fs: fix XFS and other FS related issue due to missing d_type.

.dockerignore

@@ -1,17 +0,0 @@
-.git
-.github
-default.etcd
-*.gz
-*.tar.gz
-*.bzip2
-*.zip
-browser/node_modules
-node_modules
-docs/debugging/s3-verify/s3-verify
-docs/debugging/xl-meta/xl-meta
-docs/debugging/s3-check-md5/s3-check-md5
-docs/debugging/hash-set/hash-set
-docs/debugging/healing-bin/healing-bin
-docs/debugging/inspect/inspect
-docs/debugging/pprofgoparser/pprofgoparser
-docs/debugging/reorder-disks/reorder-disks

.github/ISSUE_TEMPLATE.md

@@ -1,51 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: community, triage
-assignees: ''
-
----
-
-## NOTE
-All GitHub issues are addressed on a best-effort basis at MinIO's sole discretion. There are no Service Level Agreements (SLA) or Objectives (SLO). Remember our [Code of Conduct](https://github.com/minio/minio/blob/master/code_of_conduct.md) when engaging with MinIO Engineers and the larger community.
-
-For urgent issues (e.g. production down, etc.), subscribe to [SUBNET](https://min.io/pricing?jmp=github) for direct to engineering support.
- 
-<!--- Provide a general summary of the issue in the Title above -->
-
-## Expected Behavior
-<!--- If you're describing a bug, tell us what should happen -->
-<!--- If you're suggesting a change/improvement, tell us how it should work -->
-
-## Current Behavior
-<!--- If describing a bug, tell us what happens instead of the expected behavior -->
-<!--- If suggesting a change/improvement, explain the difference from current behavior -->
-
-## Possible Solution
-<!--- Not obligatory, but suggest a fix/reason for the bug, -->
-<!--- or ideas how to implement the addition or change -->
-
-## Steps to Reproduce (for bugs)
-<!--- Provide a link to a live example, or an unambiguous set of steps to -->
-<!--- reproduce this bug. Include code to reproduce, if relevant -->
-<!--- and make sure you have followed https://github.com/minio/minio/tree/release/docs/debugging to capture relevant logs -->
-
-1.
-2.
-3.
-4.
-
-## Context
-<!--- How has this issue affected you? What are you trying to accomplish? -->
-<!--- Providing context helps us come up with a solution that is most useful in the real world -->
-
-## Regression
-<!-- Is this issue a regression? (Yes / No) -->
-<!-- If Yes, optionally please include minio version or commit id or PR# that caused this regression, if you have these details. -->
-
-## Your Environment
-<!--- Include as many relevant details about the environment you experienced the bug in -->
-* Version used (`minio --version`):
-* Server setup and configuration:
-* Operating System and version (`uname -a`):

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,54 +0,0 @@
----
-name: Bug report
-about: Report a bug in MinIO (community edition is source-only)
-title: ''
-labels: community, triage
-assignees: ''
-
----
-
-## IMPORTANT NOTES
-
-**Community Edition**: MinIO community edition is now source-only. Install via `go install github.com/minio/minio@latest`
-
-**Feature Requests**: We are no longer accepting feature requests for the community edition. For feature requests and enterprise support, please subscribe to [MinIO Enterprise Support](https://min.io/pricing).
-
-**Urgent Issues**: If this case is urgent or affects production, please subscribe to [SUBNET](https://min.io/pricing) for 24/7 enterprise support.
-
-<!--- Provide a general summary of the issue in the Title above -->
-
-## Expected Behavior
-<!--- If you're describing a bug, tell us what should happen -->
-<!--- If you're suggesting a change/improvement, tell us how it should work -->
-
-## Current Behavior
-<!--- If describing a bug, tell us what happens instead of the expected behavior -->
-<!--- If suggesting a change/improvement, explain the difference from current behavior -->
-
-## Possible Solution
-<!--- Not obligatory, but suggest a fix/reason for the bug, -->
-<!--- or ideas how to implement the addition or change -->
-
-## Steps to Reproduce (for bugs)
-<!--- Provide a link to a live example, or an unambiguous set of steps to -->
-<!--- reproduce this bug. Include code to reproduce, if relevant -->
-<!--- and make sure you have followed https://github.com/minio/minio/tree/release/docs/debugging to capture relevant logs -->
-
-1.
-2.
-3.
-4.
-
-## Context
-<!--- How has this issue affected you? What are you trying to accomplish? -->
-<!--- Providing context helps us come up with a solution that is most useful in the real world -->
-
-## Regression
-<!-- Is this issue a regression? (Yes / No) -->
-<!-- If Yes, optionally please include minio version or commit id or PR# that caused this regression, if you have these details. -->
-
-## Your Environment
-<!--- Include as many relevant details about the environment you experienced the bug in -->
-* Version used (`minio --version`):
-* Server setup and configuration:
-* Operating System and version (`uname -a`):

