From e6fc35de3722765ad3e62d9c42b5e78085d7d807 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 31 Jan 2022 20:01:51 +0100 Subject: v tretje gre rado --- README.md | 2 ++ debian/changelog | 3 ++- debian/sear.c.service | 4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 62b5863..3b993c1 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,8 @@ make * program writes all logs to standard error (and to `/logs.html` if compiled with `SC_LOGMEM`) * setting the h parameter will rewrite links to HTTP from HTTPS * setting the l parameter with a number will limit number of displayed links to that number. +* upstream engines sometimes respond with a CAPTCHA after repediated requests. set the environment variable `SC_FALLBACK` to a URL prefix (`http://fallback.example:7327/search?`) to HTTP redirect clients in case of such upstream errors. +* shipped systemd unit loads environment variables from `/etc/sear.c` if it exists as `VAR=VAL`. ## prebuilt binaries diff --git a/debian/changelog b/debian/changelog index dd2f4f0..6251242 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,8 +2,9 @@ sear.c (0.0.20-1) stable; urgency=low * Added fallback option to another server via HTTP redirect in case of CAPTCHA. + * Enchanced systemd unit security by whitelisting /lib, /etc and /usr/bin. - -- Anton Luka Šijanec Tue, 31 Jan 2022 19:00:00 +0200 + -- Anton Luka Šijanec Tue, 31 Jan 2022 20:00:00 +0200 sear.c (0.0.19-1) stable; urgency=low diff --git a/debian/sear.c.service b/debian/sear.c.service index 4b3271b..b3b8b2b 100644 --- a/debian/sear.c.service +++ b/debian/sear.c.service @@ -3,9 +3,11 @@ Description=scrapes search results of popular engines, caches them and creates a After=network.target [Service] +TemporaryFileSystem=/:ro +BindReadOnlyPaths=/lib /etc /usr/bin +EnvironmentFile=-/etc/sear.c Type=simple DynamicUser=yes -RuntimeDirectory=sear.c ExecStart=/usr/bin/sear.c Restart=no -- cgit v1.2.3