summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rw-r--r--debian/changelog3
-rw-r--r--debian/sear.c.service4
3 files changed, 7 insertions, 2 deletions
diff --git a/README.md b/README.md
index 62b5863..3b993c1 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,8 @@ make
* program writes all logs to standard error (and to `/logs.html` if compiled with `SC_LOGMEM`)
* setting the h parameter will rewrite links to HTTP from HTTPS
* setting the l parameter with a number will limit number of displayed links to that number.
+* upstream engines sometimes respond with a CAPTCHA after repediated requests. set the environment variable `SC_FALLBACK` to a URL prefix (`http://fallback.example:7327/search?`) to HTTP redirect clients in case of such upstream errors.
+* shipped systemd unit loads environment variables from `/etc/sear.c` if it exists as `VAR=VAL`.
## prebuilt binaries
diff --git a/debian/changelog b/debian/changelog
index dd2f4f0..6251242 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,9 @@ sear.c (0.0.20-1) stable; urgency=low
* Added fallback option to another server via HTTP redirect in case of
CAPTCHA.
+ * Enchanced systemd unit security by whitelisting /lib, /etc and /usr/bin.
- -- Anton Luka Šijanec <anton@sijanec.eu> Tue, 31 Jan 2022 19:00:00 +0200
+ -- Anton Luka Šijanec <anton@sijanec.eu> Tue, 31 Jan 2022 20:00:00 +0200
sear.c (0.0.19-1) stable; urgency=low
diff --git a/debian/sear.c.service b/debian/sear.c.service
index 4b3271b..b3b8b2b 100644
--- a/debian/sear.c.service
+++ b/debian/sear.c.service
@@ -3,9 +3,11 @@ Description=scrapes search results of popular engines, caches them and creates a
After=network.target
[Service]
+TemporaryFileSystem=/:ro
+BindReadOnlyPaths=/lib /etc /usr/bin
+EnvironmentFile=-/etc/sear.c
Type=simple
DynamicUser=yes
-RuntimeDirectory=sear.c
ExecStart=/usr/bin/sear.c
Restart=no