Commit Briefs
Add CHANGELOG.md for 0.1.0 (tags/v0.1.0)
Update README, bump tesseras-dht to 0.1.1, add project docs
- Rewrite README with features, usage, and links - Bump tesseras-dht dependency from 0.1.0 to 0.1.1 - Add CODE_OF_CONDUCT.md and SECURITY.md
Limit stdin read in tp, bound protocol drain, document Arc leak
- tp: limit stdin to 64 KiB + 1 byte to reject oversized pastes early without unbounded memory allocation - daemon: bound the oversized-line drain to MAX_LINE_SIZE so a client without newlines cannot block beyond the read timeout - tpd: document intentional Arc::into_raw leak in signal handler
Harden identity key permissions, atomic writes, and HTTP method
- Write identity.key with mode 0600 to prevent other users from reading the Ed25519 private seed - Use destination filename in atomic_write temp path to avoid collisions between concurrent writes to different files - Reject HTTP methods other than GET/HEAD with 405 - Return "Hello Tesseras World" on GET /
Add missing pledge promises (drm, prot_exec) and source reference
Add reference to pledgereq[] in /usr/src/sys/kern/kern_pledge.c and include drm and prot_exec that were missing from the list.
Log socket setup errors in Unix client handler
Warn when set_nonblocking or set_read_timeout fails instead of silently disconnecting the client.
Handle HTTP connections in separate threads with cap of 8
A slow connection or DHT lookup (up to 30s) no longer blocks the entire HTTP accept loop. Connections beyond the limit get a 503 response.
Exit early if data directory cannot be created
Report the actual error instead of silently ignoring it and failing later with a confusing message in PasteStore::open.
Fix critical data integrity and security issues
- Atomic writes in store (write-to-temp + rename) to prevent corruption on crash - Validate DHT results against requested content hash to reject forged data from malicious nodes - Limit protocol line size to 128 KiB on Unix socket to prevent memory exhaustion - Use saturating_add for TTL expiry to prevent u64 overflow
Add pledge(2) and unveil(2) sandboxing for tp and tpd
tpd: unveil data dir (rwc), resolv.conf (r) when DNS needed, then pledge stdio rpath wpath cpath fattr inet unix dns. tp: unveil socket path (rw), then pledge stdio unix rpath.
Add DNS SRV bootstrap discovery for automatic peer finding
tpd now queries _tesseras._udp.tesseras.net SRV records to discover bootstrap peers when no -b flag is given. Add -n flag to disable this automatic discovery for seed/isolated nodes.
Initial commit: tesseras-paste decentralized pastebin
DHT-backed encrypted pastebin with two binaries (tp/tpd), XChaCha20-Poly1305 encryption, content-addressed storage, and Unix socket + HTTP interfaces.