Is an upgrade for i2p to 0.9.48 in the works?
Just bought a FreedomBox and trying to setup i2pBote.
I downloaded the latest i2pbote.su3 file mhatta’s site and installed his certificate, but installing the plugin fails because i2p needs to be version 0.9.48 but is only 0.9.38
The geti2p website has an i2pupdate_0.9.48.zip which it says should be copies to the i2p installation directory (/usr/share/i2p) and renamed to i2pupdate.zip which should then get automatically applied upon restarting the i2prouter. So gave it a try but didn’t work. Apparently default FreedomBox did not come with “unzip” installed so I then installed via “apt install unzip”. Restarted i2prouter but it was still running version 0.9.38 instead of 0.9.48. Checking logfile:
2021/01/23 15:40:54 | Launching a JVM…
2021/01/23 15:40:56 | WrapperManager: Initializing…
2021/01/23 15:40:59 | Starting I2P 0.9.48-0
2021/01/23 15:41:00 | ERROR: No write permissions on /usr/share/i2p to extract software update file
2021/01/23 15:41:05 | INFO: Locally optimized native BigInteger library loaded from file
2021/01/23 15:42:27 | WARNING: An illegal reflective access operation has occurred
2021/01/23 15:42:27 | WARNING: Illegal reflective access by net.i2p.util.FileUtil (file:/usr/share/i2p/lib/i2p.jar) to method com.sun.java.util.jar.pack.UnpackerImpl.unpack(java.io.InputStream,java.util.jar.JarOutputStream)
2021/01/23 15:42:27 | WARNING: Please consider reporting this to the maintainers of net.i2p.util.FileUtil
Looks like i2psvc runs with uid=114 and gid=119 but /usr/share/i2p is only writeable by root.
Anyhow, I just went ahead and manually unzipped. Restarted router and it was now running updated version.
So installed mhatta’s certificate from https://people.debian.org/~mhatta/mhatta_at_mail.i2p.crt
and copied to /usr/share/i2p/certificates/plugin/
Then under “Manage Plugins” I installed the i2pbote.su3 file from https://people.debian.org/~mhatta/i2pbote.su3
i2prouter is now running i2pbote SecureEmail. Tried to create New Identiy in i2pBote but get error:
Jan 23, 2021, 4:32:39 PM ERROR [le Jetty-201] i2p.bote.web.CSRFLogger : potential cross-site request forgery (CSRF) attack thwarted (user:, ip:0:0:0:0:0:0:0:1, method:POST, uri:/i2pbote/submitIdentity.jsp, error:required token is missing from the request)
Not sure what’s needed to fix. Running i2prouter with i2pBote on my Ubuntu laptop works just fine with no complaints about CSRF when creating new identities or importing/exporting identities.