Skip to content

Comments

Modify Dockerfile to enhance i2pd build settings#13

Open
f7124has wants to merge 1 commit intodiva-exchange:developfrom
f7124has:develop
Open

Modify Dockerfile to enhance i2pd build settings#13
f7124has wants to merge 1 commit intodiva-exchange:developfrom
f7124has:develop

Conversation

@f7124has
Copy link

@f7124has f7124has commented Feb 7, 2026

Updated build configuration for i2pd with hardening options and optimizations.

Updated build configuration for i2pd with hardening options and optimizations.
@f7124has
Copy link
Author

f7124has commented Feb 7, 2026

I'm already using these options in my project https://github.com/f7124has/i2pd-multipath-outproxy/blob/main/client/i2pd/Dockerfile#L40

@diva-exchange
Copy link
Owner

Thanks a lot!

Important: could you please add (for documentation and future reference) a very short rationale to each option you added?

Example:

Setting WITH_HARDENING=ON during the i2pd build process on Unix-like systems enables security hardening features for GCC and Clang compilers. This flag activates compiler-level protections such as stack smashing and format string protection, and its default setting is OFF.

@f7124has
Copy link
Author

DCMAKE_CXX_FLAGS="-Wl,-z,reiro -Wl,-z,now -D_FORTIFY_SOURCE=2 -Ofast -march=native -fstack-protector-strong -fstrict-flex-arrays" flags for build optimized for current arch build with compiler optimizations: -Ofast -march=native -Wl,-z,reiro -Wl,-z,now. Other flags for extra memory protection (force stack canary).

By default cmake file builds a debug version, so for build release i've add DEBUG=no and -DCMAKE_BUILD_TYPE=Release

@f7124has
Copy link
Author

Did you really test you current build, on 2.58.0? Its sometimes just drop transit tunnels, at least on my VPS linux server, its because you use debug build by default.

@diva-exchange
Copy link
Owner

Did you really test you current build, on 2.58.0? Its sometimes just drop transit tunnels, at least on my VPS linux server, its because you use debug build by default.

I2Pd Testing: there exists the i2pd testnet here, https://github.com/h-phil/i2pd-testnet-kubernetes . It is, AFAIK, the only useable testnet available (others are stubs or not yet properly/openly documented). This testnet gets currently used together with the 2.59.0 version. Last week this diva docker repo was updated to 2.59.0.

IMO testing I2Pd has still a lot of potential to be improved. How do you test?

@diva-exchange
Copy link
Owner

DCMAKE_CXX_FLAGS="-Wl,-z,reiro -Wl,-z,now -D_FORTIFY_SOURCE=2 -Ofast -march=native -fstack-protector-strong -fstrict-flex-arrays" flags for build optimized for current arch build with compiler optimizations: -Ofast -march=native -Wl,-z,reiro -Wl,-z,now. Other flags for extra memory protection (force stack canary).

By default cmake file builds a debug version, so for build release i've add DEBUG=no and -DCMAKE_BUILD_TYPE=Release

Until mid of March 2026 this PR will be included (I will do some more documentation on the flags). Thanks a lot for the ideas and contribution, much appreciated!

@f7124has
Copy link
Author

f7124has commented Feb 22, 2026

IMO testing I2Pd has still a lot of potential to be improved. How do you test?

I've used your docker build about half of year ago, then it sometimes (after some time) just drops all transit tunnels, and not applied them more utill reboot. In the same time default i2pd build (from distro repo) worked without this deffect. Problem probably was in debug build. I've tested it in real network as a floodfill with 10k tunnels transit limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants