ServeHTTP(w, r)
}
return http.HandlerFunc(fn)
}
func verifyMiddleware(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
if i2pUserAgent != r.UserAgent() {

14
reseed/service.go
View File

@@ -15,7 +15,7 @@ import (
"sync"
"time"
"i2pgit.org/idk/reseed-tools/su3"
"github.com/MDrollette/i2p-tools/su3"
)
type routerInfo struct {
@@ -33,13 +33,13 @@ func (p Peer) Hash() int {
return int(crc32.ChecksumIEEE(c))
}
/*type Reseeder interface {
type Reseeder interface {
// get an su3 file (bytes) for a peer
PeerSu3Bytes(peer Peer) ([]byte, error)
}*/
}
type ReseederImpl struct {
netdb *LocalNetDbImpl
netdb NetDbProvider
su3s chan [][]byte
SigningKey *rsa.PrivateKey
@@ -49,7 +49,7 @@ type ReseederImpl struct {
NumSu3 int
}
func NewReseeder(netdb *LocalNetDbImpl) *ReseederImpl {
func NewReseeder(netdb NetDbProvider) *ReseederImpl {
return &ReseederImpl{
netdb: netdb,
su3s: make(chan [][]byte),
@@ -224,10 +224,10 @@ func (rs *ReseederImpl) createSu3(seeds []routerInfo) (*su3.File, error) {
return su3File, nil
}
/*type NetDbProvider interface {
type NetDbProvider interface {
// Get all router infos
RouterInfos() ([]routerInfo, error)
}*/
}
type LocalNetDbImpl struct {
Path string

14
su3/su3.go
View File

@@ -23,20 +23,16 @@ const (
SigTypeRSAWithSHA384 = uint16(5)
SigTypeRSAWithSHA512 = uint16(6)
ContentTypeUnknown = uint8(0)
ContentTypeRouter = uint8(1)
ContentTypePlugin = uint8(2)
ContentTypeReseed = uint8(3)
ContentTypeNews = uint8(4)
ContentTypeBlocklist = uint8(5)
ContentTypeUnknown = uint8(0)
ContentTypeRouter = uint8(1)
ContentTypePlugin = uint8(2)
ContentTypeReseed = uint8(3)
ContentTypeNews = uint8(4)
FileTypeZIP = uint8(0)
FileTypeXML = uint8(1)
FileTypeHTML = uint8(2)
FileTypeXMLGZ = uint8(3)
FileTypeTXTGZ = uint8(4)
FileTypeDMG = uint8(5)
FileTypeEXE = uint8(6)
magicBytes = "I2Psu3"
)