From 98827ca563b195c5b26369ee89b81d1437117ad5 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Fri, 10 Jun 2022 18:32:29 +0200
Subject: [PATCH] install_sympa.sh: support for patch that prevents user IP
 addresses from being logged.

---
 do-not-log-usr-ip.patch |  52 ++++++++++
 install_sympa.sh        | 206 ++++++++++++++++++++++++++++------------
 2 files changed, 196 insertions(+), 62 deletions(-)
 create mode 100644 do-not-log-usr-ip.patch

diff --git a/do-not-log-usr-ip.patch b/do-not-log-usr-ip.patch
new file mode 100644
index 0000000..d515898
--- /dev/null
+++ b/do-not-log-usr-ip.patch
@@ -0,0 +1,52 @@
+diff -Naur sympa/src/cgi/wwsympa.fcgi.in sympa-changed/src/cgi/wwsympa.fcgi.in
+--- sympa/src/cgi/wwsympa.fcgi.in	2022-01-24 08:05:58.000000000 +0100
++++ sympa-changed/src/cgi/wwsympa.fcgi.in	2022-06-10 18:13:06.474595910 +0200
+@@ -1842,7 +1842,7 @@
+ 
+     my %options = %{$data || {}};
+ 
+-    $options{'client'} = $param->{'remote_addr'};
++    $options{'client'} = '127.127.0.1';
+     $options{'daemon'} = 'wwsympa';
+     $options{'robot'}      ||= $robot;
+     $options{'list'}       ||= $list->{'name'} if ref $list eq 'Sympa::List';
+@@ -1870,7 +1870,7 @@
+     $options{'operation'} ||= $param->{'action'};
+     $options{'list'} ||= $list->{'name'} if ref $list eq 'Sympa::List';
+     $options{'daemon'} = 'wwsympa';
+-    $options{'client'} = $param->{'remote_addr'};
++    $options{'client'} = '127.127.0.1';
+     $options{'robot'} ||= $robot;
+ 
+     unless ($log->add_stat(%options)) {
+diff -Naur sympa/src/lib/Sympa/Log.pm sympa-changed/src/lib/Sympa/Log.pm
+--- sympa/src/lib/Sympa/Log.pm	2021-12-09 09:54:08.000000000 +0100
++++ sympa-changed/src/lib/Sympa/Log.pm	2022-06-10 18:15:53.437052215 +0200
+@@ -299,7 +299,12 @@
+     my $status       = $options{'status'};
+     my $error_type   = $options{'error_type'};
+     my $user_email   = $options{'user_email'};
+-    my $client       = $options{'client'};
++    my $client;
++    if (defined $options{'client'} && length $options{'client'} > 0) {
++       $client    =  '127.127.0.1';
++    } else {
++       $client     = $options{'client'};
++    }
+     my $daemon       = $self->{_service} || 'sympa';
+     my ($date, $usec) = Sympa::Tools::Time::gettimeofday();
+ 
+@@ -357,7 +362,12 @@
+     my $date      = time;
+     my $mail      = $options{'mail'};
+     my $daemon    = $self->{_service} || 'sympa';
+-    my $ip        = $options{'client'};
++    my $ip;
++    if (defined $options{'client'} && length $options{'client'} > 0) {
++       $ip        =  '127.127.0.1';
++    } else {
++       $ip        = $options{'client'};
++    }
+     my $robot     = $options{'robot'};
+     my $parameter = $options{'parameter'};
+     my $read      = 0;
diff --git a/install_sympa.sh b/install_sympa.sh
index 4d4c841..d0fb61e 100755
--- a/install_sympa.sh
+++ b/install_sympa.sh
@@ -256,6 +256,10 @@ DEFAULT_SYMPA_SYSTEMD_DIR="/etc/systemd/system"
 DEFAULT_VSERVER_GUEST="no"
 
 
+PATCH_FILE_NO_LOG_USER_IP="${working_dir}/do-not-log-usr-ip.patch"
+DEFAULT_APPLY_LOG_NO_USER_IP="np"
+
+
 echo
 echononl "\tInclude Configuration file.."
