steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go-version }}
          check-latest: true
      - name: Start root lockdown tests
        run: |

if [ $? -ne 0 ]; then
	echo "listing failed, 'minioadmin' should be enabled"
	exit 1
fi

killall -9 minio

rm -rf /tmp/multisitea/
rm -rf /tmp/multisiteb/

echo "Setup site-replication and then disable root credentials"

minio server --address 127.0.0.1:9001 "http://127.0.0.1:9001/tmp/multisitea/data/disterasure/xl{1...4}" \
	"http://127.0.0.1:9002/tmp/multisitea/data/disterasure/xl{5...8}" >/tmp/sitea_1.log 2>&1 &

Shinsuke Sugaya <******@****.***> 1729904872 +0900

Harshavardhana <******@****.***> 1620513629 -0700

Harshavardhana <******@****.***> 1620513629 -0700

	# /tmp/xxx/mnt/disk4 will be the same as '/' and it
	# will be detected as root disk
	while [ "$u" != "0" ]; do
		sudo umount ${WORK_DIR}/mnt/disk4/
		u=$?
		sleep 1
	done

	# Wait until MinIO self heal kicks in
	sleep 60

	if [ -f ${WORK_DIR}/mnt/disk4/.minio.sys/format.json ]; then
		echo "A root disk is formatted unexpectedely"
		cat "${WORK_DIR}/server4.log"
		exit -1
	fi
}

- Reduced server startup time. For IAM encryption with the root credentials, MinIO had
   to use a memory-hard function (Argon2) that (on purpose) consumes a lot of memory and CPU.
   The new KMS-based approach can use a key derivation function that is orders of magnitudes
   cheaper w.r.t. memory and CPU.
- Root credentials can now be changed easily. Before, a two-step process was required to

import okhttp3.tls.decodeCertificatePem
import org.junit.jupiter.api.Tag
import org.junit.jupiter.api.Test

/**
 * Test for new Let's Encrypt Root Certificate.
 */
@Tag("Remote")
class LetsEncryptClientTest {
  @Test fun get() {
    // These tests wont actually run before Android 8.0 as per
    // https://github.com/mannodermaus/android-junit5

        Optional<BinaryNode> root = Optional.absent();
        for (int i = 0; i < size; i++) {
          root = Optional.of(new BinaryNode(rng.nextInt(), root, Optional.<BinaryNode>absent()));
        }
        return root;
      }
    },
    ALL_RIGHT {
      @Override
      Optional<BinaryNode> createTree(int size, Random rng) {
        Optional<BinaryNode> root = Optional.absent();

  "$JAVACMD" -version >&2
  echo "Please upgrade your Java installation or set JAVA_HOME to point to a compatible JDK." >&2
  exit 1
fi

# traverses directory structure from process work directory to filesystem root
# first directory with .mvn subdirectory is considered project base directory
find_maven_basedir() {
(
  basedir=`find_file_argument_basedir "$@"`
  wdir="$basedir"
  while :
  do