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: MinIO Community Support
-    url: https://slack.min.io
-    about: Community support via Slack - for questions and discussions
-  - name: MinIO Enterprise Support (SUBNET)
-    url: https://min.io/pricing
-    about: Enterprise support with SLA - for production deployments and feature requests

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,26 +0,0 @@
-## Community Contribution License
-All community contributions in this pull request are licensed to the project maintainers
-under the terms of the [Apache 2 license](https://www.apache.org/licenses/LICENSE-2.0). 
-By creating this pull request I represent that I have the right to license the 
-contributions to the project maintainers under the Apache 2 license.
-
-## Description
-
-
-## Motivation and Context
-
-
-## How to test this PR?
-
-
-## Types of changes
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Optimization (provides speedup with no functional changes)
-- [ ] Breaking change (fix or feature that would cause existing functionality to change)
-
-## Checklist:
-- [ ] Fixes a regression (If yes, please add `commit-id` or `PR #` here)
-- [ ] Unit tests added/updated
-- [ ] Internal documentation updated
-- [ ] Create a documentation update request [here](https://github.com/minio/docs/issues/new?label=doc-change,title=Doc+Updated+Needed+For+PR+github.com%2fminio%2fminio%2fpull%2fNNNNN)

.github/logo.svg

@@ -1 +0,0 @@
-<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 162.612 24.465"><path d="M52.751.414h9.108v23.63h-9.108zM41.711.74l-18.488 9.92a.919.919 0 0 1-.856 0L3.879.74A2.808 2.808 0 0 0 2.558.414h-.023A2.4 2.4 0 0 0 0 2.641v21.376h9.1V13.842a.918.918 0 0 1 1.385-.682l10.361 5.568a3.634 3.634 0 0 0 3.336.028l10.933-5.634a.917.917 0 0 1 1.371.69v10.205h9.1V2.641A2.4 2.4 0 0 0 43.055.414h-.023a2.808 2.808 0 0 0-1.321.326zm65.564-.326h-9.237v10.755a.913.913 0 0 1-1.338.706L72.762.675a2.824 2.824 0 0 0-1.191-.261h-.016a2.4 2.4 0 0 0-2.535 2.227v21.377h9.163V13.275a.914.914 0 0 1 1.337-.707l24.032 11.2a2.813 2.813 0 0 0 1.188.26 2.4 2.4 0 0 0 2.535-2.227zm7.161 23.63V.414h4.191v23.63zm28.856.421c-11.274 0-19.272-4.7-19.272-12.232C124.02 4.741 132.066 0 143.292 0s19.32 4.7 19.32 12.233-7.902 12.232-19.32 12.232zm0-21.333c-8.383 0-14.84 3.217-14.84 9.1 0 5.926 6.457 9.1 14.84 9.1s14.887-3.174 14.887-9.1c0-5.883-6.504-9.1-14.887-9.1z" fill="#c72c48"/></svg>

.github/stale.yml

@@ -1,60 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 30
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 15
-
-# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
-onlyLabels: []
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - "security"
-  - "pending discussion"
-  - "do-not-close"
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Set to true to ignore issues with an assignee (defaults to false)
-exemptAssignees: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >-
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed after 15 days if no further activity
-  occurs. Thank you for your contributions.
-# Comment to post when removing the stale label.
-# unmarkComment: >
-#   Your comment here.
-
-# Comment to post when closing a stale Issue or Pull Request.
-# closeComment: >
-#   Your comment here.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 1
-
-# Limit to only `issues` or `pulls`
-# only: issues
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-# pulls:
-#   daysUntilStale: 30
-#   markComment: >
-#     This pull request has been automatically marked as stale because it has not had
-#     recent activity. It will be closed if no further activity occurs. Thank you
-#     for your contributions.
-
-# issues:
-#   exemptLabels:
-#     - confirmed

.github/workflows/depsreview.yaml

@@ -1,14 +0,0 @@
-name: 'Dependency Review'
-on: [pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout Repository'
-        uses: actions/checkout@v4
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v4

.github/workflows/go-cross.yml

@@ -1,39 +0,0 @@
-name: Crosscompile
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Build Tests with Go ${{ matrix.go-version }} on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-        os: [ubuntu-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Build on ${{ matrix.os }}
-        if: matrix.os == 'ubuntu-latest'
-        env:
-          CGO_ENABLED: 0
-          GO111MODULE: on
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make crosscompile

.github/workflows/go-healing.yml

@@ -1,44 +0,0 @@
-name: Healing Functional Tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-        os: [ubuntu-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Build on ${{ matrix.os }}
-        if: matrix.os == 'ubuntu-latest'
-        env:
-          CGO_ENABLED: 0
-          GO111MODULE: on
-          MINIO_KMS_SECRET_KEY: "my-minio-key:oyArl7zlPECEduNbB1KXgdzDn2Bdpvvw0l8VO51HQnY="
-          MINIO_KMS_AUTO_ENCRYPTION: on
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make verify-healing
-          make verify-healing-inconsistent-versions
-          make verify-healing-with-root-disks
-          make verify-healing-with-rewrite

.github/workflows/go-lint.yml

@@ -1,42 +0,0 @@
-name: Linters and Tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-        os: [ubuntu-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Build on ${{ matrix.os }}
-        if: matrix.os == 'ubuntu-latest'
-        env:
-          CGO_ENABLED: 0
-          GO111MODULE: on
-        run: |
-          sudo apt install jq -y
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make
-          make test
-          make test-race

.github/workflows/go-resiliency.yml

@@ -1,39 +0,0 @@
-name: Resiliency Functional Tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-        os: [ubuntu-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Build on ${{ matrix.os }}
-        if: matrix.os == 'ubuntu-latest'
-        env:
-          CGO_ENABLED: 0
-          GO111MODULE: on
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-resiliency

.github/workflows/go.yml

@@ -1,42 +0,0 @@
-name: Functional Tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Go ${{ matrix.go-version }} on ${{ matrix.os }} - healing
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-        os: [ubuntu-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Build on ${{ matrix.os }}
-        if: matrix.os == 'ubuntu-latest'
-        env:
-          CGO_ENABLED: 0
-          GO111MODULE: on
-          MINIO_KMS_SECRET_KEY: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw="
-          MINIO_KMS_AUTO_ENCRYPTION: on
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make verify
-          make test-timeout

.github/workflows/helm-lint.yml

@@ -1,30 +0,0 @@
-name: Helm Chart linting
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4
-
-      - name: Run helm lint
-        run: |
-          cd helm/minio
-          helm lint .

.github/workflows/iam-integrations.yaml

@@ -1,161 +0,0 @@
-name: IAM integration
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  iam-matrix-test:
-    name: "[Go=${{ matrix.go-version }}|ldap=${{ matrix.ldap }}|etcd=${{ matrix.etcd }}|openid=${{ matrix.openid }}]"
-    runs-on: ubuntu-latest
-
-    services:
-      openldap:
-        image: quay.io/minio/openldap
-        ports:
-          - "389:389"
-          - "636:636"
-        env:
-          LDAP_ORGANIZATION: "MinIO Inc"
-          LDAP_DOMAIN: "min.io"
-          LDAP_ADMIN_PASSWORD: "admin"
-      etcd:
-        image: "quay.io/coreos/etcd:v3.5.1"
-        env:
-          ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
-          ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
-        ports:
-          - "2379:2379"
-        options: >-
-          --health-cmd "etcdctl endpoint health"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-      openid:
-        image: quay.io/minio/dex
-        ports:
-          - "5556:5556"
-        env:
-          DEX_LDAP_SERVER: "openldap:389"
-      openid2:
-        image: quay.io/minio/dex
-        ports:
-          - "5557:5557"
-        env:
-          DEX_LDAP_SERVER: "openldap:389"
-          DEX_ISSUER: "http://127.0.0.1:5557/dex"
-          DEX_WEB_HTTP: "0.0.0.0:5557"
-
-    strategy:
-      # When ldap, etcd or openid vars are empty below, those external servers
-      # are turned off - i.e. if ldap="", then ldap server is not enabled for
-      # the tests.
-      matrix:
-        go-version: [1.24.x]
-        ldap: ["", "localhost:389"]
-        etcd: ["", "http://localhost:2379"]
-        openid: ["", "http://127.0.0.1:5556/dex"]
-        exclude:
-          # exclude combos where all are empty.
-          - ldap: ""
-            etcd: ""
-            openid: ""
-          # exclude combos where both ldap and openid IDPs are specified.
-          - ldap: "localhost:389"
-            openid: "http://127.0.0.1:5556/dex"
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Test LDAP/OpenID/Etcd combo
-        env:
-          _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }}
-          _MINIO_ETCD_TEST_SERVER: ${{ matrix.etcd }}
-          _MINIO_OPENID_TEST_SERVER: ${{ matrix.openid }}
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-iam
-      - name: Test with multiple OpenID providers
-        if: matrix.openid == 'http://127.0.0.1:5556/dex'
-        env:
-          _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }}
-          _MINIO_ETCD_TEST_SERVER: ${{ matrix.etcd }}
-          _MINIO_OPENID_TEST_SERVER: ${{ matrix.openid }}
-          _MINIO_OPENID_TEST_SERVER_2: "http://127.0.0.1:5557/dex"
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-iam
-      - name: Test with Access Management Plugin enabled
-        env:
-          _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }}
-          _MINIO_ETCD_TEST_SERVER: ${{ matrix.etcd }}
-          _MINIO_OPENID_TEST_SERVER: ${{ matrix.openid }}
-          _MINIO_POLICY_PLUGIN_TEST_ENDPOINT: "http://127.0.0.1:8080"
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          go run docs/iam/access-manager-plugin.go &
-          make test-iam
-      - name: Test MinIO Old Version data to IAM import current version
-        if: matrix.ldap == 'ldaphost:389'
-        env:
-          _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }}
-        run: |
-          make test-iam-ldap-upgrade-import
-      - name: Test LDAP for automatic site replication
-        if: matrix.ldap == 'localhost:389'
-        run: |
-          make test-site-replication-ldap
-      - name: Test OIDC for automatic site replication
-        if: matrix.openid == 'http://127.0.0.1:5556/dex'
-        run: |
-          make test-site-replication-oidc
-  iam-import-with-missing-entities:
-    name: Test IAM import in new cluster with missing entities
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Checkout minio-iam-testing
-        uses: actions/checkout@v4
-        with:
-          repository: minio/minio-iam-testing
-          path: minio-iam-testing
-      - name: Test import of IAM artifacts when in fresh cluster there are missing groups etc
-        run: |
-          make test-iam-import-with-missing-entities
-  iam-import-with-openid:
-    name: Test IAM import in new cluster with opendid configurations
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Checkout minio-iam-testing
-        uses: actions/checkout@v4
-        with:
-          repository: minio/minio-iam-testing
-          path: minio-iam-testing
-      - name: Test import of IAM artifacts when in fresh cluster with openid configurations
-        run: |
-          make test-iam-import-with-openid

