chmod +x kes
fi

if ! openssl version &>/dev/null; then
	apt install openssl || sudo apt install opensssl
fi

# Start KES Server
(./kes server --dev 2>&1 >kes-server.log) &
kes_pid=$!
sleep 5s
API_KEY=$(grep "API Key" <kes-server.log | awk -F" " '{print $3}')
(openssl s_client -connect 127.0.0.1:7373 2>/dev/null 1>public.crt)

export CI=true

```sh
openssl ecparam -genkey -name prime256v1 | openssl ec -out private.key
```

A response similar to this one should be displayed:

```
read EC key
writing EC key
```

Alternatively, use the following command to generate a private ECDSA key protected by a password:

```sh
openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out private.key -passout pass:PASSWORD
```

# Docker tests to be skipped on that OS. If /etc/os-release doesn't exist
# (as is the case on centos-6, for example) then that OS will again be
# excluded.
debian-8
opensuse-leap-15.1
ol-7.7
sles-12.3 # older version used in Vagrant image
sles-12.5
sles-15.1
sles-15.2
sles-15.3

# These OSes are deprecated and filtered starting with 8.0.0, but need to be excluded
# for PR checks

   `keytool -importkeystore -srckeystore test-node.jks -srcstorepass keypass -destkeystore test-node.p12 -deststoretype PKCS12 -deststorepass keypass`
8. Export the node's private key
   `openssl pkcs12 -in test-node.p12 -passin pass:keypass -nocerts -passout pass:test-node-key-password -out test-node.key`
9. Convert the client's keystore to PKCS#12 temporarily so that we can export the private key (as keytool doesn't allow this)

    // x509_extensions=x509_extensions
    // [distinguished_name]
    // [req_extensions]
    // [x509_extensions]
    // subjectAltName=DNS:localhost.localdomain,DNS:localhost,IP:127.0.0.1
    //
    // $ openssl req -x509 -nodes -days 36500 -subj '/CN=localhost' -config ./cert.cnf \
    //     -newkey rsa:512 -out cert.pem
    val certificate =
      certificate(
        """
        -----BEGIN CERTIFICATE-----

          values:
            - "centos-7&&immutable"
            - "centos-8&&immutable"
            - "debian-9&&immutable"
            - "debian-10&&immutable"
            - "debian-11&&immutable"
            - "opensuse-15-1&&immutable"
            - "oraclelinux-7&&immutable"
            - "oraclelinux-8&&immutable"
            - "sles-12&&immutable"
            - "sles-15&&immutable"
            - "ubuntu-18.04&&immutable"

echo "Create bucket in source MinIO instance"
./mc mb minio1/test-bucket --insecure

# Load objects to source site with checksum header
echo "Loading objects to source MinIO instance"
OBJ_CHKSUM=$(openssl dgst -sha256 -binary </tmp/data/obj | base64)

#!/bin/bash

# opensuse 15 has a missing dep for systemd

if which zypper > /dev/null ; then
    sudo zypper install -y insserv-compat
fi

if [ -e /etc/sysctl.d/99-gce.conf ]; then
  # The GCE defaults disable IPv4 forwarding, which breaks the Docker
  # build. Workaround this by renaming the file so that it is executed
  # earlier than our own overrides.
  #
  # This ultimately needs to be fixed at the image level - see infra
  # issue 15654.

#!/bin/bash

# opensuse 15 has a missing dep for systemd

if which zypper > /dev/null ; then
    sudo zypper install -y insserv-compat
fi

if [ -e /etc/sysctl.d/99-gce.conf ]; then
  # The GCE defaults disable IPv4 forwarding, which breaks the Docker
  # build. Workaround this by renaming the file so that it is executed
  # earlier than our own overrides.
  #
  # This ultimately needs to be fixed at the image level - see infra
  # issue 15654.

          name: os
          values:
            - centos-7-packaging
            - centos-8-packaging
            - debian-9-packaging
            - debian-10-packaging
            - debian-11-packaging
            - opensuse-15-1-packaging
            - oraclelinux-7-packaging
            - oraclelinux-8-packaging
            - sles-12-packaging
            - sles-15-packaging
            - ubuntu-18.04-packaging