0.9.23 console (http://localhost:7657/home) complains ECDSA is not available. There was no such a warning in 0.9.22-r1. My use-flags for i2p and java: [ebuild R ] dev-java/icedtea-bin-7.2.6.3:7::gentoo USE="alsa cups gtk nsplugin nss -cjk -doc -examples -headless-awt -pulseaudio (-selinux) -source -webstart" 0 KiB [ebuild R ~] net-p2p/i2p-0.9.23::gentoo USE="nls" 0 KiB # eselect java-vm list Available Java Virtual Machines: [1] icedtea-bin-7 system-vm Portage 2.2.26 (python 3.4.3-final-0, hardened/linux/amd64, gcc-4.9.3, glibc-2.21-r1, 4.1.7-hardened-r1 x86_64) ================================================================= System uname: Linux-4.1.7-hardened-r1-x86_64-Intel-R-_Core-TM-_i7-2600K_CPU_@_3.40GHz-with-gentoo-2.2 KiB Mem: 8133104 total, 717372 free KiB Swap: 8388604 total, 8327364 free Timestamp of repository gentoo: Mon, 11 Jan 2016 10:45:02 +0000 sh bash 4.3_p42-r1 ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1 app-shells/bash: 4.3_p42-r1::gentoo dev-java/java-config: 2.2.0::gentoo dev-lang/perl: 5.22.1::gentoo dev-lang/python: 2.7.10-r1::gentoo, 3.4.3-r1::gentoo dev-util/cmake: 3.3.1-r1::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.18.4::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo sys-devel/automake: 1.11.6-r1::gentoo, 1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo sys-devel/binutils: 2.25.1-r1::gentoo sys-devel/gcc: 4.9.3::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.6::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers) sys-libs/glibc: 2.21-r1::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync3.ua.gentoo.org/gentoo-portage priority: -1000 sync-rsync-extra-opts: --exclude ChangeLog --delete-excluded gamerlay location: /var/lib/layman/gamerlay masters: gentoo priority: 0 powerman location: /var/lib/layman/powerman masters: gentoo priority: 1 local location: /usr/local/portage masters: gentoo priority: 2 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /service /usr/inferno/keydb /usr/inferno/lib /usr/inferno/services /usr/lib/ConsoleKit/scripts /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /usr/share/i2p/scripts /var/log /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage-distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y --autounmask-write" FCFLAGS="-march=native -O2 -pipe" FEATURES="assume-digests binpkg-logs clean-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="http://tux.rainside.sk/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://gentoo.inode.at/" LANG="ru_RU.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j8" PKGDIR="/usr/portage-packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--exclude ChangeLog --delete-excluded" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acpi adns aes alac alsa amd64 avx bash-completion berkdb branding bzip2 cairo caps cdda cddb cdr cli consolekit cracklib crypt cups cxx dbus dri drm dts dvb dvd dvdr encode exif fam ffmpeg firefox flac fontconfig gallium gdbm gif glamor gnutls gpg gtk hardened iconv icu id3tag idn ipv6 jpeg jpeg2k justify lcms libnotify mac mad matroska mbox mmx mmxext mng modules mp3 mp4 mpeg multilib musepack ncurses network-cron nls nptl nsplugin ogg opengl openmp openvg pam pango pax_kernel pcre pdf perl pie png policykit popcnt ppds qt3support qt4 readline sdl seccomp session spell sse sse2 sse3 sse4_1 sse4_2 ssl ssp ssse3 startup-notification svg tcpd theora tiff truetype udev udisks unicode upower urandom usb vdpau vim-syntax vorbis wavpack wxwidgets x264 xattr xcb xml xosd xtpax xv xvid xvmc zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="log_config vhost_alias autoindex alias rewrite dir deflate filter mime negotiation auth_basic authn_file authz_host authz_user authz_groupfile cgi actions headers env setenvif" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64 pc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en ru ru_RU" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached proxy referer rewrite scgi split_clients ssi upstream_ip_hash userid uwsgi fancyindex" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="x86_64 i386" QEMU_USER_TARGETS="x86_64 i386" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="nvidia nouveau" XFCE_PLUGINS="clock trash" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" USE_PYTHON="2.7" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Is this not the same as bug #569932?
(In reply to James Le Cuirot from comment #1) > Is this not the same as bug #569932? I don't think so - my I2P works ok, only issue so far is this warning message.
