diff --git a/cli.c b/cli.c
index 441ff521..b2914ad0 100644
--- a/cli.c
+++ b/cli.c
@@ -195,7 +195,7 @@ int cli_parse(const int argc, const char *const *args, const struct cli_schema *
 	  // Look for a match.
 	  const char *prefix = NULL;
 	  unsigned prefixlen = 0;
-	  char prefixarglen = 0;
+	  unsigned prefixarglen = 0;
 	  const char *caret = strchr(word, '<');
 	  if (wordlen > 2 && caret && word[wordlen-1] == '>') {
 	    if ((prefixarglen = prefixlen = caret - word)) {
@@ -297,7 +297,7 @@ int cli_invoke(const struct cli_parsed *parsed, struct cli_context *context)
 
 int _cli_arg(struct __sourceloc __whence, const struct cli_parsed *parsed, char *label, const char **dst, int (*validator)(const char *arg), char *defaultvalue)
 {
-  int labellen = strlen(label);
+  unsigned labellen = strlen(label);
   if (dst)
     *dst = defaultvalue;
   unsigned i;
diff --git a/commandline.c b/commandline.c
index b79bdc73..051ecfb4 100644
--- a/commandline.c
+++ b/commandline.c
@@ -1820,7 +1820,7 @@ int app_rhizome_extract(const struct cli_parsed *parsed, struct cli_context *con
       retfile = rhizome_extract_file(m, filepath);
     }else{
       // Save the file without attempting to decrypt
-      int64_t length;
+      uint64_t length;
       retfile = rhizome_dump_file(&m->filehash, filepath, &length);
     }
   }
@@ -1870,7 +1870,7 @@ int app_rhizome_export_file(const struct cli_parsed *parsed, struct cli_context
     return -1;
   if (!rhizome_exists(&hash))
     return 1;
-  int64_t length;
+  uint64_t length;
   int ret = rhizome_dump_file(&hash, filepath, &length);
   if (ret)
     return ret == -1 ? -1 : 1;
@@ -2278,22 +2278,21 @@ static int handle_pins(const struct cli_parsed *parsed, struct cli_context *UNUS
   }else{
     request->action=ACTION_UNLOCK;
   }
-  int len = sizeof(struct mdp_identity_request);
-  
-  if (pin && *pin){
+  size_t len = sizeof(struct mdp_identity_request);
+  if (pin && *pin) {
     request->type=TYPE_PIN;
-    int pin_len = strlen(pin)+1;
-    if (pin_len+len > sizeof(request_payload))
+    size_t pin_siz = strlen(pin) + 1;
+    if (pin_siz + len > sizeof(request_payload))
       return WHY("Supplied pin is too long");
-    bcopy(pin, &request_payload[len], pin_len);
-    len+=pin_len;
+    bcopy(pin, &request_payload[len], pin_siz);
+    len += pin_siz;
   }else if(sid_hex && *sid_hex){
     request->type=TYPE_SID;
     sid_t sid;
     if (str_to_sid_t(&sid, sid_hex) == -1)
       return WHY("str_to_sid_t() failed");
     bcopy(sid.binary, &request_payload[len], sizeof(sid));
-    len+=sizeof(sid);
+    len += sizeof(sid);
   }
   
   if (!mdp_send(mdp_sock, &header, request_payload, len)){
diff --git a/crypto.c b/crypto.c
index e2e9fe7b..ff18eba9 100644
--- a/crypto.c
+++ b/crypto.c
@@ -102,10 +102,10 @@ int crypto_create_signature(unsigned char *key,
 }
 
 // sign the hash of a message, adding the signature to the end of the message buffer.
-int crypto_sign_message(struct subscriber *source, unsigned char *content, int buffer_len, int *content_len)
+int crypto_sign_message(struct subscriber *source, unsigned char *content, size_t buffer_len, size_t *content_len)
 {
   if (*content_len + SIGNATURE_BYTES > buffer_len)
-    return WHYF("Insufficient space in message buffer to add signature. %d, need %d",buffer_len, *content_len + SIGNATURE_BYTES);
+    return WHYF("Insufficient space in message buffer to add signature. %zu, need %zu",buffer_len, *content_len + SIGNATURE_BYTES);
   