 if [[ ! -f $conf_file ]]; then
@@ -284,6 +288,7 @@ DEFAULT_SYMPA_WEB_URL="https://$SYMPA_DOMAIN/wws"
 [[ -n "$SYMPA_DB_USER" ]] && DEFAULT_SYMPA_DB_USER="$SYMPA_DB_USER"
 [[ -n "$VSERVER_GUEST" ]] && DEFAULT_VSERVER_GUEST="$VSERVER_GUEST"
 [[ -n "$SYMPA_DB_PASSWD" ]] && DEFAULT_SYMPA_DB_PASSWD="$SYMPA_DB_PASSWD"
+[[ -n "$APPLY_LOG_NO_USER_IP" ]] && DEFAULT_APPLY_LOG_NO_USER_IP="$APPLY_LOG_NO_USER_IP"
 
 # - 
 [[ -n "$SYMPA_SYSTEMD_DIR" ]] && DEFAULT_SYMPA_SYSTEMD_DIR="$SYMPA_SYSTEMD_DIR"
@@ -1233,6 +1238,37 @@ else
 fi
 
 
+OK=
+echo ""
+echo -e "\033[32m--\033[m"
+echo ""
+echo "Apply Patch to prevent logging user IPs "
+echo ""
+if [[ ! -f "$PATCH_FILE_NO_LOG_USER_IP" ]] ; then
+   warn Patchfile "\033[1m$PATCH_FILE_NO_LOG_USER_IP\033[m" NOT FOUND
+   APPLY_LOG_NO_USER_IP=false
+else
+
+   echononl "Apply Patch (yes/no) [$DEFAULT_APPLY_LOG_NO_USER_IP]: "
+   read OK
+   if [ "X$OK" = "X" ]; then
+      OK=$DEFAULT_APPLY_LOG_NO_USER_IP
+   fi
+   OK=`echo "$OK" | tr '[:upper:]' '[:lower:]'`
+   while [ "X$OK" != "Xyes" -a "X$OK" != "Xno" ]; do
+      echo ""
+      echononl "\twrong entry! [yes/no]: "
+      read OK
+      OK=`echo "$OK" | tr '[:upper:]' '[:lower:]'`
+   done
+   if [ "$OK" = "yes" ]; then
+      APPLY_LOG_NO_USER_IP=true
+   else
+      APPLY_LOG_NO_USER_IP=false
+   fi
+fi
+
+
 OK=
 echo ""
 echo -e "\033[32m--\033[m"
@@ -1276,102 +1312,109 @@ else
 fi
 if $UPDATE_SYMPA ; then
    echo ""
-   echo "Old (current) sympa version.....: $SYMPA_OLD_VERSION"
-   echo "   Current Installation dir.....: $CURRENT_INSTALL_DIR" 
+   echo "Old (current) sympa version.........: $SYMPA_OLD_VERSION"
+   echo "   Current Installation dir.........: $CURRENT_INSTALL_DIR" 
    if [[ -z "$CURRENT_INSTALL_SYMLINK" ]]; then
-      echo "   Current Install dir symlink..: - not in use -"
+      echo "   Current Install dir symlink......: - not in use -"
    else
-      echo "   Current Install dir symlink..: $CURRENT_INSTALL_SYMLINK"
+      echo "   Current Install dir symlink......: $CURRENT_INSTALL_SYMLINK"
    fi
-   echo "   Current Data base directory..: $CURRENT_SYMPA_LIST_DATA_BASE_PATH" 
+   echo "   Current Data base directory......: $CURRENT_SYMPA_LIST_DATA_BASE_PATH" 
    if [[ -z "$CURRENT_SYMPA_LIST_DATA_SYMLINK" ]]; then
-       echo "   Current Data dir symlink.....: - not in use -"
+       echo "   Current Data dir symlink.........: - not in use -"
    else
-       echo "   Current Data dir symlink.....: $CURRENT_SYMPA_LIST_DATA_SYMLINK"
+       echo "   Current Data dir symlink.........: $CURRENT_SYMPA_LIST_DATA_SYMLINK"
    fi
    echo ""
 fi
 echo ""
-echo -e "\033[1mSympa new version\033[m...............: \033[1m$SYMPA_VERSION\033[m"
-echo "   First (initial) Install......: $_new"
-echo "   Update ......................: $_update"
+echo -e "\033[1mSympa new version\033[m...................: \033[1m$SYMPA_VERSION\033[m"
+echo "   First (initial) Install..........: $_new"
+echo "   Update ..........................: $_update"
 echo ""
 if ! $UPDATE_SYMPA ; then
-   echo "Sympa support for multidomains..: $SYMPA_SUPPORT_MULTIDOMAINS"
+   echo "Sympa support for multidomains......: $SYMPA_SUPPORT_MULTIDOMAINS"
 fi
-echo "Sympa user......................: $SYMPA_USER (id: ${SYMPA_UID})"
