Removed experimental I2P support and JamVM

I2P is too heavy, supports only popular Java VMs (I2P #519),
is unreliable over Tor, not useful to many users without full
router console (whereas non-autopilot mode is bad anonymity
practice), lags behind Tor in applying anonymity research
results, has questionable anonymity properties due to its P2P
architecture [1]. JamVM / GNU Classpath saw no updates in recent
years, and relying on them in a network-facing daemon is
irresponsible.

Updated to cables communication 3.2.5 with disabled I2P support.

Also removed SMART smartdb.h build-time update and verification,
since PCI and USB DBs are now handled via separate packages, and
I2P hosts.txt verification is not necessary anymore.

[1] https://tails.boum.org/forum/Why_do_we_share_traffic_for_I2P___63__/

conf/rootfs.excludes

@@ -67,12 +67,6 @@
 /usr/share/vala/
 /usr/share/glib-[0-9]*/gettext/
 /usr/share/gtk-[0-9]*/demo/
-/usr/share/gnu-classpath-[0-9]*/
-/usr/gnu-classpath-[0-9]*/include/
-/usr/gnu-classpath-[0-9]*/bin/
-/usr/gnu-classpath-[0-9]*/share/classpath/tools.zip
-/usr/lib/jamvm/bin/
-/usr/lib/jamvm/lib/tools.jar
 
 # Static libraries and libtool files
 /lib/**.a
@@ -145,15 +139,6 @@
 # (Geoclue providers are disabled)
 /usr/share/geoclue-providers/**
 
-# I2P (lib directory is pruned)
-/opt/i2p/geoip/
-/opt/i2p/eepsite/
-/opt/i2p/docs/
-/opt/i2p/webapps/
-/opt/i2p/lib/**
-/opt/i2p/*.config
-/opt/i2p/*i2psnark*
-
 # Statically linked binaries (and symlinks)
 /sbin/ldconfig
 /sbin/sln

conf/rootfs.includes

@@ -31,14 +31,5 @@
 /usr/share/games/eboard/Kingdom.png
 /usr/share/games/eboard/Diagram.png
 
-# I2P
-/opt/i2p/wrapper.config
-/opt/i2p/lib/i2p.jar
-/opt/i2p/lib/i2ptunnel.jar
-/opt/i2p/lib/streaming.jar
-/opt/i2p/lib/mstreaming.jar
-/opt/i2p/lib/router.jar
-/opt/i2p/lib/commons-logging.jar
-
 # Transient directories (excluded during image creation)
 /tmp/transient/***

doc/changelog.txt

@@ -9,6 +9,7 @@
 
   * Added UFRaw, a RAW images viewer and converter
   * Added proxychains, a heterogeneous chaining proxyfier
+  * Removed experimental I2P support and JamVM
 
 
 2012-09-01

enter

@@ -57,7 +57,6 @@ else
           --exclude=/root/                 \
           --exclude=/home/anon/            \
           --exclude=/home/nofw/            \
-          --exclude=/var/lib/i2p/          \
           --exclude=/var/lib/portage/      \
           --exclude=/usr/local/portage/    \
           --exclude=/etc/sudoers           \
@@ -101,12 +100,6 @@ else
     ${RSYNC} --chmod=u=rwX,go=   -i --delete-excluded -C ${SRC}/home/nofw ${LIVECD}/home
     chown -hR --from=0:0 2102:9001 ${LIVECD}/home/nofw
 
-    ${RSYNC} --chmod=u=rwX,go=   -i --delete \
-          --exclude=/i2p/router/netDb/                -C ${SRC}/var/lib/i2p ${LIVECD}/var/lib
-    if [ -e ${LIVECD}/tmp/i2p-ref ]; then
-        chown -hR --from=0:0 --reference=${LIVECD}/tmp/i2p-ref ${LIVECD}/var/lib/i2p
-    fi
-
     if [ -e /etc/resolv.conf ]; then
         ${RSYNC} -L --chmod=u=rw,go=r -i /etc/resolv.conf ${LIVECD}/etc
     fi

src/etc/NetworkManager/dispatcher.d/03-i2p

@@ -1,28 +0,0 @@
-#!/bin/sh
-
-exec 1>/dev/null 2>&1
-
-iface=$1
-action=$2
-
-case ${action} in
-*up|vpn-down)
-        # I2P isn't very good with changing IPs/interfaces.
-        if ! /etc/init.d/i2p -q status; then
-            logger -p 6 -t nm.dispatch "Starting I2P service (${iface})"
-            /etc/init.d/i2p -q start
-        else
-            logger -p 6 -t nm.dispatch "Restarting I2P service (${iface})"
-            /etc/init.d/i2p -qs restart
-        fi
-        ;;
-
-down)
-        # I2P hogs the CPU when it is unable to connect to peers
-        # NOTE: might be problematic with 2+ NICs
-        if /etc/init.d/i2p -q status; then
-            logger -p 6 -t nm.dispatch "Stopping I2P service (${iface})"
-            /etc/init.d/i2p -qs stop
-        fi
-        ;;
-esac

src/etc/conf.d/htpdate

@@ -1,6 +1,6 @@
 SERVERS="google.com facebook.com yahoo.com msn.com"
 
 # minimal 5min interval (divided between servers)
-HTPDATE_OPTS="-D -s -4 -l -u htp:htp -m 300 -T /var/run/htpdate/timeset.flag"
+HTPDATE_OPTS="-D -s -4 -l -u htp:htp -m 300"
 
 PROXY="-P 127.0.0.1:8118"

src/etc/init.d/identity

@@ -8,20 +8,15 @@ live=/mnt/live
 
 torrc=/etc/tor/torrc
 ltordir=${lmount}/security/tor/hidden_service
-li2pdir=${lmount}/security/i2p/eepsite
 certsdir=${lmount}/security/cable/certs
+gtordir=/var/lib/tor/hidden_service
 
 # certdate should be legal, and also recent to allow
 # for migration of v1.0 cables certificates
 gentorhost=gen-tor-hostname
-geni2phost=gen-i2p-hostname
 genuser=gen-cable-username
 certdate=2012-06-16
 
-gtordir=/var/lib/tor/hidden_service
-gi2pdir=/var/lib/i2p/router/eepsite
-
-i2pnmplugin=/etc/NetworkManager/dispatcher.d/03-i2p
 
 depend() {
     # need OTFE mount
@@ -30,9 +25,9 @@ depend() {
     # use entropy for keys generation / MAC randomization, if available
     use entropy
 
-    # Tor/I2P identities (if any) must be initialized before running NetworkManager/Tor/I2P
+    # Tor identity (if any) must be initialized before running NetworkManager/Tor
     # MAC randomization needs to occur before NetworkManager startup
-    before NetworkManager tor i2p
+    before NetworkManager tor
 
     # Dependents wait indefinitely (important for parallel startup)
     keyword -timeout
@@ -81,27 +76,6 @@ start() {
     fi
 
 
-    # Create (small) I2P eepsite key + b32/b64 hostnames, if they don't exist
-    if [ ! -e ${li2pdir} ]; then
-        ebegin Initializing I2P eepsite directory
-        sudo -n -u ${luser} ${geni2phost}
-        eend $?
-    fi
-
-
-    # Propagate I2P eepsite key
-    if [ -e ${gi2pdir}/eepPriv.dat ]; then
-        ebegin Verifying existing I2P eepsite key
-        cmp -s ${li2pdir}/eepPriv.dat ${gi2pdir}/eepPriv.dat
-        eend $?
-    else
-        ebegin Propagating I2P eepsite key
-        rsync -lptHS --safe-links --chmod=u=rw,go= ${li2pdir}/eepPriv.dat ${gi2pdir} \
-            && chown -h i2p:i2p ${gi2pdir}/eepPriv.dat
-        eend $?
-    fi
-
-
     # Create (big) private key + communication certificates + username
     if [ ! -e ${certsdir} ]  &&  mountpoint -q ${lmount}; then
         echo
@@ -124,13 +98,6 @@ start() {
     fi
 
 
-    if ! get_bootparam 'i2p'; then
-        einfo Disabling I2P
-        chmod a-x ${i2pnmplugin}
-        eend $?
-    fi
-
-
     # Randomize endings of wireless interfaces MAC addresses
     if ! get_bootparam 'noanon'; then
         ebegin Randomizing wireless MACs

src/etc/init.d/tordate

@@ -1,6 +1,6 @@
 #!/sbin/runscript
 
-description="Sets date from Tor consensus and handles Tor/I2P restarts."
+description="Sets date from Tor consensus and handles Tor restarts."
 
 command=/usr/local/sbin/tordate
 start_stop_daemon_args="-bm"
@@ -10,5 +10,5 @@ depend() {
     # need /var
     need   localmount
 
-    before NetworkManager tor i2p
+    before NetworkManager tor
 }

src/etc/portage/make.conf

@@ -1,6 +1,6 @@
 # Disable config files protection
 CONFIG_PROTECT="-* /etc/locale.gen"
-COLLISION_IGNORE="${COLLISION_IGNORE} /etc /usr/bin/yacc /opt/i2p/wrapper.config"
+COLLISION_IGNORE="${COLLISION_IGNORE} /etc"
 