.github/workflows/issues.yaml

@@ -1,18 +0,0 @@
-# @format
-
-name: Issue Workflow
-
-on:
-  issues:
-    types:
-      - opened
-
-jobs:
-  add-to-project:
-    name: Add issue to project
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/add-to-project@v0.5.0
-        with:
-          project-url: https://github.com/orgs/miniohq/projects/2
-          github-token: ${{ secrets.BOT_PAT }}

.github/workflows/lock.yml

@@ -1,24 +0,0 @@
-name: 'Lock Threads'
-
-on:
-  schedule:
-    - cron: '0 0 * * *'
-  workflow_dispatch:
-
-permissions:
-  issues: write
-
-concurrency:
-  group: lock
-
-jobs:
-  action:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: dessant/lock-threads@v3
-        with:
-          github-token: ${{ github.token }}
-          issue-inactive-days: '365'
-          exclude-any-issue-labels: 'do-not-close'
-          issue-lock-reason: 'resolved'
-          log-output: true

.github/workflows/mint.yml

@@ -1,81 +0,0 @@
-name: Mint Tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  mint-test:
-    runs-on: mint
-    timeout-minutes: 120
-    steps:
-      - name: cleanup #https://github.com/actions/checkout/issues/273
-        run: |
-          sudo -S rm -rf ${GITHUB_WORKSPACE}
-          mkdir ${GITHUB_WORKSPACE}
-      - name: checkout-step
-        uses: actions/checkout@v4
-
-      - name: setup-go-step
-        uses: actions/setup-go@v5
-        with:
-          go-version: 1.24.x
-
-      - name: github sha short
-        id: vars
-        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-
-      - name: build-minio
-        run: |
-          TAG="quay.io/minio/minio:${{ steps.vars.outputs.sha_short }}" make docker
-
-      - name: multipart uploads test
-        run: |
-          ${GITHUB_WORKSPACE}/.github/workflows/multipart/migrate.sh "${{ steps.vars.outputs.sha_short }}"
-
-      - name: compress and encrypt
-        run: |
-          ${GITHUB_WORKSPACE}/.github/workflows/run-mint.sh "compress-encrypt" "minio" "minio123" "${{ steps.vars.outputs.sha_short }}"
-
-      - name: multiple pools
-        run: |
-          ${GITHUB_WORKSPACE}/.github/workflows/run-mint.sh "pools" "minio" "minio123" "${{ steps.vars.outputs.sha_short }}"
-
-      - name: standalone erasure
-        run: |
-          ${GITHUB_WORKSPACE}/.github/workflows/run-mint.sh "erasure" "minio" "minio123" "${{ steps.vars.outputs.sha_short }}"
-
-      # FIXME: renable this back when we have a valid way to add deadlines for PUT()s (internode CreateFile)
-      # - name: resiliency
-      #   run: |
-      #     ${GITHUB_WORKSPACE}/.github/workflows/run-mint.sh "resiliency" "minio" "minio123" "${{ steps.vars.outputs.sha_short }}"
-
-      - name: The job must cleanup
-        if: ${{ always() }}
-        run: |
-          export JOB_NAME=${{ steps.vars.outputs.sha_short }}
-          for mode in $(echo compress-encrypt pools erasure); do
-             docker-compose -f ${GITHUB_WORKSPACE}/.github/workflows/mint/minio-${mode}.yaml down || true
-             docker-compose -f ${GITHUB_WORKSPACE}/.github/workflows/mint/minio-${mode}.yaml rm || true
-          done
-
-          docker-compose -f ${GITHUB_WORKSPACE}/.github/workflows/multipart/docker-compose-site1.yaml rm -s -f || true
-          docker-compose -f ${GITHUB_WORKSPACE}/.github/workflows/multipart/docker-compose-site2.yaml rm -s -f || true
-          for volume in $(docker volume ls -q | grep minio); do
-            docker volume rm ${volume} || true
-          done
-
-          docker rmi -f quay.io/minio/minio:${{ steps.vars.outputs.sha_short }}
-          docker system prune -f || true
-          docker volume prune -f || true
-          docker volume rm $(docker volume ls -q -f dangling=true) || true

