Make it possible to use an existing konnect instance (#195)

* make konnect url configurable
* switch to fork of dockerize as it allows to skip ssl verification
since the address of the oidc issuer is now dynamic it could point to an invalid ssl certificate (the self signed cert is by default "valid" for *)
* update hadolint
* add more scopes
* only skip ssl verification when running insecure

.travis.yml

@@ -7,7 +7,7 @@ node_js:
 
 env:
   global:
-    - HADOLINT_VERSION=1.16.3
+    - HADOLINT_VERSION=1.17.1
     - DOCKER_COMPOSE_VERSION=1.23.2
     - TRIVY_VERSION=0.1.1
     - secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA=

base/Dockerfile

@@ -47,8 +47,8 @@ RUN apt-get update && \
         curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
     fi
 
-ENV DOCKERIZE_VERSION v0.6.1
-RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin
+ENV DOCKERIZE_VERSION v0.11.0
+RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /usr/local/bin/dockerize
 
 RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
     sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \

core/start-service.sh

@@ -88,10 +88,18 @@ grapi)
 	exec kopano-grapi serve
 	;;
 kapid)
-	dockerize \
+	if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
+		dockerize \
+		-skip-tls-verify \
 		-wait file://var/run/kopano/grapi/notify.sock \
-		-wait http://kopano_konnect:8777/.well-known/openid-configuration \
+		-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
 		-timeout 360s
+	else
+		dockerize \
+		-wait file://var/run/kopano/grapi/notify.sock \
+		-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
+		-timeout 360s
+	fi
 	LC_CTYPE=en_US.UTF-8
 	sed -i s/\ *=\ */=/g /etc/kopano/kapid.cfg
 	# shellcheck disable=SC2046

docker-compose.yml

@@ -486,8 +486,8 @@ services:
     restart: unless-stopped
     environment:
       - SERVICE_TO_START=meet
-      - KCCONF_MEET_guests_enabled=true
       - KCCONF_MEET_disableFullGAB=false
+      - KCCONF_MEET_guests_enabled=true
     env_file:
       - kopano_meet.env
     depends_on:

konnect/konnectd-identifier-scopes.yaml

@@ -3,6 +3,9 @@
 
 ---
 scopes:
+  kopano/gc:
+    description: "Kopano"
+
   kopano/kwm:
     description: "Access Kopano Meet"
 
@@ -11,4 +14,3 @@ scopes:
 
   kopano/pubs:
     description: "Access Kopano Pub/Sub"
-

konnect/wrapper.sh

@@ -2,6 +2,7 @@
 
 set -e
 
+# TODO since this file is only used here, also generate it here.
 dockerize \
 	-wait file:///kopano/ssl/meet-kwmserver.pem \
 	-timeout 360s
@@ -29,8 +30,8 @@ fi
 dockerize \
 	-wait file:///kopano/ssl/konnectd-tokens-signing-key.pem \
 	-wait file:///kopano/ssl/konnectd-encryption.key \
-	-timeout 360s \
-	konnectd serve \
+	-timeout 360s
+konnectd serve \
 	--signing-private-key=/kopano/ssl/konnectd-tokens-signing-key.pem \
 	--encryption-secret=/kopano/ssl/konnectd-encryption.key \
 	--iss=https://"$FQDN" \

kwmserver/Dockerfile

@@ -17,10 +17,10 @@ LABEL maintainer=az@zok.xyz \
 
 USER root
 
-ENV DOCKERIZE_VERSION v0.6.1
-RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+
+ENV DOCKERIZE_VERSION v0.11.0
+RUN wget -O - https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /bin/dockerize
 
 COPY wrapper.sh /usr/local/bin
 

kwmserver/wrapper.sh

@@ -65,14 +65,17 @@ if [ -n "$public_guest_access_regexp" ]; then
 	set -- "$@" --public-guest-access-regexp="$public_guest_access_regexp"
 fi
 
-# shellcheck disable=SC2034
-export registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
+if [ "$INSECURE" = "yes" ]; then
+	dockerize \
+	-skip-tls-verify \
+	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+	-timeout 360s
+else
+	dockerize \
+	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+	-timeout 360s
+fi
 
-# originally I wanted to wait for $registration_conf, but I needed to precreate the file
-# so the konnect container (since the startup is running as nobody) can write to it.
-exec dockerize \
-	-wait http://kopano_konnect:8777/.well-known/openid-configuration \
-	-timeout 360s \
-	/usr/local/bin/docker-entrypoint.sh serve \
+exec /usr/local/bin/docker-entrypoint.sh serve \
 	--registration-conf /kopano/ssl/konnectd-identifier-registration.yaml \
 	"$@"

meet/README.md

@@ -1,4 +1,4 @@
-# Kopano Kwmserver image
+# Kopano Meet image
 
 [![](https://images.microbadger.com/badges/image/zokradonh/kopano_meet.svg)](https://microbadger.com/images/zokradonh/kopano_meet "Microbadger size/labels") [![](https://images.microbadger.com/badges/version/zokradonh/kopano_meet.svg)](https://microbadger.com/images/zokradonh/kopano_meet "Microbadger version")
 
@@ -21,4 +21,4 @@ General prefix   |
              Name of the configuration option in the configuration file
                  |
                  Value of the configuration option
-```
+```

utils/Dockerfile

@@ -11,7 +11,7 @@ LABEL maintainer=az@zok.xyz \
     org.label-schema.schema-version="1.0"
 
 RUN apt-get update && apt-get install --no-install-recommends -y \
-    vim nano man \
+    vim nano man less \
     kopano-backup \
     kopano-migration-imap \
     kopano-migration-pst \