 # Overlays
 PORTDIR_OVERLAY="/usr/local/portage"

src/etc/portage/package.use

@@ -6,7 +6,6 @@ sys-process/psmisc              -X
 dev-libs/m17n-lib               -X
 media-gfx/fbida                 -X
 app-text/ghostscript-gpl        -X
-dev-java/icedtea-bin            -X -cjk -alsa
 sys-devel/gcc                   -gtk
 net-dialup/ppp                  -gtk
 gnome-extra/libgsf              -gtk
@@ -56,7 +55,6 @@ media-plugins/audacious-plugins lame libsamplerate mms mtp
 media-plugins/gst-plugins-meta  dv lame theora vpx  a52 dts dvd mms mpeg  ffmpeg
 media-libs/libtheora            encode
 net-im/pidgin                   -gstreamer
-dev-java/gnu-classpath          gstreamer
 
 # Unnecessary functionality (portage: (#346749), geoclue: (#416331))
 sys-apps/portage                -xattr python2
@@ -101,7 +99,6 @@ x11-drivers/xf86-video-ati      udev
 media-libs/openjpeg             tools
 gnome-base/librsvg              tools
 media-libs/libquvi-scripts      offensive
-dev-java/gnu-classpath          xml
 app-arch/p7zip                  rar
 app-office/abiword              gnome
 app-text/evince                 gnome

src/etc/portage/profile/package.provided

@@ -12,6 +12,3 @@ media-fonts/font-sony-misc-0
 
 # Mostly unneeded (ghostscript-gpl)
 media-fonts/urw-fonts-2.4.9
-
-# virtual/jre (gnu-classpath circular dependency (#421095))
-dev-java/diablo-jre-bin-1.6.0

src/etc/privoxy/config

@@ -25,10 +25,11 @@ forward-socks5  /                       127.0.0.1:9050  .
 forward-socks5  .onion                  127.0.0.1:9050  .
 forward-socks5  .exit                   127.0.0.1:9050  .
 
-forward         .i2p                    127.0.0.1:4444
-forward         .i2p:443                127.0.0.1:4445
-forward         *AAAA/                  127.0.0.1:4444
-forward         *AAAA:443/              127.0.0.1:4445
+# (Example extension for I2P proxy)
+# forward         .i2p                    127.0.0.1:4444
+# forward         .i2p:443                127.0.0.1:4445
+# forward         *AAAA/                  127.0.0.1:4444
+# forward         *AAAA:443/              127.0.0.1:4445
 
 forward         127.0.0.1/              .
 forward         localhost/              .

src/etc/tmpfiles.d/htpdate.conf

@@ -1 +0,0 @@
-d /var/run/htpdate 0750 htp htp -

src/etc/tor/torrc

@@ -14,10 +14,6 @@ ControlListenAddress 127.0.0.1
 ControlPort          9051
 CookieAuthentication 1
 
-## Transparent proxy connections
-TransListenAddress   127.0.0.1
-TransPort            9040
-
 ## The directory for keeping all the keys/etc.
 DataDirectory        /var/lib/tor/data
 

src/home/anon/config/xchat/servlist_.conf

@@ -12,12 +12,6 @@ F=19
 D=0
 S=p4fsi4ockecnea7l.onion
 
-N=I2P
-E=IRC (Latin/Unicode Hybrid)
-F=3
-D=0
-S=127.0.0.1/6668
-
 N=Telecomix
 E=IRC (Latin/Unicode Hybrid)
 F=19

src/opt/i2p/wrapper.config

@@ -1,115 +0,0 @@
-#********************************************************************
-# Wrapper Properties
-#
-# WARNING - for any changes to take effect, you must completely
-# stop the router and the wrapper. Clicking 'Restart' on your
-# router console will NOT reread this file! You must
-# click "Shutdown", wait 11 minutes, then start i2p.
-#
-# http://wrapper.tanukisoftware.com/doc/english/properties.html
-#********************************************************************
-
-# Name and umask
-wrapper.name=i2p
-wrapper.umask=077
-
-# Java Application
-wrapper.java.command=java
-wrapper.java.mainclass=org.tanukisoftware.wrapper.WrapperSimpleApp
-
-# Java Application Parameters
-wrapper.ignore_sequence_gaps=TRUE
-wrapper.app.parameter.1=net.i2p.router.Router
-
-# Java Classpath
-wrapper.java.classpath.1=/usr/share/java-service-wrapper/lib/wrapper.jar
-wrapper.java.classpath.2=/opt/i2p/lib/*.jar
-
-# Java Library Path (location of Wrapper.DLL or libwrapper.so)
-wrapper.java.library.path.1=/usr/lib/java-service-wrapper
-
-# Java Additional Parameters
-# Numbers must be consecutive (except for stripquotes)
-wrapper.java.additional.1=-Di2p.dir.base=/opt/i2p
-wrapper.java.additional.2=-Di2p.dir.config=/var/lib/i2p/router
-wrapper.java.additional.3=-Di2p.dir.log=/var/log/i2p
-wrapper.java.additional.4=-Djava.io.tmpdir=/var/run/i2p
-wrapper.java.additional.5=-Di2p.naming.impl=net.i2p.client.naming.HostsTxtNamingService
-# wrapper.java.additional.X=-DloggerFilenameOverride=router-@.log
-# wrapper.java.additional.X=-Dwrapper.logfile=/var/log/i2p/wrapper.log
-# wrapper.java.additional.X=-Dorg.mortbay.http.Version.paranoid=true
-# wrapper.java.additional.X=-Dorg.mortbay.xml.XmlParser.NotValidating=true
-
-# On some IPv6 enabled systems, I2P and other network-enabled java applications
-# may fail to start. For examples see
-# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560044. 
-# Two things that may help if you experience this issue
-# 1) "echo 0 > /proc/sys/net/ipv6/bindv6only" as root; or
-# 2) uncomment the next two lines:
-# wrapper.java.additional.X=-Djava.net.preferIPv4Stack=true
-# wrapper.java.additional.X=-Djava.net.preferIPv6Addresses=false
-
-# Java Heap Size (in MB)
-wrapper.java.initmemory=4
-wrapper.java.maxmemory=32
-
-#********************************************************************
-# Wrapper Logging Properties
-#
-# Format: 'L' for log level, 'P' for prefix, 'D' for thread,
-# 'T' for time, 'Z' for millisecond time, and 'M' for message.
-#
-# Log levels: NONE, FATAL, ERROR, WARN, STATUS, INFO, DEBUG
-#********************************************************************
-# Format of output for the console
-wrapper.console.format=PM
-wrapper.console.loglevel=FATAL
-
-# Log file to use for wrapper output logging.
-wrapper.logfile=/var/log/i2p/wrapper.log
-wrapper.logfile.format=TM
-wrapper.logfile.maxsize=8k
-wrapper.logfile.maxfiles=1
-
-# File and syslog log levels
-wrapper.logfile.loglevel=INFO
-wrapper.syslog.loglevel=ERROR
-
-# Actions upon JVM exit, according to exit code
-# Router.java: EXIT_GRACEFUL         = 2
-#              EXIT_HARD             = 3
-#              EXIT_HARD_RESTART     = 4
-#              EXIT_GRACEFUL_RESTART = 5
-#              EXIT_OOM              = 10
-wrapper.on_exit.default=SHUTDOWN
-wrapper.on_exit.0=SHUTDOWN
-wrapper.on_exit.1=SHUTDOWN
-wrapper.on_exit.2=SHUTDOWN
-wrapper.on_exit.3=SHUTDOWN
-wrapper.on_exit.4=RESTART
-wrapper.on_exit.5=RESTART
-wrapper.on_exit.10=RESTART
-
-# Actions upon received signals (USR1/2 crash the JVM)
-# (HUP is forwarded, and initiates a graceful shutdown in routerconsole)
-wrapper.signal.mode.usr1=IGNORE
-wrapper.signal.mode.usr2=IGNORE
-
-# The router may take a few seconds to save state, etc on forced SHUTDOWN
-wrapper.jvm_exit.timeout=2
-
-# Give the OS some time to clear all the old sockets / etc before RESTART
-wrapper.restart.delay=2
-
-# The ping timeout must be at least 5 seconds longer than the value of wrapper.ping.interval.
-# Extend this if you are getting 'JVM appears hung' shutdowns.
-wrapper.ping.interval=300
-wrapper.ping.timeout=320
-
-# Don't use the wrapper's internal timer thread
-# (may restart the router whenever OS clock changes)
-wrapper.use_system_time=TRUE
-
-# PID file for the wrapper and the JVM (in addition to init.d's /var/run/i2p.pid)
-# wrapper.pidfile=/var/run/i2p/i2p.pid
-# wrapper.java.pidfile=/var/run/i2p/routerjvm.pid

src/root/config/linux-3.4.7-hardened.config

@@ -799,19 +799,7 @@ CONFIG_IP_NF_IPTABLES=m
 CONFIG_IP_NF_FILTER=m
 CONFIG_IP_NF_TARGET_REJECT=m
 # CONFIG_IP_NF_TARGET_ULOG is not set
-CONFIG_NF_NAT=m
-CONFIG_NF_NAT_NEEDED=y
-# CONFIG_IP_NF_TARGET_MASQUERADE is not set
-# CONFIG_IP_NF_TARGET_NETMAP is not set
-CONFIG_IP_NF_TARGET_REDIRECT=m
-CONFIG_NF_NAT_PROTO_GRE=m
-# CONFIG_NF_NAT_FTP is not set
-# CONFIG_NF_NAT_IRC is not set
-# CONFIG_NF_NAT_TFTP is not set
-# CONFIG_NF_NAT_AMANDA is not set
-CONFIG_NF_NAT_PPTP=m
-# CONFIG_NF_NAT_H323 is not set
-# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT is not set
 # CONFIG_IP_NF_MANGLE is not set
 # CONFIG_IP_NF_RAW is not set
 # CONFIG_IP_NF_SECURITY is not set