   unsigned char *key=keyring_find_sas_private(keyring, &source->sid, NULL);
   if (!key)
diff --git a/crypto.h b/crypto.h
index 74190a7f..1e8953b2 100644
--- a/crypto.h
+++ b/crypto.h
@@ -30,7 +30,7 @@ int crypto_verify_message(struct subscriber *subscriber, unsigned char *message,
 int crypto_create_signature(unsigned char *key, 
 			    unsigned char *content, int content_len, 
 			    unsigned char *signature, int *sig_length);
-int crypto_sign_message(struct subscriber *source, unsigned char *content, int buffer_len, int *content_len);
+int crypto_sign_message(struct subscriber *source, unsigned char *content, size_t buffer_len, size_t *content_len);
 int crypto_sign_compute_public_key(const unsigned char *skin, unsigned char *pk);
 
 #endif
diff --git a/fec-3.0.1/init_rs.h b/fec-3.0.1/init_rs.h
index 2b2ae98c..a56752ab 100644
--- a/fec-3.0.1/init_rs.h
+++ b/fec-3.0.1/init_rs.h
@@ -10,7 +10,7 @@
 
   rs = NULL;
   /* Check parameter ranges */
-  if(symsize < 0 || symsize > 8*sizeof(data_t)){
+  if(symsize < 0 || symsize > (int)(8*sizeof(data_t))){
     goto done;
   }
 
diff --git a/lsif.c b/lsif.c
index 10065455..e549f1ab 100644
--- a/lsif.c
+++ b/lsif.c
@@ -124,7 +124,7 @@ int
 lsif(void) {
   char            buf[8192];
   struct ifconf   ifc;
-  int             sck, nInterfaces, ofs;
+  int             sck;
   struct ifreq    *ifr;
   struct in_addr  addr, netmask;
 
@@ -138,7 +138,7 @@ lsif(void) {
   }
  
   /* Query available interfaces. */
-  ifc.ifc_len = sizeof(buf);
+  ifc.ifc_len = sizeof buf;
   ifc.ifc_buf = buf;
   if(ioctl(sck, SIOCGIFCONF, &ifc) < 0) {
     WHY_perror("ioctl(SIOCGIFCONF)");
@@ -147,10 +147,9 @@ lsif(void) {
   }
 
   /* Iterate through the list of interfaces. */
-  nInterfaces = 0;
-  ofs = 0;
-  
-  while (ofs < ifc.ifc_len && ofs < sizeof(buf)) {
+  unsigned nInterfaces = 0;
+  unsigned ofs = 0;
+  while (ofs < (unsigned)ifc.ifc_len && ofs < sizeof buf) {
     ifr = (struct ifreq *)(ifc.ifc_ifcu.ifcu_buf + ofs);
     ofs += _SIZEOF_ADDR_IFREQ(*ifr);
 
@@ -183,7 +182,7 @@ lsif(void) {
     nInterfaces++;
   }
   
-  if (config.debug.overlayinterfaces) DEBUGF("Examined %d interface addresses", nInterfaces);
+  if (config.debug.overlayinterfaces) DEBUGF("Examined %u interface addresses", nInterfaces);
 
   close(sck); 
   return 0;
diff --git a/overlay_mdp_services.c b/overlay_mdp_services.c
index a10ec37f..cdc89b86 100644
--- a/overlay_mdp_services.c
+++ b/overlay_mdp_services.c
@@ -351,8 +351,8 @@ end:
 
 static int overlay_mdp_service_manifest_requests(struct overlay_frame *frame, const uint8_t *payload, size_t len)
 {
-  int offset=0;
-  while (offset<len) {
+  size_t offset = 0;
+  while (offset < len) {
     rhizome_manifest *m = rhizome_new_manifest();
     if (!m)
       return WHY("Unable to allocate manifest");
diff --git a/rhizome.h b/rhizome.h
index 71f0d18a..a82cdc9b 100644
--- a/rhizome.h
+++ b/rhizome.h
@@ -708,7 +708,7 @@ struct rhizome_read
   unsigned char key[RHIZOME_CRYPT_KEY_BYTES];
   unsigned char nonce[crypto_stream_xsalsa20_NONCEBYTES];
   
-  int64_t hash_offset;
+  uint64_t hash_offset;
   SHA512_CTX sha512_context;
   char invalid;
   