-echo "Sympa group.....................: $SYMPA_GROUP (id: ${SYMPA_GID})"
+echo "Sympa user..........................: $SYMPA_USER (id: ${SYMPA_UID})"
+echo "Sympa group.........................: $SYMPA_GROUP (id: ${SYMPA_GID})"
 echo ""
-echo "Installation directory..........: $SYMPA_INSTALL_DIR"
-echo "Sympa's bin directory...........: $SYMPA_BIN_DIR"
-echo "Sympa's pid directory...........: $SYMPA_PID_DIR"
-echo "Sympa's cgi directory...........: $SYMPA_CGI_DIR"
-echo "Sympa's libexec directory.......: $SYMPA_LIBEXEC_DIR"
-echo "Sympa's static directory........: $SYMPA_STATIC_DIR"
-echo "Sympa's manpages directory......: $SYMPA_MANPATH"
-echo "Sympa's main conf directory.....: $SYMPA_MAIN_CONF_DIR"
+echo "Installation directory..............: $SYMPA_INSTALL_DIR"
+echo "Sympa's bin directory...............: $SYMPA_BIN_DIR"
+echo "Sympa's pid directory...............: $SYMPA_PID_DIR"
+echo "Sympa's cgi directory...............: $SYMPA_CGI_DIR"
+echo "Sympa's libexec directory...........: $SYMPA_LIBEXEC_DIR"
+echo "Sympa's static directory............: $SYMPA_STATIC_DIR"
+echo "Sympa's manpages directory..........: $SYMPA_MANPATH"
+echo "Sympa's main conf directory.........: $SYMPA_MAIN_CONF_DIR"
 echo ""
-echo "Sympa's Data directory..........: $SYMPA_LIST_DATA_DIR"
-echo "Sympa's Data base path..........: $SYMPA_LIST_DATA_BASE_PATH"
-echo "Sympa's Data root dirctory......: $SYMPA_LIST_DATA_ROOT_DIR"
-echo "Sympa's Data directory symlink..: $SYMPA_LIST_DATA_SYMLINK"
+echo "Sympa's Data directory..............: $SYMPA_LIST_DATA_DIR"
+echo "Sympa's Data base path..............: $SYMPA_LIST_DATA_BASE_PATH"
+echo "Sympa's Data root dirctory..........: $SYMPA_LIST_DATA_ROOT_DIR"
+echo "Sympa's Data directory symlink......: $SYMPA_LIST_DATA_SYMLINK"
 echo ""
-echo "Sympa's list archive path.......: $SYMPA_LIST_ARC_PATH"
-echo "Sympa's list archive symlink....: $SYMPA_LIST_ARC_SYMLINK"
+echo "Sympa's list archive path...........: $SYMPA_LIST_ARC_PATH"
+echo "Sympa's list archive symlink........: $SYMPA_LIST_ARC_SYMLINK"
+echo ""
+echo "Sympa's aliases file................: $SYMPA_ALIAS_FILE"
+echo ""
+if $APPLY_LOG_NO_USER_IP ; then
+   echo -e "Patch to prevent logging user IPs...: \033[33m\033[1mYes\033[m"
+else
+   echo -e "Patch to prevent logging user IPs...: \033[33m\033[1mNo\033[m"
+fi
 echo ""
-echo "Sympa's aliases file............: $SYMPA_ALIAS_FILE"
 if ! $UPDATE_SYMPA ; then
    echo ""
-   echo "(default) domain................: $SYMPA_DOMAIN"
-   echo "Listmaster......................: $SYMPA_LISTMASTER"
-   echo "URL for web interface...........: $SYMPA_WEB_URL"
-   echo "SctiptAlias Directory...........: $_wwsympa_dir"
+   echo "(default) domain....................: $SYMPA_DOMAIN"
+   echo "Listmaster..........................: $SYMPA_LISTMASTER"
+   echo "URL for web interface...............: $SYMPA_WEB_URL"
+   echo "SctiptAlias Directory...............: $_wwsympa_dir"
    echo ""
-   echo "Database management system......: $SYMPA_DB_TYPE"
-   echo "Database host...................: $SYMPA_DB_HOST"
-   echo "Database port...................: $SYMPA_DB_PORT"
-   echo "Database name...................: $SYMPA_DB_NAME"
-   echo "Database user...................: $SYMPA_DB_USER"