src/root/config/syslinux.cfg

@@ -18,7 +18,6 @@
 #     gentoo=xvesa       - force VESA video driver in Xorg
 #     gentoo=xfb         - force framebuffer video driver in Xorg (useful for EFI)
 #     gentoo=xkms        - force modesetting video driver in Xorg (Poulsbo, USB, ...)
-#     gentoo=i2p         - enable I2P
 #     gentoo=nosettings  - do not save/restore user-level application settings
 #     gentoo=nox         - disable X server configuration (manual "startx" is ok)
 #     gentoo=nologo      - disable desktop background logo (includes lock screen)
@@ -58,7 +57,7 @@ LABEL liberte
     APPEND cdroot_hash=FSHASH video=800x600-32 quiet memtest=1 loglevel=4
     TEXT HELP
 Select for normal boot.
-Optional params: readonly, [no]toram, gentoo={i2p,nosettings,noanon}.
+Optional params: readonly, [no]toram, gentoo={nosettings,noanon}.
     ENDTEXT
 
 LABEL vesa
@@ -67,7 +66,7 @@ LABEL vesa
     APPEND cdroot_hash=FSHASH nomodeset gentoo=xvesa quiet memtest=1 loglevel=4
     TEXT HELP
 Disables framebuffer console and forces VESA graphics in X.
-Optional params: readonly, [no]toram, gentoo={i2p,nosettings,noanon}.
+Optional params: readonly, [no]toram, gentoo={nosettings,noanon}.
     ENDTEXT
 
 LABEL console

src/root/helpers/chk-live-tree

@@ -35,8 +35,7 @@ find . -type l ! -xtype f ! -xtype d
 
 sinfo "Archives:"
 find . -type f  \( -name '*.gz' -o -name '*.bz2' -o -name '*.Z' \
-           -o -name '*.lzma' -o -name '*.xz' -o -name '*.zip' -o -name '*.[jw]ar' \) \
-        ! -path './opt/i2p/lib/*' ! -path './opt/i2p/webapps/*'
+           -o -name '*.lzma' -o -name '*.xz' -o -name '*.zip' -o -name '*.[jw]ar' \)
 
 sinfo "Sources:"
 find . -name '*.h' -o \( -name '*.inc' ! -path './usr/share/keymaps/*' \) \

src/root/helpers/gen-netdb

@@ -1,89 +0,0 @@
-#!/bin/sh -e
-
-export LC_ALL=C
-
-
-# Fetch URL and parameters
-netdburl=https://euve5653.vserver.de/netDb/
-
-maxnetdblst=2000
-maxfetches=5
-maxnetdb=100
-
-
-# Regular expressions (extended)
-rinfore='routerInfo-[[:alnum:]~-]{43}=\.dat'
-
-
-# Paths
-netdbdir=/tmp/netDb
-netdblst=${netdbdir}/names
-netdberr=${netdbdir}/errors
-i2pjar=/opt/i2p/lib/i2p.jar
-
-
-# Retrieve >= maxnetdblst routerInfos (in overlapping portions of 100)
-# in at most maxfetches attempts (hard limit)
-rm -rf ${netdbdir}
-mkdir  ${netdbdir}
-touch  ${netdblst}
-while [ "`cat ${netdblst} | wc -l`" -lt ${maxnetdblst}    \
-            -a  ${maxfetches} -gt 0 ]; do
-    # curl error code is discarded in pipe
-    curl -k -sfg --compressed ${netdburl}                 \
-        | sed 's/>/>\n/g'                                 \
-        | sed -nr "s@^.*\<href=\"(${rinfore})\".*\$@\1@p" \
-        >> ${netdblst}
-
-    # remove added duplicate entries
-    sort -u ${netdblst} > ${netdblst}.tmp
-    mv ${netdblst}.tmp ${netdblst}
-
-    maxfetches=$((maxfetches - 1))
-done
-
-# Pick arbitrary maxnetdblst entries
-shuf -n ${maxnetdblst} -o ${netdblst}.tmp ${netdblst}
-mv ${netdblst}.tmp ${netdblst}
-
-
-if [ ! -s ${netdblst} ]; then
-    rm -r ${netdbdir}
-    exit 1
-else
-    echo "Retrieving `cat ${netdblst} | wc -l` routerInfos"
-    curl -k -s --compressed -o ${netdbdir}/#1 \
-        ${netdburl}`cat ${netdblst} | tr '\n' , | sed 's/^/{/; s/,$/}/'` || :
-
-    # Delete non-conforming files as precautionary measure (includes namedblst)
-    find ${netdbdir} -regextype posix-egrep -mindepth 1 \
-        \( ! -type f -o ! -regex "${netdbdir}/${rinfore}" \) -delete
-
-    # Delete fetch errors
-    rm -f `file -N --mime-type -F '' ${netdbdir}/routerInfo-*=.dat | sed -n 's/ text\/html$//p'`
-
-    # Make sure all files are in correct format
-    java -cp ${i2pjar} net.i2p.data.RouterInfo ${netdbdir}/routerInfo-*=.dat 1>/dev/null 2>${netdberr}
-    if [ -s ${netdberr} ]; then
-        echo "Error parsing fetched routerInfos"
-        exit 1
-    fi
-    rm ${netdberr}
-
-    # Delete non-NTCP+OR/OfR-capable routerInfos
-    # (see http://zzz.i2p.to/topics/280)
-    java -cp ${i2pjar} net.i2p.data.RouterInfo ${netdbdir}/routerInfo-*=.dat \
-        | sed -nr 's/^[[:blank:]]+//; /^(Hash: [[:alnum:]~-]{43}=|TransportStyle: NTCP|\[caps\] = \[(OR|OfR)\])$/p' \
-        | tr '\n' ,                                                  \
-        | sed -r 's/,(Hash:|$)/\n\1/g'                               \
-        | sed -r '/,TransportStyle:.*,\[caps\]/d'                    \
-        | sed -r "s@^Hash: ([^,]*).*@${netdbdir}/routerInfo-\1.dat@" \
-        | xargs rm -f --
-
-    # Delete arbitrary extraneous routerInfos
-    netdborig=`find ${netdbdir} -type f | wc -l`
-    find ${netdbdir} -type f | shuf | tail -n +$((maxnetdb+1)) | xargs rm -f --
-
-    netdbsel=`find ${netdbdir} -type f | wc -l`
-    echo "Selected ${netdbsel} (out of ${netdborig}) NTCP+OR/OfR-capable routerInfos"
-fi

src/root/helpers/vfy-databases

@@ -1,32 +0,0 @@
-#!/bin/sh -e
-
-export LC_ALL=C
-
-
-# Regular expressions (extended)
-i2phosts_regexp='^[[:alnum:].-]{1,63}.i2p=[[:alnum:]~-]{512}AAAA[[:blank:]]?$'
-
-
-# Paths
-drivedb=/usr/share/smartmontools/drivedb.h
-tmpdb=/tmp/drivedb.h
-
-i2phosts=/opt/i2p/hosts.txt
-
-
-# Verify SMART database (also, given directly to smartctl during update)
-cpp -x c -fpreprocessed -std=c99 -nostdinc -undef -Wall -Werror -pedantic-errors \
-    -o ${tmpdb} ${drivedb}
-drivedbout=$(sed '/^ *$/d; /^#/d; s/ //g; s/\\"//g; s/"[^"]*"//g' ${tmpdb} \
-                 | tr -d '\n' | sed 's/{,,,,},//g' | wc -c)
-
-if [ "${drivedbout}" != 0 ]; then
-    echo "${drivedb} verification failed"
-    exit 1
-fi
-
-rm ${tmpdb}
-
-
-# Verify I2P hosts
-awk --posix "! /${i2phosts_regexp}/ { print; exit 1 }" ${i2phosts}

src/root/setup

@@ -12,11 +12,6 @@ protected="/etc/._cfg????_locale.gen"
 
 kpatches=${HOME}/patches/kernel-patches.sha256
 
-i2phostsurl=https://www.i2p2.de/hosts.txt
-i2phosts=/opt/i2p/hosts.txt
-netdbdir=/tmp/netDb
-netdbdst=/var/lib/i2p/router/netDb
-
 
 sinfo() {
     echo -e "\033[1;33;41m$@\033[0m"
@@ -340,43 +335,6 @@ eselect opengl set xorg-x11
 eselect xvmc   set xorg-x11
 
 
-sinfo "Updating SMART and I2P hosts databases"
-
-update-smart-drivedb || echo "update-smart-drivedb failed (ignoring)"
-
-# zzz @ #i2p-dev: hosts.txt in the source tree is the same or newer
-if ${noroot} curl -k -sSfg --compressed ${i2phostsurl} > ${i2phosts}.new; then
-    mv ${i2phosts}{.new,}
-else
-    echo "I2P hosts.txt update failed (ignoring)"
-    rm -f ${i2phosts}.new
-fi
-
-
-sinfo "Verifying SMART and I2P hosts databases"
-${noroot} ${helpdir}/vfy-databases
-
-
-# Skip update of a recent netDb
-sinfo "Creating initial netDb for I2P"
-
-if [ "`find ${netdbdst} -maxdepth 0 -mtime -1 2>/dev/null`" = ${netdbdst} ]; then
-    echo "I2P netDb was updated less than 24h ago, skipping"
-elif ! ${noroot} ${helpdir}/gen-netdb; then
-    if [ -e ${netdbdst} ]; then
-        echo "I2P netDb update failed (ignoring)"
-    else
-        echo "Could not retrieve I2P netDb list"
-        exit 1
-    fi
-else
-    chown -R i2p:i2p ${netdbdir}
-    chmod -R go=     ${netdbdir}
-    rm -rf         ${netdbdst}
-    mv ${netdbdir} ${netdbdst}
-fi
-
-
 sinfo "Verifying HTP servers"
 ${noroot} ${helpdir}/vfy-htp-servers
 
@@ -473,11 +431,6 @@ useradd -c nscd    -d /dev/null -s /sbin/nologin -r nscd || [ $? = 9 ]
 useradd -c htpdate -d /dev/null -s /sbin/nologin -r htp  || [ $? = 9 ]
 useradd -c slay    -d /dev/null -s /sbin/nologin -r slay || [ $? = 9 ]
 
-for uid in i2p; do
-    touch               /tmp/${uid}-ref
-    chown ${uid}:${uid} /tmp/${uid}-ref
-done
-
 
 sinfo "Initializing a secondary PGP keyring"
 sudo -n -u anon gpg -q --homedir /home/anon/persist/security/pgp --no-default-keyring \

src/root/setup-copy

@@ -107,9 +107,6 @@ rm -f /var/cache/edb/vdb_*.pickle
 # [gettext] coreutils, powertop, cdrtools: not needed (#398983, #398977, #410501)
 echo sys-devel/gettext-0.18.1.1 >> /etc/portage/profile/package.provided
 
-# java-config wrappers are superfluous for minimal VMs (and require Python)
-echo dev-java/java-config-2.1.11 >> /etc/portage/profile/package.provided
-
 
 # This recompiles packages with TEMP flags in package.use
 sinfo "Recompiling build-dependent packages"
@@ -182,11 +179,6 @@ if [ -e /usr/bin/gettext ]; then
     false
 fi
 
-if [ -e /usr/bin/run-java-tool  -o  -e /usr/bin/java-config ]; then
-    sinfo "Failed to discard Java dependencies"
-    false
-fi
-
 
 sinfo "Fixing Ambiance/Radiance themes"
 sed -ri '/\<(text|icon)-shadow:/ s/([0-9])px\>/\1/g' /usr/share/themes/{Radiance,Ambiance}*/gtk-3.0/{,apps/}*.css
@@ -294,18 +286,10 @@ gunzip `find /usr/share/consolefonts -name '*.gz'` \
 
 gunzip /usr/share/gedit-2/plugins/taglist/*.gz
 
-rezip  /usr/gnu-classpath-[0-9]*/share/classpath/glibj.zip
-rezip  /usr/lib/jamvm/classes.zip
-
 rezip  /usr/share/zlibrary/hyphenationPatterns.zip
 rezip  /usr/share/zlibrary/languagePatterns.zip
 regzip /usr/share/zlibrary/unicode.xml.gz
 
-rezip /usr/share/java-service-wrapper/lib/wrapper.jar
-for jar in /opt/i2p/lib/*.jar /opt/i2p/webapps/*.war; do
-    rezip ${jar}
-done
-
 
 sinfo "Creating specialized Xorg driver directories"
 mkdir /usr/lib/xorg/modules/drivers.{native,vesa,fbdev,modesetting}
@@ -332,9 +316,8 @@ ln -s ../tmp /var/tmp
 sed -i 's/\<tmpfs\>/disabled/' /etc/init.d/devfs
 
 
-sinfo "Setting sh (dash) and java (jamvm) symlinks"
-ln -sf dash                          /bin/sh
-ln -s  ../local/libexec/java.wrapper /usr/bin/java
+sinfo "Setting sh (dash) symlink"
+ln -sf dash /bin/sh
 
 
 sinfo "Setting cables-related and /root permissions"

src/usr/local/libexec/java.wrapper

@@ -1,3 +0,0 @@
-#!/bin/sh -e
-
-exec /usr/bin/jamvm -Xnoinlining "$@"

src/usr/local/portage/net-mail/cables/Manifest

@@ -1,3 +1,3 @@
-DIST cables-3.2.4.tar.gz 36717 SHA256 36f621e416792136c717c6529e6c3e02629081dcab084a7c00cd0489eed34818 SHA512 6e506f70f614cf3f5961037b0dbd8a57600ba9d013b4ec9e467efa90cd0664abc8f2fc2faefa6234e046a20bfcdb70049fd8580848ed07b578e274b4a618d5d6 WHIRLPOOL de3cb82d84d08d15ea3e1869883998f86a2f81d80c03b6c6b4700da310ebddac09b292044879d2d1cd0fbeefc1b311f9088d724df56bf192bc98a0fd55d288a1
+DIST cables-3.2.5.tar.gz 36861 SHA256 25d1e6fb12949f71f683e517430ad991b413d790eb3aefe8d0c7121f82bc9398 SHA512 c0993df70265bca51b4b4c455eb05514dc9ee5ccb8b001a351bc20aad87ae2b036279237999f906d7e62b49100ea6e4d768a38c2b606b03e1401c1362f75fc43 WHIRLPOOL 7a002dd06b357e7931537f2d6fabc9b1914000aaa6418c7b622a3d9a977091ab73602fe48170dfcfe6d4606306e066329befa58da31b5b1ae768955355d2395f
 DIST i2pupdate_0.8.8.zip 5041856 SHA256 5c454ca3e63f436df4abbd394e6aa66da280b57179453eb5f90dff33325d9259 SHA512 c439140458a6dba1ddb2be98e1c94d60b66eb60ceb67de1366d4f85f3f9e7af649ca4b7053150616520e67c4b4cb1bd941984405dff4c8173de6ded99f97b651 WHIRLPOOL 2878618331fb0291125de74af36dfa766944d7d29e404242ac0cae948629cf3fd17c7eb9f93736feef9c14e0eb99090cd4f1a2dcd5033db56cd6e2e61be6d42d
-EBUILD cables-3.2.4.ebuild 2420 SHA256 7197ef479642248f0f941b596ce4e2af44ac5143527e36de137c5ba3a3d847db SHA512 cfd6f58dd1c627e3a830174434f9727711a3efe37d7c608f63a93d8041374cf6254187b51ecc8a3c67dbc79250f0012d64494edfea96ac901b28f6748a222ef5 WHIRLPOOL 5cb420bfc74b2c7412fe8c07b351fcfa9db69bbfa8e2cb6543b9d306da4b6c4510fbfe2114a2acae243007c742c6bce651246f3ddd40bd709ee004e3bcb3e6c3
+EBUILD cables-3.2.5.ebuild 2645 SHA256 3b0fa20706eb5f216cc6333d046fffded279cf63a5e968b1561942015ea21572 SHA512 5c333c99dbc0c4e660a8bf0fda3cff739f79ff62134df34c19a1d9e0608999cf4d13fdec1c1ab460a22fe047679915fa27123e7317c26fcfe84a1295f3c37f93 WHIRLPOOL 7fd91ae4d90b4bae6a92a710f6d69f1d762468520dc8b3ee19303efb13f9253b8766f6dfdc65a6b3f6468591f4781eca2268d92f876d4a206bbad29e35f35317

src/usr/local/portage/net-mail/cables/cables-3.2.4.ebuild → src/usr/local/portage/net-mail/cables/cables-3.2.5.ebuild

@@ -18,20 +18,22 @@ I2P_MY_P=i2pupdate_${I2P_PV}
 
 # GitHub URI can refer to a tagged download or the master branch
 SRC_URI="https://github.com/mkdesu/cables/tarball/v${PV} -> ${P}.tar.gz
-         http://mirror.i2p2.de/${I2P_MY_P}.zip
-         http://launchpad.net/i2p/trunk/${I2P_PV}/+download/${I2P_MY_P}.zip"
+         i2p? (
+             http://mirror.i2p2.de/${I2P_MY_P}.zip
+             http://launchpad.net/i2p/trunk/${I2P_PV}/+download/${I2P_MY_P}.zip
+         )"
 
 SLOT="0"
 KEYWORDS="x86 amd64"
+IUSE="i2p"
 
-IUSE=""
 DEPEND="app-arch/unzip
-	>=virtual/jdk-1.5"
+	i2p? ( >=virtual/jdk-1.5 )"
 RDEPEND="net-libs/libmicrohttpd
 	mail-filter/procmail
 	net-misc/curl
 	dev-libs/openssl
-	>=virtual/jre-1.5
+	i2p? ( >=virtual/jre-1.5 )
 	gnome-extra/zenity"
 
 pkg_setup() {
@@ -41,9 +43,19 @@ pkg_setup() {
 
 src_unpack() {
 	unpack ${P}.tar.gz
-	mv ${MY_P_PF}-* ${P}              || die "failed to recognize archive top directory"
+	mv ${MY_P_PF}-* ${P} || die "failed to recognize archive top directory"
 
