Modify Dockerfile to enhance i2pd build settings

[f7124has]

Updated build configuration for i2pd with hardening options and optimizations.

[f7124has]

I'm already using these options in my project https://github.com/f7124has/i2pd-multipath-outproxy/blob/main/client/i2pd/Dockerfile#L40

[diva-exchange]

Thanks a lot!

Important: could you please add (for documentation and future reference) a very short rationale to each option you added?

Example:

Setting WITH_HARDENING=ON during the i2pd build process on Unix-like systems enables security hardening features for GCC and Clang compilers. This flag activates compiler-level protections such as stack smashing and format string protection, and its default setting is OFF.

[f7124has]

DCMAKE_CXX_FLAGS="-Wl,-z,reiro -Wl,-z,now -D_FORTIFY_SOURCE=2 -Ofast -march=native -fstack-protector-strong -fstrict-flex-arrays" flags for build optimized for current arch build with compiler optimizations: -Ofast -march=native -Wl,-z,reiro -Wl,-z,now. Other flags for extra memory protection (force stack canary).

By default cmake file builds a debug version, so for build release i've add DEBUG=no and -DCMAKE_BUILD_TYPE=Release

[f7124has]

Did you really test you current build, on 2.58.0? Its sometimes just drop transit tunnels, at least on my VPS linux server, its because you use debug build by default.

[diva-exchange]

Did you really test you current build, on 2.58.0? Its sometimes just drop transit tunnels, at least on my VPS linux server, its because you use debug build by default.

I2Pd Testing: there exists the i2pd testnet here, https://github.com/h-phil/i2pd-testnet-kubernetes . It is, AFAIK, the only useable testnet available (others are stubs or not yet properly/openly documented). This testnet gets currently used together with the 2.59.0 version. Last week this diva docker repo was updated to 2.59.0.

IMO testing I2Pd has still a lot of potential to be improved. How do you test?

[diva-exchange]

DCMAKE_CXX_FLAGS="-Wl,-z,reiro -Wl,-z,now -D_FORTIFY_SOURCE=2 -Ofast -march=native -fstack-protector-strong -fstrict-flex-arrays" flags for build optimized for current arch build with compiler optimizations: -Ofast -march=native -Wl,-z,reiro -Wl,-z,now. Other flags for extra memory protection (force stack canary).

By default cmake file builds a debug version, so for build release i've add DEBUG=no and -DCMAKE_BUILD_TYPE=Release

Until mid of March 2026 this PR will be included (I will do some more documentation on the flags). Thanks a lot for the ideas and contribution, much appreciated!

[f7124has]

IMO testing I2Pd has still a lot of potential to be improved. How do you test?

I've used your docker build about half of year ago, then it sometimes (after some time) just drops all transit tunnels, and not applied them more utill reboot. In the same time default i2pd build (from distro repo) worked without this deffect. Problem probably was in debug build. I've tested it in real network as a floodfill with 10k tunnels transit limit.