(In reply to Alex Efros from comment #2) > (In reply to James Le Cuirot from comment #1) > > Is this not the same as bug #569932? > I don't think so - my I2P works ok, only issue so far is this warning > message. I've added a ewarn about it: the I2P team want more and more to push the support of ECDSA in every router, but it is not mandatory yet (only strongly recommend). If you want to use ECDSA, you should have on of those dev-java/icedtea[-sunec,nss] dev-java/oracle-jre-bin java/oracle-jdk-bin
(In reply to tharvik from comment #3) > I've added a ewarn about it: the I2P team want more and more to push the > support of ECDSA in every router, but it is not mandatory yet (only strongly > recommend). > > If you want to use ECDSA, you should have on of those > dev-java/icedtea[-sunec,nss] > dev-java/oracle-jre-bin > java/oracle-jdk-bin I've seen it, and I've dev-java/icedtea-bin[nss]. Or there is no way to support ECDSA with icedtea-bin and I have to replace it with icedtea?
(In reply to Alex Efros from comment #4) > (In reply to tharvik from comment #3) > > I've added a ewarn about it: the I2P team want more and more to push the > > support of ECDSA in every router, but it is not mandatory yet (only strongly > > recommend). > > > > If you want to use ECDSA, you should have on of those > > dev-java/icedtea[-sunec,nss] > > dev-java/oracle-jre-bin > > java/oracle-jdk-bin > > I've seen it, and I've dev-java/icedtea-bin[nss]. > Or there is no way to support ECDSA with icedtea-bin and I have to replace > it with icedtea? It's a while since I looked at it but I probably would have added the sunec flag to icedtea-bin if that was feasible. I'll take another look to make sure.
(In reply to tharvik from comment #3) > If you want to use ECDSA, you should have on of those > dev-java/icedtea[-sunec,nss] > dev-java/oracle-jre-bin > java/oracle-jdk-bin I've just updated to 0.9.24-r1 and ewarn now says: Currently, the i2p team does not enforce to use ECDSA keys. But it is more and more pushed. To help the network, you are recommended to have either: dev-java/icedtea[-sunec,nss] dev-java/icedtea-bin[nss] dev-java/icedtea[-sunec] and bouncycastle (bcprov) dev-java/icedtea-bin and bouncycastle (bcprov) dev-java/oracle-jre-bin dev-java/oracle-jdk-bin Alternatively you can just use Ed25519 keys - which is a stronger algorithm anyways. At a glance I have all requirements: # emerge -pv icedtea-bin bcprov:1.50 [ebuild R ] dev-java/icedtea-bin-7.2.6.4:7::gentoo USE="alsa cups gtk nsplugin nss webstart -cjk -doc -examples -headless-awt -pulseaudio (-selinux) -source" 0 KiB [ebuild R ] dev-java/bcprov-1.50-r2:1.50::gentoo USE="-doc -source {-test}" 0 KiB There is newer bcprov 1.52 but it looks like this icedtea-bin require bcprov:1.50. But I still see warning about absent ECDSA support! As for using Ed25519 keys - I've checked my "local identifier" and it says "Singing key: EdDSA_SHA512_Ed25519", so I suppose it's already used (but I didn't see where I can choose ED25519 or other algo in UI anyway).
(In reply to Alex Efros from comment #6) > At a glance I have all requirements: > > # emerge -pv icedtea-bin bcprov:1.50 > [ebuild R ] dev-java/icedtea-bin-7.2.6.4:7::gentoo USE="alsa cups gtk > nsplugin nss webstart -cjk -doc -examples -headless-awt -pulseaudio > (-selinux) -source" 0 KiB > [ebuild R ] dev-java/bcprov-1.50-r2:1.50::gentoo USE="-doc -source > {-test}" 0 KiB I'm not the one dealing with this any more but just to be certain, please check that this is actually the JVM you have selected with eselect java. Actually getting the damn JVMs to work in the first place aside, I do hope to make the selection stuff work out of the box in future but it will require significant changes to java-config.
> But I still see warning about absent ECDSA support! It simply because we don't check if you actually have installed an ECDSA enabled JVM, we just warn that you need one. I guess, in a next revision or release, will enforce to have such a JVM thus removing the ewarn.
(In reply to James Le Cuirot from comment #7) > I'm not the one dealing with this any more but just to be certain, please > check that this is actually the JVM you have selected with eselect java. # eselect java-vm list Available Java Virtual Machines: [1] icedtea-bin-7 system-vm (In reply to tharvik from comment #8) > > But I still see warning about absent ECDSA support! > It simply because we don't check if you actually have installed an ECDSA > enabled JVM, we just warn that you need one. > > I guess, in a next revision or release, will enforce to have such a JVM thus > removing the ewarn. Looks like you're talking about ewarn in ebuild, while this issue is about warning shown by i2p itself in it's web UI - and I suppose i2p knows is JVM it's running on support ECDSA or not, so that warning should be valid.