@@ -808,7 +808,7 @@ void rhizome_direct_bundle_iterator_unlimit(rhizome_direct_bundle_cursor *r);
 int rhizome_direct_bundle_iterator_pickle_range(rhizome_direct_bundle_cursor *r,
 						unsigned char *pickled,
 						int pickle_buffer_size);
-rhizome_manifest *rhizome_direct_get_manifest(unsigned char *bid_prefix,int prefix_length);
+rhizome_manifest *rhizome_direct_get_manifest(unsigned char *bid_prefix, size_t prefix_length);
 int rhizome_direct_bundle_iterator_unpickle_range(rhizome_direct_bundle_cursor *r,
 						  const unsigned char *pickled,
 						  int pickle_buffer_size);
@@ -941,7 +941,7 @@ ssize_t rhizome_read_buffered(struct rhizome_read *read, struct rhizome_read_buf
 int rhizome_read_close(struct rhizome_read *read);
 int rhizome_open_decrypt_read(rhizome_manifest *m, struct rhizome_read *read_state);
 int rhizome_extract_file(rhizome_manifest *m, const char *filepath);
-int rhizome_dump_file(const rhizome_filehash_t *hashp, const char *filepath, int64_t *length);
+int rhizome_dump_file(const rhizome_filehash_t *hashp, const char *filepath, uint64_t *lengthp);
 int rhizome_read_cached(const rhizome_bid_t *bid, uint64_t version, time_ms_t timeout, 
   uint64_t fileOffset, unsigned char *buffer, size_t length);
 int rhizome_cache_close();
diff --git a/rhizome_direct.c b/rhizome_direct.c
index 36fd0a10..e8fa9600 100644
--- a/rhizome_direct.c
+++ b/rhizome_direct.c
@@ -391,7 +391,7 @@ rhizome_direct_bundle_cursor *rhizome_direct_get_fill_response(unsigned char *bu
   return c;
 }
 
-rhizome_manifest *rhizome_direct_get_manifest(unsigned char *bid_prefix,int prefix_length)
+rhizome_manifest *rhizome_direct_get_manifest(unsigned char *bid_prefix, size_t prefix_length)
 {
   /* Give a BID prefix, e.g., from a BAR, find the matching manifest and return it.
      Of course, it is possible that more than one manifest matches.  This should
@@ -407,7 +407,6 @@ rhizome_manifest *rhizome_direct_get_manifest(unsigned char *bid_prefix,int pref
   */
   rhizome_bid_t low = RHIZOME_BID_ZERO;
   rhizome_bid_t high = RHIZOME_BID_MAX;
-  assert(prefix_length >= 0);
   assert(prefix_length <= sizeof(rhizome_bid_t));
   bcopy(bid_prefix, low.binary, prefix_length);
   bcopy(bid_prefix, high.binary, prefix_length);
diff --git a/rhizome_direct_http.c b/rhizome_direct_http.c
index e2fd9567..09e0ef77 100644
--- a/rhizome_direct_http.c
+++ b/rhizome_direct_http.c
@@ -419,12 +419,12 @@ int rhizome_direct_dispatch(rhizome_http_request *r, const char *UNUSED(remainde
 
 static int receive_http_response(int sock, char *buffer, size_t buffer_len, struct http_response_parts *parts)
 {
-  int len = 0;
-  int count;
+  size_t len = 0;
+  ssize_t count;
   do {
       if ((count = read(sock, &buffer[len], buffer_len - len)) == -1)
 	return WHYF_perror("read(%d, %p, %d)", sock, &buffer[len], (int)buffer_len - len);
-      len += count;
+      len += (size_t)count;
   } while (len < buffer_len && count != 0 && !is_http_header_complete(buffer, len, len));
   if (config.debug.rhizome_rx)
     DEBUGF("Received HTTP response %s", alloca_toprint(-1, buffer, len));
@@ -440,7 +440,7 @@ static int receive_http_response(int sock, char *buffer, size_t buffer_len, stru
     return -1;
   }
   if (config.debug.rhizome_rx)
-    DEBUGF("content_length=%"PRId64, parts->content_length);
+    DEBUGF("content_length=%"PRIu64, parts->content_length);
   return len - (parts->content_start - buffer);
 }
 
diff --git a/rhizome_store.c b/rhizome_store.c
index 78e0c0f6..a85d54cd 100644
--- a/rhizome_store.c
+++ b/rhizome_store.c
@@ -1147,7 +1147,7 @@ int rhizome_extract_file(rhizome_manifest *m, const char *filepath)
  *
  * Returns -1 on error, 0 if dumped successfully, 1 if not found.
  */
-int rhizome_dump_file(const rhizome_filehash_t *hashp, const char *filepath, int64_t *length)
+int rhizome_dump_file(const rhizome_filehash_t *hashp, const char *filepath, uint64_t *lengthp)
 {
   struct rhizome_read read_state;
   bzero(&read_state, sizeof read_state);
@@ -1156,8 +1156,8 @@ int rhizome_dump_file(const rhizome_filehash_t *hashp, const char *filepath, int
   
   if (ret == 0) {
     ret = write_file(&read_state, filepath);
-    if (length)
-      *length = read_state.length;
+    if (lengthp)
+      *lengthp = read_state.length;
   }
   rhizome_read_close(&read_state);
   return ret;
@@ -1166,7 +1166,8 @@ int rhizome_dump_file(const rhizome_filehash_t *hashp, const char *filepath, int
 // pipe data from one payload to another
 static int rhizome_pipe(struct rhizome_read *read, struct rhizome_write *write, uint64_t length)
 {
-  if (length > write->file_length - write->file_offset)
+  assert(write->file_offset <= write->file_length);
+  if (length > (uint64_t)(write->file_length - write->file_offset))
     return WHY("Unable to pipe that much data");
 
   unsigned char buffer[RHIZOME_CRYPT_PAGE_SIZE];
diff --git a/serval_packetvisualise.c b/serval_packetvisualise.c
index 1feed8b9..b732675d 100644
--- a/serval_packetvisualise.c
+++ b/serval_packetvisualise.c
@@ -291,7 +291,7 @@ int isOverlayPacket(XPRINTF xpf, const unsigned char *packet, size_t *ofs, size_
       xprintf(xpf, "%sMDP Sequence; 0x%02x\n", indent(6), packet[(*ofs)++]);
     }
     
-    int payload_len = 0;
+    uint16_t payload_len = 0;
     if (encapsulation==1){
       payload_len=packet[(*ofs)++]<<8;
       payload_len|=packet[(*ofs)++];
diff --git a/socket.c b/socket.c
index e81482d3..195ecf03 100644
--- a/socket.c
+++ b/socket.c
@@ -80,7 +80,8 @@ int _make_local_sockaddr(struct __sourceloc __whence, struct socket_address *add
  */
 int real_sockaddr(const struct socket_address *src_addr, struct socket_address *dst_addr)
 {
-  int src_path_len = src_addr->addrlen - sizeof src_addr->local.sun_family;
+  assert(src_addr->addrlen > sizeof src_addr->local.sun_family);
+  size_t src_path_len = src_addr->addrlen - sizeof src_addr->local.sun_family;
   if (	 src_addr->addrlen >= sizeof src_addr->local.sun_family + 1
       && src_addr->local.sun_family == AF_UNIX
       && src_addr->local.sun_path[0] != '\0'
diff --git a/str.c b/str.c
index b1ac6a79..c4c16d85 100644
--- a/str.c
+++ b/str.c
@@ -632,7 +632,7 @@ int parse_argv(char *cmdline, char delim, char **argv, int max_argv)
 }
 
 /* Like strstr() but doesn't depend on null termination */
-char *str_str(char *haystack, const char *needle, int haystack_len)
+char *str_str(char *haystack, const char *needle, size_t haystack_len)
 {
   size_t needle_len = strlen(needle);
   if (needle_len == 0)
diff --git a/str.h b/str.h
index 5890e7fa..b2cb34f1 100644
--- a/str.h
+++ b/str.h
@@ -378,7 +378,7 @@ int strn_str_casecmp(const char *str1, size_t len1, const char *str2);
  * @author Paul Gardner-Stephen <paul@servalproject.org>
  * @author Andrew Bettison <andrew@servalproject.com>
  */
-char *str_str(char *haystack, const char *needle, int haystack_len);
+char *str_str(char *haystack, const char *needle, size_t haystack_len);
 
 /* Parse a string as an integer in ASCII radix notation in the given 'base' (eg, base=10 means
  * decimal).