doc/admin.texi              |  9 +++++----
 doc/building.texi           |  8 ++++----
 doc/cfg/general.texi        |  7 ++++++-
 doc/cmd/index.texi          |  6 +++---
 doc/cmd/nncp-file.texi      |  2 +-
 doc/download.texi           |  7 ++++++-
 doc/index.texi              |  2 ++
 doc/install.texi            |  2 +-
 doc/log.texi                | 25 +++++++++++++++++++++++++
 doc/mirrors.texi            | 34 ++++++++++++++++++++++++++++++++++
 doc/news.ru.texi            | 23 +++++++++++++++++++----
 doc/news.texi               | 25 ++++++++++++++++++++-----
 doc/pkt/plain.texi          |  2 +-
 doc/sources.texi            |  4 +---
 doc/thanks.texi             |  3 ++-
 makedist.sh                 | 11 +++++++++--
 ports/nncp/Makefile         |  2 +-
 src/call.go                 |  4 ++--
 src/cfg.go                  |  8 ++++++--
 src/check.go                |  2 +-
 src/cmd/nncp-bundle/main.go |  2 +-
 src/cmd/nncp-caller/main.go |  3 +++
 src/cmd/nncp-cfgenc/main.go | 10 +++++-----
 src/cmd/nncp-daemon/main.go |  6 +++---
 src/cmd/nncp-reass/main.go  |  8 ++++----
 src/cmd/nncp-xfer/main.go   | 26 +++++++++++++-------------
 src/ctx.go                  | 14 ++++++++++++++
 src/jobs.go                 |  2 +-
 src/lockdir.go              |  6 +++---
 src/log.go                  | 12 ++++++++++--
 src/nncp.go                 |  2 +-
 src/pipe.go                 |  2 +-
 src/sp.go                   | 19 +++++++++++--------
 src/tmp.go                  | 12 ++++++------
 src/toss.go                 |  4 ++--
 src/tx.go                   | 30 +++++++++++++++---------------

diff --git a/doc/admin.texi b/doc/admin.texi
index ba70cb70ac42682cc7cdb50690a6b88393472086e5680ada9d375516b27ed640..d9b348e98f3fcae030892ce35cb745d2d9492dc7549cc2cc80960c155cbd74a0 100644
--- a/doc/admin.texi
+++ b/doc/admin.texi
@@ -100,7 +100,8 @@ @end example
 
 @item
     Or it can be also run as a @command{daemontools} daemon under
-    @url{http://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}:
+    @url{http://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}. In the example
+    below it uses native daemontools's logging capability:
 
 @example
 # mkdir -p /var/service/.nncp-daemon/log
@@ -108,13 +109,13 @@ # cd /var/service/.nncp-daemon
 
 # cat > run <<EOF
 #!/bin/sh -e
-exec envuidgid nncpuser tcpserver -DHRU -l 0 ::0 uucp \
-	/usr/local/bin/nncp-daemon -quiet -ucspi
+NNCPLOG=FD:4 exec envuidgid nncpuser tcpserver -DHRU -l 0 ::0 uucp \
+	/usr/local/bin/nncp-daemon -quiet -ucspi 4>&1
 EOF
 
 # cat > log/run <<EOF
 #!/bin/sh -e
-exec setuidgid uucp multilog t ./main
+exec setuidgid uucp multilog ./main
 EOF
 
 # chmod -R 755 /var/service/.nncp-daemon
diff --git a/doc/building.texi b/doc/building.texi
index dbb6fecf32f64a599f12339bbad27a24006b65c191cc07c2e3e868e80be24455..e54dd668e8d5cd572e80e4684c0de8bf6dc15fbf3e7841c3399d9ccfd00138d7 100644
--- a/doc/building.texi
+++ b/doc/building.texi
@@ -21,20 +21,20 @@ @end example
 
 After that you should get various @command{bin/nncp-*} binaries and
 @command{bin/hjson-cli} command (only for your convenience, not
-necessary installation). Documentation for example for
+necessary installation). For example, documentation for
 @command{nncp-bundle} command can be get with
 @command{info doc/nncp.info -n nncp-bundle}.
 
 It uses @url{http://cr.yp.to/redo.html, redo} build system for that
-examples. You can use either dozen of various implementations, or at
-least minimalistic POSIX shell @command{contrib/do} (just replace
+examples. You can use one of its various implementations, or at least
+minimalistic POSIX shell @command{contrib/do} (just replace
 @command{redo} with @command{contrib/do} in the example above) included
 in tarball. Following ones are tested to work with:
 @url{http://www.goredo.cypherpunks.ru/, goredo} (NNCP's author creation),
 @url{https://redo.readthedocs.io/, apenwarr/redo} (@code{contrib/do} is
 from that project), @url{https://github.com/leahneukirchen/redo-c, redo-c}.
 
-There is @command{install} target respecting @env{DESTDIR}. It will
+There is @command{install} target respecting @env{$DESTDIR}. It will
 install binaries and info-documentation:
 
 @example
diff --git a/doc/cfg/general.texi b/doc/cfg/general.texi
index 7c8b456bdbdfa2fd92707ac807fa1600f82d58a61b73c94e44df23a61d26f3f8..85142d33759ebccd99425c975ed55cea1a154ca3b56cbc04da825fc9f230113c 100644
--- a/doc/cfg/general.texi
+++ b/doc/cfg/general.texi
@@ -21,7 +21,12 @@ @table @code
 @item spool
 Absolute path to the @ref{Spool, spool} directory.
 @item log
-Absolute path to the @ref{Log, log} file.
+Either:
+    @itemize
+    @item absolute path to the @ref{Log, log} file
+    @item @code{FD:XXX}, where @code{XXX} is a decimal file descriptor
+        to write records too
+    @end itemize
 @item umask
 Will force all invoked commands to override their umask to specified
 octal mask. Useful for using with @ref{Shared spool, shared spool directories}.
diff --git a/doc/cmd/index.texi b/doc/cmd/index.texi
index 43af16a5fc2021ed35e5b166dba103806e968e1e02dacc5b6ddb95d7ecfcd006..cfb5156c56efa0b7b43446de63d68dc7aacb014613a712ad457ed90f0e2d0be9 100644
--- a/doc/cmd/index.texi
+++ b/doc/cmd/index.texi
@@ -5,7 +5,7 @@ Nearly all commands have the following common options:
 