-   echo "Database password...............: $SYMPA_DB_PASSWD"
+   echo "Database management system..........: $SYMPA_DB_TYPE"
+   echo "Database host.......................: $SYMPA_DB_HOST"
+   echo "Database port.......................: $SYMPA_DB_PORT"
+   echo "Database name.......................: $SYMPA_DB_NAME"
+   echo "Database user.......................: $SYMPA_DB_USER"
+   echo "Database password...................: $SYMPA_DB_PASSWD"
    echo ""
 fi
-echo "Start at boot time..............: $START_AT_BOOTTIME"
+echo "Start at boot time..................: $START_AT_BOOTTIME"
 echo ""
-echo "Directory for init scripts......: $SYMPA_INIT_DIR"
+echo "Directory for init scripts..........: $SYMPA_INIT_DIR"
 echo ""
-echo "Use systemd.....................: $SYSTEMD_SUPPORTED"
+echo "Use systemd.........................: $SYSTEMD_SUPPORTED"
 if $SYSTEMD_SUPPORTED ; then
-   echo "Directory Systemd unit files....: $SYMPA_SYSTEMD_DIR"
+   echo "Directory Systemd unit files........: $SYMPA_SYSTEMD_DIR"
 fi
 echo ""
-echo "IPv4 Address....................: $IPv4"
-echo "IPv6 Address....................: $IPv6"
+echo "IPv4 Address........................: $IPv4"
+echo "IPv6 Address........................: $IPv6"
 echo ""
-echo "Apache User.....................: $HTTPD_USER"
+echo "Apache User.........................: $HTTPD_USER"
 if ! $UPDATE_SYMPA ; then
-   echo "Apache VHost directory..........: $apache_vhost_dir"
-   echo "Apache Log Directory............: $apache_log_dir"
+   echo "Apache VHost directory..............: $apache_vhost_dir"
+   echo "Apache Log Directory................: $apache_log_dir"
    echo ""
-   echo "Postfix Configuration Directory.: $POSTFIX_CONF_DIR"
+   echo "Postfix Configuration Directory.....: $POSTFIX_CONF_DIR"
 fi
 if $UPDATE_SYMPA ; then
    echo ""
    echo -e "-- \033[34m\033[1mSome determined defines of the installed Sympa System\033[m --"
    echo ""
-   echo "   Apache VHost directory..........: $apache_vhost_dir"
-   echo "   Apache Log Directory............: $apache_log_dir"
+   echo "   Apache VHost directory..............: $apache_vhost_dir"
+   echo "   Apache Log Directory................: $apache_log_dir"
    echo ""
-   echo "   (default) domain..................: $SYMPA_DOMAIN"
-   echo "   Listmaster........................: $SYMPA_LISTMASTER"
-   echo "   URL for web interface.............: $SYMPA_WEB_URL"
-   echo "   SctiptAlias Directory.............: $_wwsympa_dir"
+   echo "   (default) domain......................: $SYMPA_DOMAIN"
+   echo "   Listmaster............................: $SYMPA_LISTMASTER"
+   echo "   URL for web interface.................: $SYMPA_WEB_URL"
+   echo "   SctiptAlias Directory.................: $_wwsympa_dir"
    echo ""
-   echo "   Database management system........: $SYMPA_DB_TYPE"
-   echo "   Database host.....................: $SYMPA_DB_HOST"
-   echo "   Database port.....................: $SYMPA_DB_PORT"
-   echo "   Database name.....................: $SYMPA_DB_NAME"
-   echo "   Database user.....................: $SYMPA_DB_USER"
-   echo "   Database password.................: $SYMPA_DB_PASSWD"
+   echo "   Database management system............: $SYMPA_DB_TYPE"
+   echo "   Database host.........................: $SYMPA_DB_HOST"