-	unzip -j -d ${P}/lib ${DISTDIR}/${I2P_MY_P}.zip lib/i2p.jar || die "failed to extract i2p.jar"
+	if use i2p; then
+		unzip -j -d ${P}/lib ${DISTDIR}/${I2P_MY_P}.zip lib/i2p.jar || die "failed to extract i2p.jar"
+	fi
+}
+
+src_prepare() {
+	if ! use i2p; then
+		export MAKEOPTS+=" NOI2P=1"
+	fi
+
+	default
 }
 
 src_install() {
@@ -60,16 +72,21 @@ pkg_postinst() {
 	elog "    gen-cable-username"
 	elog "    gen-tor-hostname"
 	elog "        copy CABLE_TOR/hidden_service to /var/lib/tor (readable only by 'tor')"
-	elog "    gen-i2p-hostname"
-	elog "        copy CABLE_I2P/eepsite        to /var/lib/i2p (readable only by 'i2p')"
-	elog "Configure Tor and I2P to forward HTTP connections to cables daemon:"
+	if use i2p; then
+		elog "    gen-i2p-hostname"
+		elog "        copy CABLE_I2P/eepsite        to /var/lib/i2p (readable only by 'i2p')"
+	fi
+	elog "Configure Tor to forward HTTP connections to cables daemon:"
 	elog "    /etc/tor/torrc"
 	elog "        HiddenServiceDir  /var/lib/tor/hidden_service/"
 	elog "        HiddenServicePort 80 127.0.0.1:9080"
-	elog "    /var/lib/i2p/i2ptunnel.config"
-	elog "        tunnel.X.privKeyFile=eepsite/eepPriv.dat"
-	elog "        tunnel.X.targetHost=127.0.0.1"
-	elog "        tunnel.X.targetPort=9080"
+	if use i2p; then
+		elog "Configure I2P similarly:"
+		elog "    /var/lib/i2p/i2ptunnel.config"
+		elog "        tunnel.X.privKeyFile=eepsite/eepPriv.dat"
+		elog "        tunnel.X.targetHost=127.0.0.1"
+		elog "        tunnel.X.targetPort=9080"
+	fi
 	elog "Finally, the user should configure the email client to run cable-send"
 	elog "as a pipe for sending messages from addresses shown by cable-info."
 	elog "See comments in /usr/bin/cable-send for suggested /etc/sudoers entry."

src/usr/local/portage/net-p2p/i2p/Manifest

@@ -1,4 +0,0 @@
-AUX i2p 451 SHA256 226dea22847e1be0a413669279080873c58ff0e071b1d1f6169db0d9a492eb78 SHA512 fe5410ea2889f218888f28c833d1fa0ed096381077b3eb996ff07c25bd0c21a49335cca1204964a3e480602726d0cab729dd751721e0f713e848490db30002d0 WHIRLPOOL e369967e932db3383defce29fa4e20172a50f1504b21cf8769fbf2d538b44b12d96c1d03912fdf88d43e877617be12c0fadcd803796db647c1b71c278e538adf
-DIST i2psource_0.9.tar.bz2 21750559 SHA256 8a3654a13781a9aacf9db94081e057be73322f88db2931eba4f2cfa467ead429 SHA512 0559d42aaef2ad0864ddd3f5782320f58ad71a7a61e80224738e6ecc9ac767f06b7655332aa0a0d3404f17f7a52018b644c896a324db0a711686c3fee356accd WHIRLPOOL cb2c9c5d04161c01f52cd537426227c32c4369b0693678260c36b6517e1fe779e1d0a8897200c4c691bbdef0bba10389e173b5c10b764daedbde2b514e29f886
-DIST jetty-6.1.26.zip 25894195 SHA256 96c08eb87ec3772dccc2b3dba54fea85ccc3f804faf7429eecfba3ed55648187 SHA512 53ff50f5c2d8d8118886516b0b356520b8228e78a7ed53943a8e0fc6e63ddeef154c54cede744d35f458d3d20dfaab585ff40fcd8b83fc00902c3561c8e462de WHIRLPOOL 3318e1d834a37231384ea4aca17913312471970681906506e238f5dfc5f3fc000c57e0fd78e12c102d6f512dd977f911bdc9d5f3edc9ea0ff10c5c29c1312337
-EBUILD i2p-0.9.ebuild 2315 SHA256 6a6ea78197bfa334f29c8a682a3a9e84aff4e4e225fdcbd111fd80c831b31d7b SHA512 63f4f78dbdcd852acf52f1edd56378fb6f9b617f1edbd25054887badb885e42f7c97b05bd04cb6d9f5790b52963069e0599b11d808a2876332d014d13867cd8d WHIRLPOOL 61c598efb31ffe6e423ed516cca75661ed1407435994c55dcdcd807fa9721666a39235ddba1f2f96ee729a2a7f8e2d5f731593b31ae53b65370562ab970613aa

src/usr/local/portage/net-p2p/i2p/files/i2p

@@ -1,22 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-description="I2P service"
-
-command=/usr/bin/wrapper
-command_args="/opt/i2p/wrapper.config wrapper.daemonize=FALSE"
-start_stop_daemon_args="-bm -u i2p"
-pidfile=/var/run/i2p.pid
-
-# cf. wrapper.jvm_exit.timeout
-retry=65
-
-depend() {
-    need net
-}
-
-start_pre() {
-    checkpath -q -d -m 750 -o i2p:i2p /var/run/i2p
-}

src/usr/local/portage/net-p2p/i2p/i2p-0.9.ebuild

@@ -1,86 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-# Based on the ebuild from zugaina overlay:
-# http://gpo.zugaina.org/net-p2p/i2p
-
-EAPI="4"
-
-inherit eutils java-pkg-2 java-ant-2
-
-JETTY_V="6.1.26"
-
-DESCRIPTION="I2P is an anonymous network."
-
-SRC_URI="http://mirror.i2p2.de/${PN}source_${PV}.tar.bz2
-	http://dist.codehaus.org/jetty/jetty-${JETTY_V}/jetty-${JETTY_V}.zip"
-HOMEPAGE="http://www.i2p2.de/"
-
-SLOT="0"
-KEYWORDS="x86 amd64"
-LICENSE="GPL-2"
-IUSE=""
-DEPEND=">=virtual/jdk-1.5
-	sys-devel/gettext"
-RDEPEND=">=virtual/jre-1.5
-	dev-java/java-service-wrapper"
-
-pkg_setup() {
-	enewgroup i2p
-	enewuser  i2p -1 -1 /var/lib/i2p i2p
-	rmdir /var/lib/i2p 2>/dev/null || :
-}
-
-src_unpack() {
-	unpack "i2psource_${PV}.tar.bz2"
-	cp "${DISTDIR}/jetty-${JETTY_V}.zip" -P "${S}/apps/jetty" || die
-}
-
-src_compile() {
-	eant pkg
-}
-
-src_install() {
-	cd pkg-temp
-
-	sed -i 's:[%$]INSTALL_PATH:/opt/i2p:g'              eepget i2prouter runplain.sh *.config
-	sed -i 's:[%$]SYSTEM_java_io_tmpdir:/tmp:g'         runplain.sh
-	sed -i 's:^\(WRAPPER_CMD=\).*:\1/usr/bin/wrapper:'  i2prouter
-
-	sed -i 's:^#\?PIDDIR=.*:PIDDIR="/var/run/":g'       i2prouter
-	sed -i 's:[%$]SYSTEM_java_io_tmpdir:/var/run/i2p:g' i2prouter *.config
-
-# 	Install to package root
-	exeinto /opt/i2p
-	insinto /opt/i2p
-
-# 	Install files
-	doins ${S}/apps/i2psnark/jetty-i2psnark.xml ${S}/pkg-temp/blocklist.txt ${S}/apps/i2psnark/launch-i2psnark ${S}/pkg-temp/hosts.txt *.config
-	doexe eepget i2prouter ${S}/apps/i2psnark/launch-i2psnark runplain.sh
-	dodoc history.txt LICENSE.txt INSTALL-headless.txt
-	doman man/*
-
-# 	Install dirs
-	doins -r docs geoip eepsite scripts certificates webapps
-	dodoc -r licenses
-
-# 	Install files to package lib
-	insinto /opt/i2p/lib
-	exeinto /opt/i2p/lib
-	find lib/ -maxdepth 1 -type f ! -name '*.dll' ! -name wrapper.jar ! -name jbigi.jar -print0 | xargs -0 doins || die
-
-	dosym "${D}"/opt/i2p/i2prouter /usr/bin/i2prouter
-	dosym "${D}"/opt/i2p/eepget    /usr/bin/eepget
-
-	doinitd "${FILESDIR}"/i2p
-
-	keepdir         /var/lib/i2p /var/log/i2p
-	fperms  750     /var/lib/i2p /var/log/i2p
-	fowners i2p:i2p /var/lib/i2p /var/log/i2p
-}
-
-pkg_postinst() {
-	einfo "Configure the router now : http://localhost:7657/index.jsp"
-	einfo "Use /etc/init.d/i2p start to start I2P"
-}

src/usr/local/sbin/bug-report

@@ -99,12 +99,6 @@ cp /var/log/Xorg.0.log.old             15-xorg-prev.log
 cp /tmp/.private/anon/xsession.log     16-xsession.log
 cp /tmp/.private/anon/xsession.log.old 16-xsession-prev.log
 