 @table @option
 @item -cfg
-    Path to configuration file. May be overridden by @env{NNCPCFG}
+    Path to configuration file. May be overridden by @env{$NNCPCFG}
     environment variable. If file file is an encrypted @ref{EBlob,
     eblob}, then ask for passphrase to decrypt it first.
 @item -debug
@@ -26,9 +26,9 @@     Specified nodes must be separated with comma: @verb{|NODE1,NODE2|}.
     With @verb{|-via -|} you can disable relaying at all.
 @item -spool
     Override path to spool directory. May be specified by
-    @env{NNCPSPOOL} environment variable.
+    @env{$NNCPSPOOL} environment variable.
 @item -log
-    Override path to logfile. May be specified by @env{NNCPLOG}
+    Override path to logfile. May be specified by @env{$NNCPLOG}
     environment variable.
 @item -quiet
     Print only errors, omit simple informational messages. In any case
diff --git a/doc/cmd/nncp-file.texi b/doc/cmd/nncp-file.texi
index c401ac418576d397b951959e929047b89b1cceae670899472142fd2284c47870..8dc0827695a10a7f725ae62f7f484e1ca1bb798d26889eee2a35cafb22e402c1 100644
--- a/doc/cmd/nncp-file.texi
+++ b/doc/cmd/nncp-file.texi
@@ -21,7 +21,7 @@ file and copy everything taken from @code{stdin} to it and use for outbound
 packet creation. Pay attention that if you want to send 1 GiB of data
 taken from @code{stdin}, then you have to have more than 2 GiB of disk space
 for that temporary file and resulting encrypted packet. You can control
-temporary file location directory with @env{TMPDIR} environment
+temporary file location directory with @env{$TMPDIR} environment
 variable. Encryption is performed in AEAD mode with
 @url{https://cr.yp.to/chacha.html, ChaCha20}-@url{https://en.wikipedia.org/wiki/Poly1305, Poly1305}
 algorithms. Data is divided on 128 KiB blocks. Each block is encrypted
diff --git a/doc/download.texi b/doc/download.texi
index 713d1868faf28843c4ce180c325b8be46fbc6f907e8455b48dcebeadbff186fa..77aac8ce3617f90dda6423666805835637e9717e9a49897673bf85e03f2f1ac9 100644
--- a/doc/download.texi
+++ b/doc/download.texi
@@ -2,7 +2,8 @@ @node Tarballs
 @section Prepared tarballs
 
 You can obtain releases source code prepared tarballs from the links below.
-Do not forget to check tarball @ref{Integrity, integrity}.
+Do not forget to check tarball @ref{Integrity, integrity}! Also there
+are @ref{Mirrors, mirrors} of this website.
 
 Tarballs include all necessary required libraries:
 
@@ -27,6 +28,10 @@ @end multitable
 
 @multitable {XXXXX} {XXXX-XX-XX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
 @headitem Version @tab Date @tab Size @tab Tarball @tab SHA256 checksum
+
+@item @ref{Release 7_5_1, 7.5.1} @tab 2021-08-05 @tab 1147 KiB
+@tab @url{download/nncp-7.5.1.tar.xz, link} @url{download/nncp-7.5.1.tar.xz.sig, sign}
+@tab @code{B093A745 C2EB9F5F E8341ED2 A6F1EE75 701B2646 B5701BAA F4E760D9 32CDD91A}
 
 @item @ref{Release 7_5_0, 7.5.0} @tab 2021-07-28 @tab 1151 KiB
 @tab @url{download/nncp-7.5.0.tar.xz, link} @url{download/nncp-7.5.0.tar.xz.sig, sign}
diff --git a/doc/index.texi b/doc/index.texi
index a3e8e85cd085807de3417efbb885457a6211cd3a290f328f189bab6a019ed2fe..48631f80acb7134c2c3ac9924f280d4b6ac200f39e70d20994308f13a189a394 100644
--- a/doc/index.texi
+++ b/doc/index.texi
@@ -57,6 +57,7 @@ * Merkle Tree Hashing: MTH
 * Sync protocol: Sync
 * MultiCast Discovery: MCD
 * EBlob format: EBlob
+* Mirrors::
 * Thanks::
 * Contacts and feedback: Contacts
 * Copying conditions: Copying
@@ -84,6 +85,7 @@ @include mth.texi
 @include sp.texi
 @include mcd.texi
 @include eblob.texi
+@include mirrors.texi
 @include thanks.texi
 @include contacts.texi
 
diff --git a/doc/install.texi b/doc/install.texi
index 831fc8e1f2d972b00e143d45991d17c1e2ce405df4531c6f99e7d03cc6f951ba..f8896b22e26298aa4e12ab6b45cb73d6611aa719fc5bd20a5a53f3de4ceab979 100644
--- a/doc/install.texi
+++ b/doc/install.texi
@@ -20,7 +20,7 @@ convenience. @url{https://www.gnu.org/software/texinfo/, Texinfo} is
 used for building documentation (although tarballs already include it).
 
 In general you must get @ref{Tarballs, the tarball}, check its
-@ref{Integrity, integrity and authenticity} and run @command{make}.
+@ref{Integrity, integrity and authenticity} and run @command{redo}.
 Look for general and platform-specific @ref{Build-instructions, build
 instructions}.
 
diff --git a/doc/log.texi b/doc/log.texi
index 48f9788051023b17621acafa1edf1c14ace1face3eaccb98fadd741bcd6e1e50..d1281d703031fffb922b69e1ce920fe421496fe4b9dc3765753b513c2323c25e 100644
--- a/doc/log.texi
+++ b/doc/log.texi
@@ -6,3 +6,28 @@ @url{https://www.gnu.org/software/recutils/, recfile} records. It can be
 read by human, but it is better to use either @ref{nncp-log}, or
 @command{recutils} utilities for selecting and formatting the required
 fields.
+
+Two example records from it:
+
+@verbatim
+When: 2021-08-07T20:30:49.042460622Z
+Who: sp-file-done
+Node: BYRRQUULEHINPKEFN7CHMSHR5I5CK7PMX5HQNCYERTBAR4BOCG6Q
+Nice: 255
+Type: file
+XX: rx
+Pkt: VQFR6KXC5N4UGL3HKKJKPXE4TN3G4UQGFXQTEYFZ7ZZIKWUVKOGA
+Size: 5229
+FullSize: 5229
+Msg: Got packet VQFR6KXC5N4UGL3HKKJKPXE4TN3G4UQGFXQTEYFZ7ZZIKWUVKOGA 100% (5.1 KiB / 5.1 KiB): done
+
+When: 2021-08-07T20:30:49.131766306Z
+Who: rx
+Node: BYRRQUULEHINPKEFN7CHMSHR5I5CK7PMX5HQNCYERTBAR4BOCG6Q
+Pkt: VQFR6KXC5N4UGL3HKKJKPXE4TN3G4UQGFXQTEYFZ7ZZIKWUVKOGA
+Nice: 96
+Size: 4741
+Type: exec
+Dst: sendmail stargrave@stargrave.org
+Msg: Got exec from gw to sendmail stargrave@stargrave.org (4.6 KiB)
+@end verbatim
diff --git a/doc/mirrors.texi b/doc/mirrors.texi
new file mode 100644
index 0000000000000000000000000000000000000000..393d2e3e8d111a8be8c3dcffc82195dc052bf11903979128a133e89ddc81eaa9
--- /dev/null
+++ b/doc/mirrors.texi
@@ -0,0 +1,34 @@
+@node Mirrors
+@unnumbered Mirrors
+
+Main NNCP website is hosted on two geographically distant servers
+located in Moscow region, Russian Federation. One of server's IPv6
+connectivity is provided by Hurricane Electric tunnel broker. Only one
+of those servers supports TLS and another just proxies the traffic to
+it. So TLS-capable version has less availability.
+
+It can be authenticated with
+@url{http://ca.cypherpunks.ru/, ca.cypherpunks.ru} certificate, through the
+@url{https://datatracker.ietf.org/doc/html/rfc6698, DANE} record, that
+in turn can be authenticated with
+@url{https://dnscurve.org/, DNSCurve}-secured
+@url{http://www.stargrave.org/Trust-anchor.html, trust anchors}.
+Both @code{ca.cypherpunks.ru} and DNSCurve trust anchors are
+signed with @code{CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF}
+@url{https://en.wikipedia.org/wiki/OpenPGP, OpenPGP}
+@url{http://www.stargrave.org/Contacts.html, public key}.
+
+@table @asis
+
+@item @url{https://nncp.mirrors.quux.org/}
+
+Its creation @url{http://lists.cypherpunks.ru/archive/nncp-devel/2108/0310.html, announcement}.
+Mirror of the whole NNCP's website with all tarballs, made by John Goerzen.
+It uses @url{https://letsencrypt.org/, Let's Encrypt} certificate
+authority, so can be more easily accessible for some people. If you have
+got NNCP-peering with
+@url{http://lists.cypherpunks.ru/archive/nncp-devel/2108/0283.html, nncp.quux.org}
+node, then you can also @ref{nncp-freq, freq} the @ref{Tarballs, tarballs}
+from it.
+
+@end table
diff --git a/doc/news.ru.texi b/doc/news.ru.texi
index a06db08318180731c1e764b53ea5658fbd5649bd39105a254a84e99c688d1537..d6181bc66dcf4178c0d5c3eca5c650a9a7b9dfcb110e2c1b86ca87cb181b2ac7 100644
--- a/doc/news.ru.texi
+++ b/doc/news.ru.texi
@@ -1,6 +1,21 @@
 @node Новости
 @section Новости
 