+   echo "   Database port.........................: $SYMPA_DB_PORT"
+   echo "   Database name.........................: $SYMPA_DB_NAME"
+   echo "   Database user.........................: $SYMPA_DB_USER"
+   echo "   Database password.....................: $SYMPA_DB_PASSWD"
    echo ""
 fi
 echo ""
@@ -1478,6 +1521,12 @@ echo "## - Sympa's list archive symlink......: $SYMPA_LIST_ARC_SYMLINK" >> $_log
 echo "## -" >> $_log_file
 echo "## - Sympa's aliases file..............: $SYMPA_ALIAS_FILE" >> $_log_file
 echo "## -" >> $_log_file
+if $APPLY_LOG_NO_USER_IP ; then
+   echo "## - Patch to prevent logging user IPs.: Yes" >> $_log_file
+else
+   echo "## - Patch to prevent logging user IPs..: No" >> $_log_file
+fi
+echo "## -" >> $_log_file
 if ! $UPDATE_SYMPA ; then
    echo "## -" >> $_log_file
    echo "## - (default) domain..................: $SYMPA_DOMAIN" >> $_log_file
@@ -1574,6 +1623,8 @@ echo "SYMPA_LIST_ARC_SYMLINK=$SYMPA_LIST_ARC_SYMLINK" >> $_log_file
 echo "" >> $_log_file
 echo "SYMPA_ALIAS_FILE=$SYMPA_ALIAS_FILE" >> $_log_file
 echo "" >> $_log_file
+echo "APPLY_LOG_NO_USER_IP=$APPLY_LOG_NO_USER_IP" >> $_log_file
+echo "" >> $_log_file
 echo "SYMPA_DOMAIN=$SYMPA_DOMAIN" >> $_log_file
 echo "SYMPA_LISTMASTER=$SYMPA_LISTMASTER" >> $_log_file
 echo "SYMPA_WEB_URL=$SYMPA_WEB_URL" >> $_log_file
@@ -2333,8 +2384,8 @@ else
       echononl "\tBackup current data base directory ($CURRENT_SYMPA_LIST_DATA_BASE_PATH).."
       echo "## - Backup current data base directory ($CURRENT_SYMPA_LIST_DATA_BASE_PATH).." >> $_log_file
       echo "## -" >> $_log_file
-      echo "cp -a \"${CURRENT_SYMPA_LIST_DATA_BASE_PATH}\"  \"${CURRENT_SYMPA_LIST_DATA_BASE_PATH}.$backup_date\"" >> $_log_file
-      cp -a "${CURRENT_SYMPA_LIST_DATA_BASE_PATH}"  "${CURRENT_SYMPA_LIST_DATA_BASE_PATH}.$backup_date" >> $_log_file 2>&1
+      echo "cp -al \"${CURRENT_SYMPA_LIST_DATA_BASE_PATH}\"  \"${CURRENT_SYMPA_LIST_DATA_BASE_PATH}.$backup_date\"" >> $_log_file
+      cp -al "${CURRENT_SYMPA_LIST_DATA_BASE_PATH}"  "${CURRENT_SYMPA_LIST_DATA_BASE_PATH}.$backup_date" >> $_log_file 2>&1
       if [ "$?" = "0" ]; then
          echo_ok
       else
@@ -2616,6 +2667,37 @@ else
                     See '${_log_file}' for further informations."
 fi
 
+## - Patch to prevent logging user IPs
+## -
+echononl "\tApply Patch to prevent from logging user IPs .."
+if $APPLY_LOG_NO_USER_IP ; then
+   echo "" >> $_log_file
+   echo "## - Apply Patch to prevent from logging user IPs .." >> $_log_file
+   echo "## -" >> $_log_file
+   echo "patch -d $_builddir -p1 < $PATCH_FILE_NO_LOG_USER_IP" >> $_log_file
+   patch -d $_builddir -p1 < $PATCH_FILE_NO_LOG_USER_IP >> $_log_file 2>&1
+   if [ "$?" = "0" ]; then
+      echo_ok
+   else
+      echo_failed
+      error "Cannot apply patchfile '$PATCH_FILE_NO_LOG_USER_IP'..\n
+                    See '${_log_file}' for further informations."
+
+		echo ""
+      echononl "continue anyway [yes/no]: "
+		read OK
+		OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
+		while [[ "$OK" != "yes" ]] && [[  "$OK" != "no" ]] ; do
+			echononl "Wrong entry! - repeat [yes/no]: "
+			read OK
+		done
+		echo ""
+
+   fi
+else
+   echo_skipped
+fi
+
 
 ## - Configure sympa
 ## -