-echo I2P logs ...
-cp /var/log/i2p/wrapper.log            17-i2p-wrapper.log
-cp /var/log/i2p/wrapper.log.1          17-i2p-wrapper-prev.log
-cp /var/log/i2p/router-0.log           17-i2p-router.log
-cp /var/log/i2p/router-1.log           17-i2p-router-next.log
-
 
 # Make errors fatal again
 set -e

src/usr/local/sbin/fw-reload

@@ -14,9 +14,6 @@ vpnuports=openvpn,1149,isakmp,ipsec-nat-t,10000
 # Ports used by HotSpot registration pages [uid=nofw]
 hotspot=http,https,webcache,tproxy,3128,3660,8088,11523,58080,1024:65535
 
-# Ports used by I2P outbound connections (via Tor; don't assume the default random ports) [uid=i2p]
-i2ptports=https,8887,9000:31000,1024:65535
-
 # LED blinking delay
 leddelay=500
 
@@ -39,18 +36,10 @@ iptables -P INPUT   DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT  DROP
 
-iptables -t nat -P PREROUTING  ACCEPT
-iptables -t nat -P INPUT       ACCEPT
-iptables -t nat -P OUTPUT      ACCEPT
-iptables -t nat -P POSTROUTING ACCEPT
-
 # Flush all rules
 iptables -F
 iptables -X
 
-iptables -t nat -F
-iptables -t nat -X
-
 # Define custom chains
 iptables -N LOGDROP
 iptables -N LOGREJECT
@@ -98,9 +87,8 @@ iptables -A OUTPUT -p icmp --icmp-type echo-reply   -m state --state ESTABLISHED
 # iptables -A OUTPUT -o lo -p udp -m owner --uid-owner ntp  -d 127.0.0.1 --dport ntp -j ACCEPT
 # iptables -A OUTPUT -o lo -p udp                           -d 127.0.0.1 --dport ntp -j LOGREJECT
 
-# Hidden service server access only for Tor and I2P
+# Hidden service server access only for Tor
 iptables -A OUTPUT -o lo -p tcp -m owner --uid-owner tor      --syn -d 127.0.0.1 --dport 9080 -j ACCEPT
-iptables -A OUTPUT -o lo -p tcp -m owner --uid-owner i2p      --syn -d 127.0.0.1 --dport 9080 -j ACCEPT
 iptables -A OUTPUT       -p tcp                               --syn -d 127.0.0.1 --dport 9080 -j LOGREJECT
 
 # Privoxy access only for main user, HTP and cables daemon
@@ -118,17 +106,6 @@ iptables -A OUTPUT       -p tcp                               --syn -d 127.0.0.1
 iptables -A OUTPUT -o lo -p tcp -m owner --uid-owner tor      --syn -d 127.0.0.1 --dport 9051 -j ACCEPT
 iptables -A OUTPUT       -p tcp                               --syn -d 127.0.0.1 --dport 9051 -j LOGREJECT
 
-# Tor access via transparent proxy only for I2P (redirected from an external interface)
-iptables -A OUTPUT ! -o lo -p tcp -m owner --uid-owner i2p    --syn -d 127.0.0.1 --dport 9040 -j ACCEPT
-iptables -A OUTPUT         -p tcp                             --syn -d 127.0.0.1 --dport 9040 -j LOGREJECT
-
-# I2P ports access only for main user, Privoxy and I2P (selective)
-# http://www.i2p2.de/faq.html#ports (routerconsole=7657 is disabled in I2P config)
-iptables -A OUTPUT -o lo -p tcp -m owner --uid-owner ${luser} --syn -d 127.0.0.1 -m multiport --dports 7657,4444,4445,6668,7659,7660            -j ACCEPT
-iptables -A OUTPUT -o lo -p tcp -m owner --uid-owner privoxy  --syn -d 127.0.0.1 -m multiport --dports 7657,4444,4445                           -j ACCEPT
-iptables -A OUTPUT -o lo -p tcp -m owner --uid-owner i2p      --syn -d 127.0.0.1 -m multiport --dports 7654,4444,32000                          -j ACCEPT
-iptables -A OUTPUT       -p tcp                               --syn -d 127.0.0.1 -m multiport --dports 7657,4444,4445,6668,7659,7660,7654,32000 -j LOGREJECT
-
 # Pass other loopback packets through
 iptables -A INPUT  -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT
@@ -166,10 +143,6 @@ if [ ${luser} = ${nofw} ]; then
     iptables -A OUTPUT -p tcp -m owner --uid-owner privoxy --syn -m multiport --dports ${hotspot}   -j ACCEPT
 fi
 
-# I2P user communication via Tor's transparent proxy
-# https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
-iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner i2p --syn -m multiport --dports ${i2ptports} -j REDIRECT --to-ports 9040
-
 # Log all other packets
 iptables -A INPUT   -j LOGDROP
 iptables -A FORWARD -j LOGDROP

src/usr/local/sbin/test-liberte

@@ -34,8 +34,8 @@ if [ `id -u` != 0  -o  `id -g` != 0 ]; then
     exit 1
 fi
 
-if ! /etc/init.d/tor -q status || ! /etc/init.d/i2p -q status || ! /etc/init.d/cabled -q status; then
-    echo "Tor, I2P and cables daemons must be running"
+if ! /etc/init.d/tor -q status || ! /etc/init.d/cabled -q status; then
+    echo "Tor and cables daemons must be running"
     exit 1
 fi
 
@@ -44,11 +44,9 @@ webhost=torproject.org
 webip=38.229.72.16
 
 onionhost=3g2upl4pq6kufc4m.onion
-i2phost=www.i2p2.i2p/
 
 ccuser=`cat /home/anon/persist/security/cable/certs/username`
 cctor=`cat /home/anon/persist/security/tor/hidden_service/hostname`
-cci2p=`cat /home/anon/persist/security/i2p/eepsite/hostname`
 
 
 # Check that wireless MAC addresses were changed
@@ -64,20 +62,17 @@ done
 # Clearnet access via HTTP/SOCKS/direct
 stest fail "Fetch .org via HTTP proxy as root"                     curl -fsSI -x 127.0.0.1:8118                ${webhost}
 stest fail "Fetch .org via HTTP proxy as nofw"     sudo -n -u nofw curl -fsSI -x 127.0.0.1:8118                ${webhost}
-stest fail "Fetch .org via HTTP proxy as i2p"      sudo -n -u i2p  curl -fsSI -x 127.0.0.1:8118                ${webhost}
 stest pass "Fetch .org via HTTP proxy as anon"     sudo -n -u anon curl -fsSI -x 127.0.0.1:8118                ${webhost}
 stest pass "Fetch .org via HTTP proxy as cable"    sudo -n -u cable curl -fsSI -x 127.0.0.1:8118               ${webhost}
 stest pass "Fetch .org via HTTP proxy as htp"      sudo -n -u htp  curl -fsSI -x 127.0.0.1:8118                ${webhost}
 stest fail "Fetch .org via SOCKS proxy as root"                    curl -fsSI --socks5-hostname 127.0.0.1:9050 ${webhost}
 stest fail "Fetch .org via SOCKS proxy as nofw"    sudo -n -u nofw curl -fsSI --socks5-hostname 127.0.0.1:9050 ${webhost}
-stest fail "Fetch .org via SOCKS proxy as i2p"     sudo -n -u i2p  curl -fsSI --socks5-hostname 127.0.0.1:9050 ${webhost}
 stest fail "Fetch .org via SOCKS proxy as cable"   sudo -n -u cable curl -fsSI --socks5-hostname 127.0.0.1:9050 ${webhost}
 stest fail "Fetch .org via SOCKS proxy as htp"     sudo -n -u htp  curl -fsSI --socks5-hostname 127.0.0.1:9050 ${webhost}
 stest pass "Fetch .org via SOCKS proxy as anon"    sudo -n -u anon curl -fsSI --socks5-hostname 127.0.0.1:9050 ${webhost}
 stest pass "Fetch .org via SOCKS proxy as privoxy" sudo -n -u privoxy curl -fsSI --socks5-hostname 127.0.0.1:9050 ${webhost}
 stest fail "Fetch .org via SOCKS proxy w/ local DNS as root"                 curl -fsSI --socks5 127.0.0.1:9050 ${webhost}
 stest fail "Fetch .org via SOCKS proxy w/ local DNS as nofw" sudo -n -u nofw curl -fsSI --socks5 127.0.0.1:9050 ${webhost}
-stest fail "Fetch .org via SOCKS proxy w/ local DNS as i2p"  sudo -n -u i2p  curl -fsSI --socks5 127.0.0.1:9050 ${webhost}
 stest fail "Fetch .org via SOCKS proxy w/ local DNS as anon" sudo -n -u anon curl -fsSI --socks5 127.0.0.1:9050 ${webhost}
 stest fail "Fetch .org via SOCKS proxy w/ local DNS as privoxy" sudo -n -u privoxy curl -fsSI --socks5 127.0.0.1:9050 ${webhost}
 