+@node Релиз 7.6.0
+@subsection Релиз 7.6.0
+@itemize
+
+@item
+Журналирование может производиться в назначенный открытый файловый
+дескриптор (@env{$NNCPLOG=FD:5} например).
+Что дружелюбно к использованию под @command{daemontools}.
+
+@item
+Добавлены дополнительные проверки наличия публичных ключей в
+конфигурационном файле, предотвращающие падения некоторых команд.
+
+@end itemize
+
 @node Релиз 7.5.1
 @subsection Релиз 7.5.1
 @itemize
@@ -348,7 +363,7 @@ @option{autotoss-noexec}, @option{autotoss-notrns}.
 Вы можете настраивать опции автоматического tosser для каждого вызова.
 
 @item
-Использовать vendoring вместо переопределения @env{GOPATH} во время
+Использовать vendoring вместо переопределения @env{$GOPATH} во время
 установки tarball, так как текущая минимальная версия Go это 1.12,
 поддерживающая модули.
 
@@ -359,7 +374,7 @@ @subsection Релиз 5.5.1
 @itemize
 
 @item
-Уважать @env{BINDIR}, @env{INFODIR} и @env{DOCDIR} переменные окружения
+Уважать @env{$BINDIR}, @env{$INFODIR} и @env{$DOCDIR} переменные окружения
 в @file{config} во время установки.
 
 @end itemize
@@ -750,7 +765,7 @@ в виде одного файла.
 
 @item
 Exec команды вызываются с дополнительными переменными окружения
-@env{NNCP_NICE} и @env{NNCP_SELF}.
+@env{$NNCP_NICE} и @env{$NNCP_SELF}.
 
 @item
 Отправляемые файлы в ответ на запрос имеют приоритет указанный в запросе.
@@ -826,7 +841,7 @@
 @node Релиз 0.12
 @subsection Релиз 0.12
 @itemize
-@item Команда sendmail вызывается с @env{NNCP_SENDER} переменной окружения.
+@item Команда sendmail вызывается с @env{$NNCP_SENDER} переменной окружения.
 @end itemize
 
 @node Релиз 0.11
diff --git a/doc/news.texi b/doc/news.texi
index bd70bf057247fb649168710247381da727d9751d1e5d0f4be77a42b79e0d2ed2..c823541db69b8744c37294d6387ea9cffb98e9679c36f9e1442a7766ceb5ef9b 100644
--- a/doc/news.texi
+++ b/doc/news.texi
@@ -3,6 +3,21 @@ @unnumbered News
 
 See also this page @ref{Новости, on russian}.
 
+@node Release 7_6_0
+@section Release 7.6.0
+@itemize
+
+@item
+Logging may be done to specified opened file descriptor
+(@env{$NNCPLOG=FD:5} for example).
+That is friendly to use under @command{daemontools}.
+
+@item
+Added additional checks of public keys existence in configuration file,
+preventing some commands from failing.
+
+@end itemize
+
 @node Release 7_5_1
 @section Release 7.5.1
 @itemize
@@ -339,7 +354,7 @@ @option{calls} configuration section. You can configure per-call
 automatic tosser options.
 
 @item
-Use vendoring, instead of @env{GOPATH} overriding during tarball
+Use vendoring, instead of @env{$GOPATH} overriding during tarball
 installation, because current minimal Go's version is 1.12 and it
 supports modules.
 
@@ -350,7 +365,7 @@ @section Release 5.5.1
 @itemize
 
 @item
-Respect for @env{BINDIR}, @env{INFODIR} and @env{DOCDIR} environment
+Respect for @env{$BINDIR}, @env{$INFODIR} and @env{$DOCDIR} environment
 variables in @file{config} during installation.
 
 @end itemize
@@ -727,8 +742,8 @@ Chunked files, having size less than specified chunk size, will be sent
 as an ordinary single file.
 
 @item
-Exec commands are invoked with additional @env{NNCP_NICE} and
-@env{NNCP_SELF} environment variables.
+Exec commands are invoked with additional @env{$NNCP_NICE} and
+@env{$NNCP_SELF} environment variables.
 
 @item
 Files, that are sent as a reply to freq, have niceness level taken from
@@ -804,7 +819,7 @@
 @node Release 0_12
 @section Release 0.12
 @itemize
-@item Sendmail command is called with @env{NNCP_SENDER} environment variable.
+@item Sendmail command is called with @env{$NNCP_SENDER} environment variable.
 @end itemize
 
 @node Release 0_11
diff --git a/doc/pkt/plain.texi b/doc/pkt/plain.texi
index c3218fe66569b2238dfa00f444a1e2cfd4ba1673ceaea4a7149ef736273238bd..952d52ee790a464f4cff2117b30589dd7326e5362e62ad5ce72e5e33121cd24e 100644
--- a/doc/pkt/plain.texi
+++ b/doc/pkt/plain.texi
@@ -67,7 +67,7 @@ Also depending on packet's type, niceness level means:
 
 @itemize
 @item Preferable niceness level for files sent by freq
-@item @env{NNCP_NICE} variable's value passed during @ref{CfgExec} invocation.
+@item @env{$NNCP_NICE} variable's value passed during @ref{CfgExec} invocation.
 @end itemize
 
 So plain packets can hold following paths and payloads:
diff --git a/doc/sources.texi b/doc/sources.texi
index ca558c146e286d66adfbdb057163e4b2fbd9b4c53209f8f7ae1dc2ce861e66bf..ac69a6464941779764c205391a7fbb2be74531296b4288d0b0c3c038150e4f3e 100644
--- a/doc/sources.texi
+++ b/doc/sources.texi
@@ -7,9 +7,7 @@ libraries source code. Because of that, it is recommended for porters
 to use @ref{Tarballs, tarballs} instead.
 
 @example
-$ git clone git://git.cypherpunks.ru/nncp.git
-$ cd nncp
-$ git checkout develop
+$ git clone --branch develop git://git.cypherpunks.ru/nncp.git nncp
 @end example
 
 You can also use @url{https://git.cypherpunks.ru/nncp.git}.
diff --git a/doc/thanks.texi b/doc/thanks.texi
index 6e725f793b0576a9b0636bab8efe0801bdff2695bc317b5627bded4aa584b0e0..13d355da2555feb33e656927e7485468508703d09b0bdf689826d13b4bbd6aab 100644
--- a/doc/thanks.texi
+++ b/doc/thanks.texi
@@ -12,6 +12,7 @@ @item @url{mailto:nncp@@woffs.de, Frank Doepper} for his bug reports
 feedback and NixOS package maintenance.
 
 @item @url{mailto:jgoerzen@@complete.org, John Goerzen} for his feature
-suggestions, bugreports and Debian package maintenance.
+suggestions, bugreports, Debian package and mirror maintenance, and the
+whole project popularization.
 
 @end itemize
diff --git a/makedist.sh b/makedist.sh
index a1b99f758918937b308762291dd08cbc8f96170deaf070c74765b2cd22441f65..3901c5ededb0ecf95fb165b0de0c843c4592e6bb1756e2d60cd4ee8b99571385 100755
--- a/makedist.sh
+++ b/makedist.sh
@@ -32,8 +32,9 @@
 cat > doc/download.texi <<EOF
 @node Tarballs
 @section Prepared tarballs
-You can obtain releases source code prepared tarballs on
-@url{http://www.nncpgo.org/}.
+You can obtain releases source code prepared tarballs from
+@url{http://www.nncpgo.org/} and from one of its
+@url{http://www.nncpgo.org/Mirrors.html, mirrors}.
 EOF
 perl -i -ne 'print unless /include pedro/' doc/index.texi doc/about.ru.texi
 perl -p -i -e 's/^(.verbatiminclude) .*$/$1 PUBKEY.asc/g' doc/integrity.texi
@@ -170,6 +171,9 @@ SHA256 hash: $hash
 GPG key ID: 0x2B25868E75A1A953 NNCP releases <releases@nncpgo.org>
 Fingerprint: 92C2 F0AE FE73 208E 46BF  F3DE 2B25 868E 75A1 A953
 
+There are mirrors where you can also get the source code tarballs:
+http://www.nncpgo.org/Mirrors.html
+
 Please send questions regarding the use of NNCP, bug reports and patches
 to mailing list: http://lists.cypherpunks.ru/nncp_002ddevel.html
 EOF
@@ -218,6 +222,9 @@
 SHA256 хэш: $hash
 Идентификатор GPG ключа: 0x2B25868E75A1A953 NNCP releases <releases@nncpgo.org>
 Отпечаток: 92C2 F0AE FE73 208E 46BF  F3DE 2B25 868E 75A1 A953
+
+Есть и зеркала где вы также можете получить архивы с исходным кодом:
+http://www.nncpgo.org/Mirrors.html
 
 Пожалуйста, все вопросы касающиеся использования NNCP, отчёты об ошибках
 и патчи отправляйте в nncp-devel почтовую рассылку:
diff --git a/ports/nncp/Makefile b/ports/nncp/Makefile
index 13f72b837d22a5c14d4f740ff6d04ec6c781eb80ff4312868d4260c12990d119..e0de38eff635ec6d95dffcf0181487f4b4cfc4228eade7952436921f54618a7a 100644
--- a/ports/nncp/Makefile
+++ b/ports/nncp/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	nncp
-DISTVERSION=	7.4.0
+DISTVERSION=	7.6.0
 CATEGORIES=	net
 MASTER_SITES=	http://www.nncpgo.org/download/
 
diff --git a/src/call.go b/src/call.go
index f1bc5ddc181befd14a46b2a2cf02a28c24f94edc5b0811fe69eed0c25922f978..e0328efd6da900ac21d94b9ff51e386dc0106d2f963296d1bd6c7f12f29187be 100644
--- a/src/call.go
+++ b/src/call.go
@@ -134,13 +134,13 @@ 					humanize.IBytes(uint64(state.TxSpeed)),
 				)
 			})
 			isGood = true
-			conn.Close() // #nosec G104
+			conn.Close()
 			break
 		} else {
 			ctx.LogE("call-started", les, err, func(les LEs) string {
 				return fmt.Sprintf("Connection to %s (%s)", node.Name, addr)
 			})
-			conn.Close() // #nosec G104
+			conn.Close()
 		}
 	}
 	return
diff --git a/src/cfg.go b/src/cfg.go
index b4caab9d5219c235ebc2bf21ee493c3521e91252f1e6adbd1fcc0f2458487e43..2d90a1a2748b05bc2c6952394f672af1bfd04eb61b1bd0a86150f49d7820debb 100644
--- a/src/cfg.go
+++ b/src/cfg.go
@@ -21,6 +21,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"log"
 	"os"
 	"path"
@@ -445,6 +446,9 @@ 		area.Pub = new([32]byte)
 		copy(area.Pub[:], pub)
 	}
 	if cfg.Prv != nil {
+		if area.Pub == nil {
+			return nil, fmt.Errorf("area %s: prv requires pub presence", name)
+		}
 		prv, err := Base32Codec.DecodeString(*cfg.Prv)
 		if err != nil {
 			return nil, err
@@ -462,12 +466,12 @@
 func CfgParse(data []byte) (*CfgJSON, error) {
 	var err error
 	if bytes.Compare(data[:8], MagicNNCPBv3.B[:]) == 0 {
-		os.Stderr.WriteString("Passphrase:") // #nosec G104
+		os.Stderr.WriteString("Passphrase:")
 		password, err := term.ReadPassword(0)
 		if err != nil {
 			log.Fatalln(err)
 		}
-		os.Stderr.WriteString("\n") // #nosec G104
+		os.Stderr.WriteString("\n")
 		data, err = DeEBlob(data, password)
 		if err != nil {
 			return nil, err
diff --git a/src/check.go b/src/check.go
index 3ef3ef3bfdb393118ab3d4c1e98d5bba2d317bb94f6ada29a1c67dc1125384b2..ddec761972bf66d6d77a2f541710953af3f6cf3040cf31557380ac4fffc06bf4 100644
--- a/src/check.go
+++ b/src/check.go
@@ -62,7 +62,7 @@ 			ctx.LogE("checking", les, err, logMsg)
 			return true
 		}
 		gut, err := Check(fd, job.Size, job.HshValue[:], les, ctx.ShowPrgrs)
-		fd.Close() // #nosec G104
+		fd.Close()
 		if err != nil {
 			ctx.LogE("checking", les, err, logMsg)
 			return true
diff --git a/src/cmd/nncp-bundle/main.go b/src/cmd/nncp-bundle/main.go
index 5bf0d5685206e2a1326b5032cfd022a0a23e6e1df93c891c6266e66df0dfb0e9..4f8e366f2556eabaf27205d2744489bfae564a91c9575ea8ac77666b5061ba57 100644
--- a/src/cmd/nncp-bundle/main.go
+++ b/src/cmd/nncp-bundle/main.go
@@ -221,7 +221,7 @@ 			if prefixIdx == -1 {
 				if err == io.EOF {
 					break
 				}
-				bufStdin.Discard(bufStdin.Buffered() - (len(nncp.NNCPBundlePrefix) - 1)) // #nosec G104
+				bufStdin.Discard(bufStdin.Buffered() - (len(nncp.NNCPBundlePrefix) - 1))
 				continue
 			}
 			if _, err = bufStdin.Discard(prefixIdx); err != nil {
diff --git a/src/cmd/nncp-caller/main.go b/src/cmd/nncp-caller/main.go
index 9530881fd403e583e3b71dcfed0d953b1ae8d71458b2d188d4f519e5234c8664..b75b251049d9a467aa970e56ad5d235d04ef0e08d10e342120bd196fc836bd82 100644
--- a/src/cmd/nncp-caller/main.go
+++ b/src/cmd/nncp-caller/main.go
@@ -94,6 +94,9 @@ 			node, err := ctx.FindNode(nodeId)
 			if err != nil {
 				log.Fatalln("Invalid NODE specified:", err)
 			}
+			if node.NoisePub == nil {
+				log.Fatalln("Node", nodeId, "does not have online communication capability")
+			}
 			if len(node.Calls) == 0 {
 				ctx.LogD(
 					"caller-no-calls",
diff --git a/src/cmd/nncp-cfgenc/main.go b/src/cmd/nncp-cfgenc/main.go
index afcaeb6a2e8ad3c960eaf9b6087a4547c5d205b42b2455b30651e823d2fbea87..48ea7e5009588d2c2facebf87353b809568067ff4bc1c6df82c0ed4f7dcad1a6 100644
--- a/src/cmd/nncp-cfgenc/main.go
+++ b/src/cmd/nncp-cfgenc/main.go
@@ -96,7 +96,7 @@ 		fmt.Printf("Blob size: %d\n", len(eblob.Blob))
 		return
 	}
 
-	os.Stderr.WriteString("Passphrase:") // #nosec G104
+	os.Stderr.WriteString("Passphrase:")
 	password1, err := term.ReadPassword(0)
 	if err != nil {
 		log.Fatalln(err)
@@ -106,15 +106,15 @@ 		cfgRaw, err := nncp.DeEBlob(data, password1)
 		if err != nil {
 			log.Fatalln(err)
 		}
-		os.Stdout.Write(cfgRaw) // #nosec G104
+		os.Stdout.Write(cfgRaw)
 		return
 	}
-	os.Stderr.WriteString("\nRepeat passphrase:") // #nosec G104
+	os.Stderr.WriteString("\nRepeat passphrase:")
 	password2, err := term.ReadPassword(0)
 	if err != nil {
 		log.Fatalln(err)
 	}
-	os.Stderr.WriteString("\n") // #nosec G104
+	os.Stderr.WriteString("\n")
 	if bytes.Compare(password1, password2) != 0 {
 		log.Fatalln(errors.New("Passphrases do not match"))
 	}
@@ -122,5 +122,5 @@ 	eblob, err := nncp.NewEBlob(*sOpt, *tOpt, *pOpt, password1, data)
 	if err != nil {
 		log.Fatalln(err)
 	}
-	os.Stdout.Write(eblob) // #nosec G104
+	os.Stdout.Write(eblob)
 }
diff --git a/src/cmd/nncp-daemon/main.go b/src/cmd/nncp-daemon/main.go
index 90afea3e80def24c6f508bab64f8c55851691a74435ececc0a474009bf9509a5..f4fa5eb3f882a87d837a594b2efbdba773b12137a6be4ec16ce0ddd6f86509dc 100644
--- a/src/cmd/nncp-daemon/main.go
+++ b/src/cmd/nncp-daemon/main.go
@@ -168,7 +168,7 @@ 	}
 	ctx.Umask()
 
 	if *ucspi {
-		os.Stderr.Close() // #nosec G104
+		os.Stderr.Close()
 		conn := &nncp.UCSPIConn{R: os.Stdin, W: os.Stdout}
 		nodeIdC := make(chan *nncp.NodeId)
 		addr := nncp.UCSPITCPRemoteAddr()
@@ -196,7 +196,7 @@ 		if *autoToss {
 			close(autoTossFinish)
 			<-autoTossBadCode
 		}
-		conn.Close() // #nosec G104
+		conn.Close()
 		return
 	}
 
@@ -262,7 +262,7 @@ 			if *autoToss {
 				close(autoTossFinish)
 				<-autoTossBadCode
 			}
-			conn.Close() // #nosec G104
+			conn.Close()
 		}(conn)
 	}
 }
diff --git a/src/cmd/nncp-reass/main.go b/src/cmd/nncp-reass/main.go
index 03bf16f6dbaa537e36d85448596fc8af6f9a8b95539900cbf2b586486da6f2c0..03a03ebc15a5cff22753df85da212dd248f6e2bed4ede450a5f9344f4d0ccce7 100644
--- a/src/cmd/nncp-reass/main.go
+++ b/src/cmd/nncp-reass/main.go
@@ -66,7 +66,7 @@ 			return logMsg(les) + ": bad meta"
 		})
 		return false
 	}
-	fd.Close() // #nosec G104
+	fd.Close()
 	if metaPkt.Magic == nncp.MagicNNCPMv1.B {
 		ctx.LogE("reass", les, nncp.MagicNNCPMv1.TooOld(), logMsg)
 		return false
@@ -163,7 +163,7 @@ 			ctx.ShowPrgrs,
 		); err != nil {
 			log.Fatalln(err)
 		}
-		fd.Close() // #nosec G104
+		fd.Close()
 		if bytes.Compare(hsh.Sum(nil), metaPkt.Checksums[chunkNum][:]) != 0 {
 			ctx.LogE(
 				"reass-chunk",
@@ -219,7 +219,7 @@ 			ctx.ShowPrgrs,
 		); err != nil {
 			log.Fatalln(err)
 		}
-		fd.Close() // #nosec G104
+		fd.Close()
 		if !keep {
 			if err = os.Remove(chunkPath); err != nil {
 				ctx.LogE(
@@ -298,7 +298,7 @@ 		ctx.LogE("reass", nncp.LEs{{K: "Path", V: dirPath}}, err, logMsg)
 		return nil
 	}
 	fis, err := dir.Readdir(0)
-	dir.Close() // #nosec G104
+	dir.Close()
 	if err != nil {
 		ctx.LogE("reass", nncp.LEs{{K: "Path", V: dirPath}}, err, logMsg)
 		return nil
diff --git a/src/cmd/nncp-xfer/main.go b/src/cmd/nncp-xfer/main.go
index 2e2487c6ea151be80ec374d3cc2a4634953896179c50cdfd0115cf0837bb868f..59b036ee65636481ec2b94324080bf4439c8195dd63ae1d573334c729bfe0d82 100644
--- a/src/cmd/nncp-xfer/main.go
+++ b/src/cmd/nncp-xfer/main.go
@@ -141,7 +141,7 @@ 		isBad = true
 		goto Tx
 	}
 	fis, err = dir.Readdir(0)
-	dir.Close() // #nosec G104
+	dir.Close()
 	if err != nil {
 		ctx.LogE("xfer-self-read", les, err, func(les nncp.LEs) string {
 			return logMsg(les) + ": reading"
@@ -185,7 +185,7 @@ 			isBad = true
 			continue
 		}
 		fisInt, err := dir.Readdir(0)
-		dir.Close() // #nosec G104
+		dir.Close()
 		if err != nil {
 			ctx.LogE("xfer-rx-read", les, err, func(les nncp.LEs) string {
 				return logMsg(les) + ": reading"
@@ -241,14 +241,14 @@ 					func(les nncp.LEs) string {
 						return logMsg(les) + ": not valid packet: " + err.Error()
 					},
 				)
-				fd.Close() // #nosec G104
+				fd.Close()
 				continue
 			}
 			if pktEnc.Nice > nice {
 				ctx.LogD("xfer-rx-too-nice", les, func(les nncp.LEs) string {
 					return logMsg(les) + ": too nice"
 				})
-				fd.Close() // #nosec G104
+				fd.Close()
 				continue
 			}
 			les = append(les, nncp.LE{K: "Size", V: fiInt.Size()})
@@ -261,7 +261,7 @@ 				)
 			}
 			if !ctx.IsEnoughSpace(fiInt.Size()) {
 				ctx.LogE("xfer-rx", les, errors.New("is not enough space"), logMsg)
-				fd.Close() // #nosec G104
+				fd.Close()
 				continue
 			}
 			if _, err = fd.Seek(0, 0); err != nil {
@@ -279,7 +279,7 @@ 					err = w.Close()
 				}
 				if err != nil {
 					ctx.LogE("xfer-rx", les, err, logMsg)
-					w.CloseWithError(err) // #nosec G104
+					w.CloseWithError(err)
 				}
 			}()
 			if _, err = nncp.CopyProgressed(
@@ -294,7 +294,7 @@ 			); err != nil {
 				ctx.LogE("xfer-rx", les, err, logMsg)
 				isBad = true
 			}
-			fd.Close() // #nosec G104
+			fd.Close()
 			if isBad {
 				tmp.Cancel()
 				continue
@@ -446,7 +446,7 @@ 			if err != nil {
 				ctx.LogE("xfer-tx-open", les, err, func(les nncp.LEs) string {
 					return logMsg(les) + ": opening"
 				})
-				tmp.Close() // #nosec G104
+				tmp.Close()
 				isBad = true
 				continue
 			}
@@ -456,17 +456,17 @@ 				bufW, bufio.NewReader(fd), "Tx",
 				append(les, nncp.LE{K: "FullSize", V: job.Size}),
 				ctx.ShowPrgrs,
 			)
-			fd.Close() // #nosec G104
+			fd.Close()
 			if err != nil {
 				ctx.LogE("xfer-tx-copy", les, err, func(les nncp.LEs) string {
 					return logMsg(les) + ": copying"
 				})
-				tmp.Close() // #nosec G104
+				tmp.Close()
 				isBad = true
 				continue
 			}
 			if err = bufW.Flush(); err != nil {
-				tmp.Close() // #nosec G104
+				tmp.Close()
 				ctx.LogE("xfer-tx-flush", les, err, func(les nncp.LEs) string {
 					return logMsg(les) + ": flushing"
 				})
@@ -474,7 +474,7 @@ 				isBad = true
 				continue
 			}
 			if err = tmp.Sync(); err != nil {
-				tmp.Close() // #nosec G104
+				tmp.Close()
 				ctx.LogE("xfer-tx-sync", les, err, func(les nncp.LEs) string {
 					return logMsg(les) + ": syncing"
 				})
@@ -500,7 +500,7 @@ 				})
 				isBad = true
 				continue
 			}
-			os.Remove(filepath.Join(dstPath, pktName+".part")) // #nosec G104
+			os.Remove(filepath.Join(dstPath, pktName+".part"))
 			les = les[:len(les)-1]
 			ctx.LogI(
 				"xfer-tx",
diff --git a/src/ctx.go b/src/ctx.go
index f85ce1a125561eaa1c406f730285e805db4bec7fd39c032b7744f2249d214d35..1777a12a865ec238667f4cbeb347b84dea020202a2391d7544501c9ac3633421 100644
--- a/src/ctx.go
+++ b/src/ctx.go
@@ -23,6 +23,8 @@ 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strconv"
+	"strings"
 
 	"syscall"
 )
@@ -134,6 +136,18 @@ 			ctx.LogPath = env
 		}
 	} else {
 		ctx.LogPath = logPath
+	}
+	if strings.HasPrefix(ctx.LogPath, LogFdPrefix) {
+		ptr, err := strconv.ParseUint(
+			strings.TrimPrefix(ctx.LogPath, LogFdPrefix), 10, 64,
+		)
+		if err != nil {
+			return nil, err
+		}
+		LogFd = os.NewFile(uintptr(ptr), CfgLogEnv)
+		if LogFd == nil {
+			return nil, errors.New("can not open:" + ctx.LogPath)
+		}
 	}
 	if showPrgrs {
 		ctx.ShowPrgrs = true
diff --git a/src/jobs.go b/src/jobs.go
index 5d7c9721c33d4e47f3c82135e1afb3785459b7dc84e9b989bcf243181d47bcef..a1197f64c8a2c7745afb9f8e00dee2e784911154ba9107232c48db4faec44eb1 100644
--- a/src/jobs.go
+++ b/src/jobs.go
@@ -99,7 +99,7 @@ 		if err != nil {
 			return
 		}
 		fis, err := dir.Readdir(0)
-		dir.Close() // #nosec G104
+		dir.Close()
 		if err != nil {
 			return
 		}
diff --git a/src/lockdir.go b/src/lockdir.go
index d81c975d4c33035fd5615c88e7a85fb43c93e96be01df8e2d423fde5b7c8b585..5c2c5f8c928bf97817101e3ae07eb291782d4681841cbf075cfad8456c6a27de 100644
--- a/src/lockdir.go
+++ b/src/lockdir.go
@@ -45,7 +45,7 @@ 	if err != nil {
 		ctx.LogE("lockdir-flock", LEs{{"Path", lockPath}}, err, func(les LEs) string {
 			return "Locking directory: locking " + lockPath
 		})
-		dirLock.Close() // #nosec G104
+		dirLock.Close()
 		return nil, err
 	}
 	return dirLock, nil
@@ -53,7 +53,7 @@ }
 
 func (ctx *Ctx) UnlockDir(fd *os.File) {
 	if fd != nil {
-		unix.Flock(int(fd.Fd()), unix.LOCK_UN) // #nosec G104
-		fd.Close()                             // #nosec G104
+		unix.Flock(int(fd.Fd()), unix.LOCK_UN)
+		fd.Close()
 	}
 }
diff --git a/src/log.go b/src/log.go
index 7048291d750d61c980c56cc05912c4c11a1bc2f64a313c64bcef0f57f5945509..72452bf5c40ea9d8069cb1d3ff6e6e6f8331ae8bea6305b02ca2555b3234612f 100644
--- a/src/log.go
+++ b/src/log.go
@@ -27,6 +27,10 @@ 	"go.cypherpunks.ru/recfile"
 	"golang.org/x/sys/unix"
 )
 
