/**
     * Obtain an immutable list of compile source roots for the given project and scope.
     * Paths are absolute.
     *
     * @param project the project
     * @param scope the scope, i.e. usually main or test
     * @return the list of compile source roots
     */
    @Nonnull
    List<Path> getCompileSourceRoots(@Nonnull Project project, @Nonnull ProjectScope scope);

func NewStaticVerifierFromFile(clientCA string) (VerifyOptionFunc, error) {
	if len(clientCA) == 0 {
		return nil, nil
	}

	// Wrap with an x509 verifier
	var err error
	opts := DefaultVerifyOptions()
	opts.Roots, err = cert.NewPool(clientCA)
	if err != nil {
		return nil, fmt.Errorf("error loading certs from  %s: %v", clientCA, err)
	}

	return StaticVerifierFn(opts), nil
}

}

func TestMakeCertTree(t *testing.T) {
	rootCert := &KubeadmCert{
		Name: "root",
	}
	leaf0 := &KubeadmCert{
		Name:   "leaf0",
		CAName: "root",
	}
	leaf1 := &KubeadmCert{
		Name:   "leaf1",
		CAName: "root",
	}
	selfSigned := &KubeadmCert{
		Name: "self-signed",
	}

	certMap := CertificateMap{
		"root":        rootCert,
		"leaf0":       leaf0,
		"leaf1":       leaf1,

        }

        private class HeaderFileCollection implements MinimalFileSet, Buildable {
            @Override
            public String getDisplayName() {
                return "Include roots of " + sourceSet.getName();
            }

            @Override
            public Set<File> getFiles() {
                return sourceSet.getExportedHeaders().getSrcDirs();
            }

     * tries to step beyond the file system root, the root is returned.
     */
    public static File normalize(File src) {
        String path = src.getAbsolutePath();
        String normalizedPath = FilenameUtils.normalizeNoEndSeparator(path);
        if (normalizedPath != null) {
            return new File(normalizedPath);
        }
        File root = src;
        File parent = root.getParentFile();

starting with its own and including everything up-to but not including the root. We don't need to
include root certificates because the client already has them.

```java
HandshakeCertificates serverHandshakeCertificates = new HandshakeCertificates.Builder()
    .heldCertificate(serverCertificate, intermediateCertificate.certificate())
    .build();
```

The client only needs to know the trusted root certificate. It checks the server's certificate by

# Regression test for https://golang.org/issue/47979:
#
# An argument to 'go get' that results in an upgrade to a different existing
# root should be allowed, and should not panic the 'go' command.

cp go.mod go.mod.orig


# Transitive upgrades from upgraded roots should not prevent
# 'go get -u' from performing upgrades.

cp go.mod.orig go.mod
go get -u .
cmp go.mod go.mod.want

 *    certificates to establish trust from a root certificate to the server's certificate. The root
 *    certificate is not included in this chain.
 *  * The client's handshake certificates must include a set of trusted root certificates. They will
 *    be used to authenticate the server's certificate chain. Typically this is a set of well-known
 *    root certificates that is distributed with the HTTP client or its platform. It may be

	}

	// Will use TLS unless the reserved 15010 port is used ( istiod on an ipsec/secure VPC)
	// rootCert may be nil - in which case the system roots are used, and the CA is expected to have public key
	// Otherwise assume the injection has mounted /etc/certs/root-cert.pem
	return citadel.NewCitadelClient(opts, tlsOpts)
}

func init() {
	providers["Citadel"] = createCitadel
}

    }

    def "does not delete the root directory"() {
        def file1 = tmpDir.file('foo/bar/file1').createFile()

        expect:
        StaleOutputCleaner.cleanOutputs(deleter, files(file1), tmpDir.testDirectory)
        !tmpDir.file('foo').exists()
        tmpDir.testDirectory.exists()
    }

    def "does not delete files that are not under one of the given roots"() {
        def destDir = tmpDir.file('dir')