@@ -90,11 +85,6 @@ stest fail "Fetch .org w/o proxy as tor"           sudo -n -u tor  curl -fsSI -x
 # Darknet access via HTTP/SOCKS
 stest pass "Fetch .onion via HTTP  proxy as anon"  sudo -n -u anon curl -fsSI -x 127.0.0.1:8118                ${onionhost}
 stest pass "Fetch .onion via SOCKS proxy as anon"  sudo -n -u anon curl -fsSI --socks5-hostname 127.0.0.1:9050 ${onionhost}
-stest pass "Fetch .i2p   via HTTP  proxy as anon"  sudo -n -u anon curl -fsSI -x 127.0.0.1:8118                ${i2phost}
-
-stest fail "Fetch .i2p   via I2P   proxy as root"                  curl -fsSI -x 127.0.0.1:4444                ${i2phost}
-stest pass "Fetch .i2p   via I2P   proxy as anon"  sudo -n -u anon curl -fsSI -x 127.0.0.1:4444                ${i2phost}
-stest pass "Fetch .i2p   via I2P   proxy as privoxy" sudo -n -u privoxy curl -fsSI -x 127.0.0.1:4444           ${i2phost}
 
 # Clearnet IP access via HTTP/SOCKS/direct
 stest pass "Fetch IP via HTTP proxy as anon"       sudo -n -u anon curl -fsSI -x 127.0.0.1:8118                ${webip}
@@ -106,12 +96,6 @@ stest fail "Fetch IP w/o proxy as privoxy"         sudo -n -u privoxy curl -fsSI
 stest pass "Fetch IP w/o proxy as tor"             sudo -n -u tor  curl -fsSI -x ""                            ${webip}
 stest pass "Fetch IP w/o proxy as nofw"            sudo -n -u nofw curl -fsSI -x ""                            ${webip}
 
-# Transparent proxy access
-stest fail "Fetch .org w/o proxy as i2p"           sudo -n -u i2p  curl -fsSI -x ""                            ${webhost}
-stest fail "Fetch https:.org w/o proxy as i2p"     sudo -n -u i2p  curl -fsSI -x "" -k                         https://${webhost}
-stest fail "Fetch IP w/o proxy as i2p"             sudo -n -u i2p  curl -fsSI -x ""                            ${webip}
-stest pass "Fetch https:IP w/o proxy as i2p"       sudo -n -u i2p  curl -fsSI -x "" -k                         https://${webip}
-
 
 # Tor control port access
 stest fail "Access Tor control port as root"                       nc -q 0 127.0.0.1 9051
@@ -120,50 +104,34 @@ stest pass "Access Tor control port as tor"        sudo -n -u tor  nc -q 0 127.0
 stest pass "Invoke tor-ctrl"                       sudo -n -u tor  tor-ctrl status
 
 
-# I2P hidden IP
-i2pishidden() {
-    local i2pjar=/opt/i2p/lib/i2p.jar
-    local rinfoclass=net.i2p.data.RouterInfo
-    local rinfo=/var/lib/i2p/router/router.info
-
-    sudo -n -u i2p java -Xmx16M -cp ${i2pjar} ${rinfoclass} ${rinfo} | grep -q "^[[:blank:]]*Addresses: #: 0$"
-}
-
-stest pass "Zero addresses in I2P RouterInfo"      i2pishidden
-
-
 # Cables communication service server access
 stest fail "Fetch CC service as root"                              curl -fsSI -x "" 127.0.0.1:9080/${ccuser}/request/ver
 stest fail "Fetch CC service as anon"              sudo -n -u anon curl -fsSI -x "" 127.0.0.1:9080/${ccuser}/request/ver
 stest fail "Fetch CC service as nofw"              sudo -n -u anon curl -fsSI -x "" 127.0.0.1:9080/${ccuser}/request/ver
 stest pass "Fetch CC service as tor"               sudo -n -u tor  curl -fsSI -x "" 127.0.0.1:9080/${ccuser}/request/ver
-stest pass "Fetch CC service as i2p"               sudo -n -u i2p  curl -fsSI -x "" 127.0.0.1:9080/${ccuser}/request/ver
 
 # Cables communication ping
 stest pass "CC-ping @tor as anon"                  sudo -n -u anon cable-ping ${ccuser}@${cctor}
-stest pass "CC-ping @i2p as anon"                  sudo -n -u anon cable-ping ${ccuser}@${cci2p}
 
 # Cables communication mail sending
 ccsend() {
     local desc="$1"
     local from="$2"
     local to1="$3"
-    local to2="$4"
 
     cable-send <<EOF
 From: Anon Anon <${from}>
-To: Anon Anon <${to1}>, Anon Anon <${to2}>
+To: Anon Anon <${to1}>
 Subject: Test (${desc})
 
 Test
 EOF
 }
 
-stest pass "Send cable to self (Tor -> Tor, I2P)" ccsend "Tor -> Tor, I2P" ${ccuser}@${cctor} ${ccuser}@${cctor} ${ccuser}@${cci2p}
-stest pass "Send cable to self (I2P -> Tor, I2P)" ccsend "I2P -> Tor, I2P" ${ccuser}@${cci2p} ${ccuser}@${cctor} ${ccuser}@${cci2p}
-stest fail "Bogus cable host"                     ccsend "Bogus"           ${ccuser}@bogus    ${ccuser}@${cctor}
-stest fail "Bogus cable username"                 ccsend "Bogus"           ${ccuser}@${cctor} bogus@${cctor}
-echo "NOTE: 8 messages should be delivered to user mailbox"
+stest pass "Send cable to self (Tor -> Tor)" ccsend "Tor -> Tor" ${ccuser}@${cctor} ${ccuser}@${cctor}
+stest fail "Bogus cable host"                ccsend "Bogus"      ${ccuser}@bogus    ${ccuser}@${cctor}
+stest fail "Bogus cable username"            ccsend "Bogus"      ${ccuser}@${cctor} bogus@${cctor}
+echo "NOTE: 2 messages should be delivered to user mailbox"
 
 
 # Done

src/usr/local/sbin/tordate

@@ -18,15 +18,12 @@ consensus=${tordir}/cached-consensus
 uvconsensus=${tordir}/unverified-consensus
 descriptors=${tordir}/cached-descriptors
 
-htpdir=/var/run/htpdate
-htpflag=${htpdir}/timeset.flag
-
 tag=tordate
 datere='[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]'
 
 
-# ${tordir} and ${htpdir} must exist for inotifywaits below
-while [ ! -e ${tordir} -o ! -e ${htpdir} ]; do
+# ${tordir} must exist for inotifywaits below
+while [ ! -e ${tordir} ]; do
     sleep ${dirwait}
 done
 
@@ -94,23 +91,3 @@ ${vendcons}"
     fi
 
 fi
-
-
-# At the cost of a miniscule race condition probability, do not restart I2P
-# when tordate service is run again for some reason.
-if [ -e ${htpflag} ]; then
-    logger -p 6 -t ${tag} "HTP has already set the time"
-else
-
-    # Wait for the HTP flag file, which indicates that correct time has been set
-    while [ ! -e ${htpflag} ]; do
-        inotifywait -qq -t ${inotifytimeout} -e create ${htpdir} || :
-    done
-
-    # I2P is unreliable with correcting internal clock after time change
-    if /etc/init.d/i2p -q status; then
-        logger -p 6 -t ${tag} "Restarting I2P service"
-        /etc/init.d/i2p -qs restart
-    fi
-
-fi

src/var/lib/i2p/router/blocklist.txt

@@ -1 +0,0 @@
-/opt/i2p/blocklist.txt

src/var/lib/i2p/router/clients.config

@@ -1,16 +0,0 @@
-# NOTE: This I2P config file must use UTF-8 encoding
-
-# poke the i2ptunnels defined in i2ptunnel.config
-clientApp.0.main=net.i2p.i2ptunnel.TunnelControllerGroup
-clientApp.0.name=Application tunnels
-clientApp.0.args=i2ptunnel.config
-clientApp.0.startOnLoad=true
-
-# fire up the web console
-## non-SSL and SSL, both IPv6 and IPv4 local interfaces
-## clientApp.0.args=7657 ::1,127.0.0.1 -s 7667 ::1,127.0.0.1 ./webapps/
-# clientApp.1.args=7657 127.0.0.1 ./webapps/
-# clientApp.1.main=net.i2p.router.web.RouterConsoleRunner
-# clientApp.1.name=I2P Router Console
-# clientApp.1.onBoot=true
-# clientApp.1.startOnLoad=true