+const LogFdPrefix = "FD:"
+
+var LogFd *os.File
+
 type LE struct {
 	K string
 	V interface{}
@@ -64,6 +68,10 @@ 	return b.String()
 }
 
 func (ctx *Ctx) Log(rec string) {
+	if LogFd != nil {
+		LogFd.WriteString(rec)
+		return
+	}
 	fdLock, err := os.OpenFile(
 		ctx.LogPath+".lock",
 		os.O_CREATE|os.O_WRONLY,
@@ -90,8 +98,8 @@ 	if err != nil {
 		fmt.Fprintln(os.Stderr, "Can not open log:", err)
 		return
 	}
-	fd.WriteString(rec) // #nosec G104
-	fd.Close()          // #nosec G104
+	fd.WriteString(rec)
+	fd.Close()
 }
 
 func (ctx *Ctx) LogD(who string, les LEs, msg func(LEs) string) {
diff --git a/src/nncp.go b/src/nncp.go
index b0b272bcdb9fac5b9720e34379d396cdba2cef89b89b55254864ee164e0827f8..f3cf518c8636dd77c4a1d80c745715cb9af61249b3e15b178c750e1c73eeee25 100644
--- a/src/nncp.go
+++ b/src/nncp.go
@@ -40,7 +40,7 @@
 const Base32Encoded32Len = 52
 
 var (
-	Version string = "7.5.1"
+	Version string = "7.6.0"
 
 	Base32Codec *base32.Encoding = base32.StdEncoding.WithPadding(base32.NoPadding)
 )
diff --git a/src/pipe.go b/src/pipe.go
index 27c2cf16f0f51ce044b9b1b2f1643f34a4b5d4cd10720b01d9cb39ab7483d285..4b898328f9cebfab5e1c17179c92cdd462144b8878f1bc6b650c3ea494e7f41b 100644
--- a/src/pipe.go
+++ b/src/pipe.go
@@ -69,7 +69,7 @@ 	err = c.r.Close()
 	err = c.w.Close()
 	go c.cmd.Wait()
 	time.AfterFunc(time.Duration(10*time.Second), func() {
-		c.cmd.Process.Kill() // #nosec G104
+		c.cmd.Process.Kill()
 	})
 	return
 }
diff --git a/src/sp.go b/src/sp.go
index e6be9747b404456260416ca43470bb292f020863ea43f9cde31420c457e12d2e..8c77031da21b9edea428094224b48774dac5dbf10251210b4e564d30b3d190ea 100644
--- a/src/sp.go
+++ b/src/sp.go
@@ -438,7 +438,7 @@ 			state.Node.Name,
 			NicenessFmt(state.Nice),
 		)
 	})
-	conn.SetWriteDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+	conn.SetWriteDeadline(time.Now().Add(DefaultDeadline))
 	if err = state.WriteSP(conn, buf, false); err != nil {
 		state.Ctx.LogE("sp-startI", les, err, func(les LEs) string {
 			return fmt.Sprintf(
@@ -457,7 +457,7 @@ 			state.Node.Name,
 			NicenessFmt(state.Nice),
 		)
 	})
-	conn.SetReadDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+	conn.SetReadDeadline(time.Now().Add(DefaultDeadline))
 	if buf, err = state.ReadSP(conn); err != nil {
 		state.Ctx.LogE("sp-startI-read", les, err, func(les LEs) string {
 			return fmt.Sprintf(
@@ -537,7 +537,7 @@ 		)
 	}
 	les := LEs{{"Nice", int(state.Nice)}}
 	state.Ctx.LogD("sp-startR", les, logMsg)
-	conn.SetReadDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+	conn.SetReadDeadline(time.Now().Add(DefaultDeadline))
 	if buf, err = state.ReadSP(conn); err != nil {
 		state.Ctx.LogE("sp-startR-read", les, err, logMsg)
 		return err
@@ -549,6 +549,9 @@ 	}
 
 	var node *Node
 	for _, n := range state.Ctx.Neigh {
+		if n.NoisePub == nil {
+			continue
+		}
 		if subtle.ConstantTimeCompare(state.hs.PeerStatic(), n.NoisePub[:]) == 1 {
 			node = n
 			break
@@ -611,7 +614,7 @@ 	if err != nil {
 		state.dirUnlock()
 		return err
 	}
-	conn.SetWriteDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+	conn.SetWriteDeadline(time.Now().Add(DefaultDeadline))
 	if err = state.WriteSP(conn, buf, false); err != nil {
 		state.Ctx.LogE("sp-startR-write", les, err, func(les LEs) string {
 			return fmt.Sprintf(
@@ -752,7 +755,7 @@ 				}
 				break
 			Deadlined:
 				state.SetDead()
-				conn.Close() // #nosec G104
+				conn.Close()
 			case now := <-pingTicker.C:
 				if now.After(state.TxLastSeen.Add(PingTimeout)) {
 					state.wg.Add(1)
@@ -986,7 +989,7 @@ 					humanize.IBytes(uint64(len(payload))),
 				)
 			}
 			state.Ctx.LogD("sp-sending", append(les, LE{"Size", int64(len(payload))}), logMsg)
-			conn.SetWriteDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+			conn.SetWriteDeadline(time.Now().Add(DefaultDeadline))
 			ct, err := state.csOur.Encrypt(nil, nil, payload)
 			if err != nil {
 				state.Ctx.LogE("sp-encrypting", les, err, logMsg)
@@ -1013,7 +1016,7 @@ 					state.Node.Name, NicenessFmt(state.Nice),
 				)
 			}
 			state.Ctx.LogD("sp-recv-wait", les, logMsg)
-			conn.SetReadDeadline(time.Now().Add(DefaultDeadline)) // #nosec G104
+			conn.SetReadDeadline(time.Now().Add(DefaultDeadline))
 			payload, err := state.ReadSP(conn)
 			if err != nil {
 				if err == io.EOF {
@@ -1087,7 +1090,7 @@ 		}
 		state.SetDead()
 		state.wg.Done()
 		state.SetDead()
-		conn.Close() // #nosec G104
+		conn.Close()
 	}()
 
 	return nil
diff --git a/src/tmp.go b/src/tmp.go
index 9d3e3a03435e75481bd7d57532449c8520d11487a5bd2c81a372e3651fc699da..dac13781403a1e81d61eb5ddd32533387f9d878f1a0b6c6d6e6a65305b97d232 100644
--- a/src/tmp.go
+++ b/src/tmp.go
@@ -71,9 +71,9 @@ 	}, nil
 }
 
 func (tmp *TmpFileWHash) Cancel() {
-	tmp.Fd.Truncate(0)       // #nosec G104
-	tmp.Fd.Close()           // #nosec G104
-	os.Remove(tmp.Fd.Name()) // #nosec G104
+	tmp.Fd.Truncate(0)
+	tmp.Fd.Close()
+	os.Remove(tmp.Fd.Name())
 }
 