src/var/lib/i2p/router/hosts.txt

@@ -1 +0,0 @@
-/opt/i2p/hosts.txt

src/var/lib/i2p/router/i2ptunnel.config

@@ -1,134 +0,0 @@
-# NOTE: This I2P config file must use UTF-8 encoding
-
-# eepproxy
-tunnel.0.name=I2P HTTP Proxy
-tunnel.0.description=HTTP proxy for browsing eepsites and the web
-tunnel.0.type=httpclient
-tunnel.0.sharedClient=true
-tunnel.0.interface=127.0.0.1
-tunnel.0.listenPort=4444
-tunnel.0.proxyList=false.i2p
-tunnel.0.i2cpHost=127.0.0.1
-tunnel.0.i2cpPort=7654
-tunnel.0.option.inbound.nickname=shared clients
-tunnel.0.option.outbound.nickname=shared clients
-tunnel.0.option.i2cp.reduceIdleTime=900000
-tunnel.0.option.i2cp.reduceOnIdle=true
-tunnel.0.option.i2cp.reduceQuantity=1
-tunnel.0.option.i2p.streaming.connectDelay=1000
-tunnel.0.option.inbound.length=3
-tunnel.0.option.inbound.lengthVariance=0
-tunnel.0.option.outbound.length=3
-tunnel.0.option.outbound.lengthVariance=0
-tunnel.0.startOnLoad=true
-
-# irc
-tunnel.1.name=IRC Proxy
-tunnel.1.description=IRC proxy to access anonymous IRC servers
-tunnel.1.type=ircclient
-tunnel.1.sharedClient=false
-tunnel.1.interface=127.0.0.1
-tunnel.1.listenPort=6668
-tunnel.1.targetDestination=irc.postman.i2p,irc.freshcoffee.i2p
-tunnel.1.i2cpHost=127.0.0.1
-tunnel.1.i2cpPort=7654
-tunnel.1.option.inbound.nickname=IRC Proxy
-tunnel.1.option.outbound.nickname=IRC Proxy
-tunnel.1.option.i2cp.closeIdleTime=1200000
-tunnel.1.option.i2cp.closeOnIdle=true
-tunnel.1.option.i2cp.delayOpen=true
-tunnel.1.option.i2cp.newDestOnResume=false
-tunnel.1.option.i2cp.reduceIdleTime=600000
-tunnel.1.option.i2cp.reduceOnIdle=true
-tunnel.1.option.i2cp.reduceQuantity=1
-tunnel.1.option.i2p.streaming.connectDelay=1000
-tunnel.1.option.i2p.streaming.maxWindowSize=16
-tunnel.1.option.inbound.length=3
-tunnel.1.option.inbound.lengthVariance=0
-tunnel.1.option.outbound.length=3
-tunnel.1.option.outbound.lengthVariance=0
-tunnel.1.startOnLoad=true
-
-# local eepserver
-tunnel.2.name=I2P Webserver
-tunnel.2.description=Cables Communication via I2P
-tunnel.2.type=httpserver
-tunnel.2.targetHost=127.0.0.1
-tunnel.2.targetPort=9080
-tunnel.2.spoofedHost=mysite.i2p
-tunnel.2.privKeyFile=eepsite/eepPriv.dat
-tunnel.2.i2cpHost=127.0.0.1
-tunnel.2.i2cpPort=7654
-tunnel.2.option.inbound.nickname=eepsite
-tunnel.2.option.outbound.nickname=eepsite
-tunnel.2.option.inbound.length=3
-tunnel.2.option.inbound.lengthVariance=0
-tunnel.2.option.outbound.length=3
-tunnel.2.option.outbound.lengthVariance=0
-tunnel.2.startOnLoad=true
-
-# postman's SMTP server - see www.postman.i2p
-tunnel.3.name=I2P SMTP Proxy
-tunnel.3.description=SMTP Server
-tunnel.3.i2cpHost=127.0.0.1
-tunnel.3.i2cpPort=7654
-tunnel.3.interface=127.0.0.1
-tunnel.3.listenPort=7659
-tunnel.3.option.inbound.nickname=shared clients
-tunnel.3.option.outbound.nickname=shared clients
-tunnel.3.option.i2cp.reduceIdleTime=900000
-tunnel.3.option.i2cp.reduceOnIdle=true
-tunnel.3.option.i2cp.reduceQuantity=1
-tunnel.3.option.i2p.streaming.connectDelay=1000
-tunnel.3.option.inbound.length=3
-tunnel.3.option.inbound.lengthVariance=0
-tunnel.3.option.outbound.length=3
-tunnel.3.option.outbound.lengthVariance=0
-tunnel.3.startOnLoad=true
-tunnel.3.targetDestination=smtp.postman.i2p
-tunnel.3.type=client
-tunnel.3.sharedClient=true
-
-# postman's POP3 server - see www.postman.i2p
-tunnel.4.name=I2P POP3 Proxy
-tunnel.4.description=POP3 server
-tunnel.4.i2cpHost=127.0.0.1
-tunnel.4.i2cpPort=7654
-tunnel.4.interface=127.0.0.1
-tunnel.4.listenPort=7660
-tunnel.4.option.inbound.nickname=shared clients
-tunnel.4.option.outbound.nickname=shared clients
-tunnel.4.option.i2cp.reduceIdleTime=900000
-tunnel.4.option.i2cp.reduceOnIdle=true
-tunnel.4.option.i2cp.reduceQuantity=1
-tunnel.4.option.i2p.streaming.connectDelay=1000
-tunnel.4.option.inbound.length=3
-tunnel.4.option.inbound.lengthVariance=0
-tunnel.4.option.outbound.length=3
-tunnel.4.option.outbound.lengthVariance=0
-tunnel.4.startOnLoad=true
-tunnel.4.targetDestination=pop.postman.i2p
-tunnel.4.type=client
-tunnel.4.sharedClient=true
-
-# HTTPS (CONNECT) outproxy
-tunnel.5.name=I2P HTTPS Proxy
-tunnel.5.description=HTTPS proxy for browsing eepsites and the web
-tunnel.5.type=connectclient
-tunnel.5.sharedClient=true
-tunnel.5.interface=127.0.0.1
-tunnel.5.listenPort=4445
-tunnel.5.proxyList=outproxyng.h2ik.i2p
-tunnel.5.i2cpHost=127.0.0.1
-tunnel.5.i2cpPort=7654
-tunnel.5.option.inbound.nickname=shared clients
-tunnel.5.option.outbound.nickname=shared clients
-tunnel.5.option.i2cp.reduceIdleTime=900000
-tunnel.5.option.i2cp.reduceOnIdle=true
-tunnel.5.option.i2cp.reduceQuantity=1
-tunnel.5.option.i2p.streaming.connectDelay=1000
-tunnel.5.option.inbound.length=3
-tunnel.5.option.inbound.lengthVariance=0
-tunnel.5.option.outbound.length=3
-tunnel.5.option.outbound.lengthVariance=0
-tunnel.5.startOnLoad=true

src/var/lib/i2p/router/logger.config

@@ -1,10 +0,0 @@
-# NOTE: This I2P config file must use UTF-8 encoding
-
-logger.consoleBufferSize=20
-logger.defaultLevel=ERROR
-logger.displayOnScreen=true
-logger.format=d p [t] c: m
-logger.logFileName=router-@.log
-logger.logFileSize=8k
-logger.logRotationLimit=1
-logger.minimumOnScreenLevel=CRIT

src/var/lib/i2p/router/router.config

@@ -1,56 +0,0 @@
-# NOTE: This I2P config file must use UTF-8 encoding
-# http://echelon.i2p.to/docs/advanced.options.txt
-
-router.dynamicKeys=false
-router.firstInstalled=1314053515816
-router.firstVersion=0.8.7
-router.previousVersion=0.9
-
-# Disable external NTP queries and GeoIP
-time.disabled=true
-time.sntpServerList=127.0.0.1
-routerconsole.geoip.enable=false
-
-# External clients support via I2CP is apparently necessary
-i2cp.SSL=false
-i2cp.auth=false
-i2cp.disableInterface=false
-i2cp.hostname=127.0.0.1
-i2cp.port=7654
-i2cp.tcp.bindAllInterfaces=false
-
-# Use TCP exclusively
-i2np.laptopMode=false
-i2np.ntcp.enable=true
-i2np.ntcp.autoip=false
-i2np.ntcp.maxConnections=20
-i2np.udp.enable=false
-i2np.udp.addressSources=hidden
-# i2np.udp.internalPort=99999
-# i2np.udp.port=99999
-# i2np.udp.maxConnections=20
-
-# Don't open external ports and/or share traffic
-# Hidden mode is crucial when proxying via Tor, otherwise NIC IP will be in router.info sent to peers
-router.isHidden=true
-router.sharePercentage=0
-i2np.upnp.enable=false
-
-# Reseed via Tor
-router.reseedProxyEnable=true
-router.reseedProxyHost=127.0.0.1
-router.reseedProxyPort=8118
-router.reseedSSLDisable=true
-router.reseedSSLRequired=false
-
-# Reseeding is enabled if known routers drops below net.i2p.router.networkdb.reseed.ReseedChecker.MINIMUM,
-# unless noreseed.i2p exists in config dir (which is presently the case).
-i2p.reseedURL=https://netdb.i2p2.de/,https://euve5653.vserver.de/netDb/,https://cowpuncher.drollette.com/netdb/
-
-# "Updates will be dispatched via your package manager"
-router.updateLastInstalled=1314053515816
-router.updateProxyHost=127.0.0.1
-router.updateProxyPort=4444
-router.updateThroughProxy=true
-router.updateUnsigned=false
-plugins.autoUpdate=false

src/var/lib/portage/world

@@ -93,8 +93,6 @@ app-crypt/gnupg-pkcs11-scd
 app-crypt/ccid
 app-crypt/tpm-tools
 sys-apps/haveged
-virtual/jre:1.5
-dev-java/jamvm
 dev-libs/libelf
 
 # Network utilities
@@ -118,7 +116,6 @@ net-misc/tor
 net-misc/connect
 net-misc/proxychains
 net-misc/whois
-net-p2p/i2p
 net-proxy/torsocks
 net-proxy/privoxy
 net-mail/cables