 func DirSync(dirPath string) error {
@@ -83,7 +83,7 @@ 		return err
 	}
 	err = fd.Sync()
 	if err != nil {
-		fd.Close() // #nosec G104
+		fd.Close()
 		return err
 	}
 	return fd.Close()
@@ -99,11 +99,11 @@ 	if err = os.MkdirAll(dir, os.FileMode(0777)); err != nil {
 		return err
 	}
 	if err = tmp.W.Flush(); err != nil {
-		tmp.Fd.Close() // #nosec G104
+		tmp.Fd.Close()
 		return err
 	}
 	if err = tmp.Fd.Sync(); err != nil {
-		tmp.Fd.Close() // #nosec G104
+		tmp.Fd.Close()
 		return err
 	}
 	if err = tmp.Fd.Close(); err != nil {
diff --git a/src/toss.go b/src/toss.go
index d17c5461fd87c0df935db4dd126229df3a3575331495bd3715ab6398e1954748..bbc14cd2193b9f4eeccef0e98bd456bb3036d73f0b02cadab93affa8d4704298 100644
--- a/src/toss.go
+++ b/src/toss.go
@@ -309,7 +309,7 @@ 				})
 				return err
 			}
 			if err = bufW.Flush(); err != nil {
-				tmp.Close() // #nosec G104
+				tmp.Close()
 				ctx.LogE("rx-flush", les, err, func(les LEs) string {
 					return fmt.Sprintf(
 						"Tossing file %s/%s (%s): %s: flushing",
@@ -320,7 +320,7 @@ 				})
 				return err
 			}
 			if err = tmp.Sync(); err != nil {
-				tmp.Close() // #nosec G104
+				tmp.Close()
 				ctx.LogE("rx-sync", les, err, func(les LEs) string {
 					return fmt.Sprintf(
 						"Tossing file %s/%s (%s): %s: syncing",
diff --git a/src/tx.go b/src/tx.go
index 1b51ac3b505785ce4499da7d9b87c2352cb2d8e688b1aa0ec26fa1a7e39ae5cf..ebad936a60f9f21cc0d1fb8a9b506ed71b57bbc1a937dfee0074c9aa4ec80075 100644
--- a/src/tx.go
+++ b/src/tx.go
@@ -60,7 +60,7 @@ 	var area *Area
 	if areaId != nil {
 		area = ctx.AreaId2Area[*areaId]
 		if area.Prv == nil {
-			return nil, errors.New("unknown area id")
+			return nil, errors.New("area has no encryption keys")
 		}
 	}
 	hops := make([]*Node, 0, 1+len(node.Via))
@@ -116,7 +116,7 @@ 				ctx.Self, hops[0], pkt, nice, size, padSize, src, dst,
 			)
 			pktEncRaws <- pktEncRaw
 			errs <- err
-			dst.Close() // #nosec G104
+			dst.Close()
 		}(curSize, src, pipeW)
 		curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
 		curSize += padSize
@@ -142,7 +142,7 @@ 				ctx.Self, &areaNode, pkt, nice, size, padSize, src, dst,
 			)
 			pktEncRaws <- pktEncRaw
 			errs <- err
-			dst.Close() // #nosec G104
+			dst.Close()
 		}(curSize, padSize, src, pipeW)
 		curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
 		curSize += padSize
@@ -170,7 +170,7 @@ 				ctx.Self, hops[0], pktArea, nice, size, 0, src, dst,
 			)
 			pktEncRaws <- pktEncRaw
 			errs <- err
-			dst.Close() // #nosec G104
+			dst.Close()
 		}(curSize, pipeRPrev, pipeW)
 		curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
 	}
@@ -197,7 +197,7 @@ 			})
 			pktEncRaw, err := PktEncWrite(ctx.Self, node, pkt, nice, size, 0, src, dst)
 			pktEncRaws <- pktEncRaw
 			errs <- err
-			dst.Close() // #nosec G104
+			dst.Close()
 		}(hops[i], pktTrns, curSize, pipeRPrev, pipeW)
 		curSize = PktEncOverhead + PktSizeOverhead + sizeWithTags(PktOverhead+curSize)
 	}
@@ -220,13 +220,13 @@ 	}
 	for i := 0; i <= wrappers; i++ {
 		err = <-errs
 		if err != nil {
-			tmp.Fd.Close() // #nosec G104
+			tmp.Fd.Close()
 			return nil, err
 		}
 	}
 	nodePath := filepath.Join(ctx.Spool, lastNode.Id.String())
 	err = tmp.Commit(filepath.Join(nodePath, string(TTx)))
-	os.Symlink(nodePath, filepath.Join(ctx.Spool, lastNode.Name)) // #nosec G104
+	os.Symlink(nodePath, filepath.Join(ctx.Spool, lastNode.Name))
 	if err != nil {
 		return lastNode, err
 	}
@@ -288,7 +288,7 @@ 	if err != nil {
 		rerr = err
 		return
 	}
-	os.Remove(src.Name()) // #nosec G104
+	os.Remove(src.Name())
 	tmpW := bufio.NewWriter(src)
 	tmpKey := make([]byte, chacha20poly1305.KeySize)
 	if _, rerr = rand.Read(tmpKey[:]); rerr != nil {
@@ -320,7 +320,7 @@ 		for i := 0; i < aead.NonceSize(); i++ {
 			nonce[i] = 0
 		}
 		if _, err := aeadProcess(aead, nonce, nil, false, bufio.NewReader(src), w); err != nil {
-			w.CloseWithError(err) // #nosec G104
+			w.CloseWithError(err)
 		}
 	}()
 	reader = r
@@ -439,14 +439,14 @@ 				return w.CloseWithError(err)
 			}
 			fd, err := os.Open(e.path)
 			if err != nil {
-				fd.Close() // #nosec G104
+				fd.Close()
 				return w.CloseWithError(err)
 			}
 			if _, err = io.Copy(tarWr, bufio.NewReader(fd)); err != nil {
-				fd.Close() // #nosec G104
+				fd.Close()
 				return w.CloseWithError(err)
 			}
-			fd.Close() // #nosec G104
+			fd.Close()
 		}
 		if err = tarWr.Close(); err != nil {
 			return w.CloseWithError(err)
@@ -706,7 +706,7 @@ 		if err != nil {
 			return err
 		}
 		if _, err = io.Copy(compressor, in); err != nil {
-			compressor.Close() // #nosec G104
+			compressor.Close()
 			return err
 		}
 		if err = compressor.Close(); err != nil {
@@ -733,7 +733,7 @@ 		copyErr := make(chan error)
 		go func() {
 			_, err := io.Copy(compressor, in)
 			if err != nil {
-				compressor.Close() // #nosec G104
+				compressor.Close()
 				copyErr <- err
 			}
 			err = compressor.Close()
@@ -828,6 +828,6 @@ 		ctx.LogI("tx", les, logMsg)
 	} else {
 		ctx.LogI("tx", append(les, LE{"Err", err}), logMsg)
 	}
-	os.Symlink(nodePath, filepath.Join(ctx.Spool, node.Name)) // #nosec G104
+	os.Symlink(nodePath, filepath.Join(ctx.Spool, node.Name))
 	return err
 }