.github/workflows/mint/minio-compress-encrypt.yaml

@@ -1,80 +0,0 @@
-version: '3.7'
-
-# Settings and configurations that are common for all containers
-x-minio-common: &minio-common
-  image: quay.io/minio/minio:${JOB_NAME}
-  command: server --console-address ":9001" http://minio{1...4}/cdata{1...2}
-  expose:
-    - "9000"
-    - "9001"
-  environment:
-    MINIO_CI_CD: "on"
-    MINIO_ROOT_USER: "minio"
-    MINIO_ROOT_PASSWORD: "minio123"
-    MINIO_COMPRESSION_ENABLE: "on"
-    MINIO_COMPRESSION_MIME_TYPES: "*"
-    MINIO_COMPRESSION_ALLOW_ENCRYPTION: "on"
-    MINIO_KMS_SECRET_KEY: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw="
-  healthcheck:
-    test: ["CMD", "mc", "ready", "local"]
-    interval: 5s
-    timeout: 5s
-    retries: 5
-
-# starts 4 docker containers running minio server instances.
-# using nginx reverse proxy, load balancing, you can access
-# it through port 9000.
-services:
-  minio1:
-    <<: *minio-common
-    hostname: minio1
-    volumes:
-      - cdata1-1:/cdata1
-      - cdata1-2:/cdata2
-
-  minio2:
-    <<: *minio-common
-    hostname: minio2
-    volumes:
-      - cdata2-1:/cdata1
-      - cdata2-2:/cdata2
-
-  minio3:
-    <<: *minio-common
-    hostname: minio3
-    volumes:
-      - cdata3-1:/cdata1
-      - cdata3-2:/cdata2
-
-  minio4:
-    <<: *minio-common
-    hostname: minio4
-    volumes:
-      - cdata4-1:/cdata1
-      - cdata4-2:/cdata2
-
-  nginx:
-    image: nginx:1.19.2-alpine
-    hostname: nginx
-    volumes:
-      - ./nginx-4-node.conf:/etc/nginx/nginx.conf:ro
-    ports:
-      - "9000:9000"
-      - "9001:9001"
-    depends_on:
-      - minio1
-      - minio2
-      - minio3
-      - minio4
-
-## By default this config uses default local driver,
-## For custom volumes replace with volume driver configuration.
-volumes:
-  cdata1-1:
-  cdata1-2:
-  cdata2-1:
-  cdata2-2:
-  cdata3-1:
-  cdata3-2:
-  cdata4-1:
-  cdata4-2:

.github/workflows/mint/minio-erasure.yaml

@@ -1,51 +0,0 @@
-version: '3.7'
-
-# Settings and configurations that are common for all containers
-x-minio-common: &minio-common
-  image: quay.io/minio/minio:${JOB_NAME}
-  command: server --console-address ":9001" edata{1...4}
-  expose:
-    - "9000"
-    - "9001"
-  environment:
-    MINIO_CI_CD: "on"
-    MINIO_ROOT_USER: "minio"
-    MINIO_ROOT_PASSWORD: "minio123"
-    MINIO_KMS_SECRET_KEY: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw="
-  healthcheck:
-    test: ["CMD", "mc", "ready", "local"]
-    interval: 5s
-    timeout: 5s
-    retries: 5
-
-# starts 4 docker containers running minio server instances.
-# using nginx reverse proxy, load balancing, you can access
-# it through port 9000.
-services:
-  minio1:
-    <<: *minio-common
-    hostname: minio1
-    volumes:
-      - edata1-1:/edata1
-      - edata1-2:/edata2
-      - edata1-3:/edata3
-      - edata1-4:/edata4
-
-  nginx:
-    image: nginx:1.19.2-alpine
-    hostname: nginx
-    volumes:
-      - ./nginx-1-node.conf:/etc/nginx/nginx.conf:ro
-    ports:
-      - "9000:9000"
-      - "9001:9001"
-    depends_on:
-      - minio1
-
-## By default this config uses default local driver,
-## For custom volumes replace with volume driver configuration.
-volumes:
-  edata1-1:
-  edata1-2:
-  edata1-3:
-  edata1-4:

.github/workflows/mint/minio-pools.yaml

@@ -1,117 +0,0 @@
-version: '3.7'
-
-# Settings and configurations that are common for all containers
-x-minio-common: &minio-common
-  image: quay.io/minio/minio:${JOB_NAME}
-  command: server --console-address ":9001" http://minio{1...4}/pdata{1...2} http://minio{5...8}/pdata{1...2}
-  expose:
-    - "9000"
-    - "9001"
-  environment:
-    MINIO_CI_CD: "on"
-    MINIO_ROOT_USER: "minio"
-    MINIO_ROOT_PASSWORD: "minio123"
-    MINIO_KMS_SECRET_KEY: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw="
-  healthcheck:
-    test: ["CMD", "mc", "ready", "local"]
-    interval: 5s
-    timeout: 5s
-    retries: 5
-
-# starts 4 docker containers running minio server instances.
-# using nginx reverse proxy, load balancing, you can access
-# it through port 9000.
-services:
-  minio1:
-    <<: *minio-common
-    hostname: minio1
-    volumes:
-      - pdata1-1:/pdata1
-      - pdata1-2:/pdata2
-
-  minio2:
-    <<: *minio-common
-    hostname: minio2
-    volumes:
-      - pdata2-1:/pdata1
-      - pdata2-2:/pdata2
-
-  minio3:
-    <<: *minio-common
-    hostname: minio3
-    volumes:
-      - pdata3-1:/pdata1
-      - pdata3-2:/pdata2
-
-  minio4:
-    <<: *minio-common
-    hostname: minio4
-    volumes:
-      - pdata4-1:/pdata1
-      - pdata4-2:/pdata2
-
-  minio5:
-    <<: *minio-common
-    hostname: minio5
-    volumes:
-      - pdata5-1:/pdata1
-      - pdata5-2:/pdata2
-
-  minio6:
-    <<: *minio-common
-    hostname: minio6
-    volumes:
-      - pdata6-1:/pdata1
-      - pdata6-2:/pdata2
-
-  minio7:
-    <<: *minio-common
-    hostname: minio7
-    volumes:
-      - pdata7-1:/pdata1
-      - pdata7-2:/pdata2
-
-  minio8:
-    <<: *minio-common
-    hostname: minio8
-    volumes:
-      - pdata8-1:/pdata1
-      - pdata8-2:/pdata2
-      
-  nginx:
-    image: nginx:1.19.2-alpine
-    hostname: nginx
-    volumes:
-      - ./nginx-8-node.conf:/etc/nginx/nginx.conf:ro
-    ports:
-      - "9000:9000"
-      - "9001:9001"
-    depends_on:
-      - minio1
-      - minio2
-      - minio3
-      - minio4
-      - minio5
-      - minio6
-      - minio7
-      - minio8
-
-## By default this config uses default local driver,
-## For custom volumes replace with volume driver configuration.
-volumes:
-  pdata1-1:
-  pdata1-2:
-  pdata2-1:
-  pdata2-2:
-  pdata3-1:
-  pdata3-2:
-  pdata4-1:
-  pdata4-2:
-  pdata5-1:
-  pdata5-2:
-  pdata6-1:
-  pdata6-2:
-  pdata7-1:
-  pdata7-2:
-  pdata8-1:
-  pdata8-2:

.github/workflows/mint/minio-resiliency.yaml

@@ -1,78 +0,0 @@
-version: '3.7'
-
-# Settings and configurations that are common for all containers
-x-minio-common: &minio-common
-  image: quay.io/minio/minio:${JOB_NAME}
-  command: server --console-address ":9001" http://minio{1...4}/rdata{1...2}
-  expose:
-    - "9000"
-    - "9001"
-  environment:
-    MINIO_CI_CD: "on"
-    MINIO_ROOT_USER: "minio"
-    MINIO_ROOT_PASSWORD: "minio123"
-    MINIO_KMS_SECRET_KEY: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw="
-    MINIO_DRIVE_MAX_TIMEOUT: "5s"
-  healthcheck:
-    test: ["CMD", "mc", "ready", "local"]
-    interval: 5s
-    timeout: 5s
-    retries: 5
-
-# starts 4 docker containers running minio server instances.
-# using nginx reverse proxy, load balancing, you can access
-# it through port 9000.
-services:
-  minio1:
-    <<: *minio-common
-    hostname: minio1
-    volumes:
-      - rdata1-1:/rdata1
-      - rdata1-2:/rdata2
-
-  minio2:
-    <<: *minio-common
-    hostname: minio2
-    volumes:
-      - rdata2-1:/rdata1
-      - rdata2-2:/rdata2
-
-  minio3:
-    <<: *minio-common
-    hostname: minio3
-    volumes:
-      - rdata3-1:/rdata1
-      - rdata3-2:/rdata2
-
-  minio4:
-    <<: *minio-common
-    hostname: minio4
-    volumes:
-      - rdata4-1:/rdata1
-      - rdata4-2:/rdata2
-
-  nginx:
-    image: nginx:1.19.2-alpine
-    hostname: nginx
-    volumes:
-      - ./nginx-4-node.conf:/etc/nginx/nginx.conf:ro
-    ports:
-      - "9000:9000"
-      - "9001:9001"
-    depends_on:
-      - minio1
-      - minio2
-      - minio3
-      - minio4
-
-## By default this config uses default local driver,
-## For custom volumes replace with volume driver configuration.
-volumes:
-  rdata1-1:
-  rdata1-2:
-  rdata2-1:
-  rdata2-2:
-  rdata3-1:
-  rdata3-2:
-  rdata4-1:
-  rdata4-2:

.github/workflows/mint/nginx-1-node.conf

@@ -1,100 +0,0 @@
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  4096;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-    sendfile        on;
-    keepalive_timeout  65;
-
-    # include /etc/nginx/conf.d/*.conf;
-
-    upstream minio {
-        server minio1:9000;
-    }
-
-    upstream console {
-        ip_hash;
-        server minio1:9001;
-    }
-
-    server {
-        listen       9000;
-        listen  [::]:9000;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-
-            proxy_connect_timeout 300;
-            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
-            proxy_http_version 1.1;
-            proxy_set_header Connection "";
-            chunked_transfer_encoding off;
-
-            proxy_pass http://minio;
-        }
-    }
-
-    server {
-        listen       9001;
-        listen  [::]:9001;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-NginX-Proxy true;
-
-            # This is necessary to pass the correct IP to be hashed
-            real_ip_header X-Real-IP;
-
-            proxy_connect_timeout 300;
-            
-            # To support websocket
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-            
-            chunked_transfer_encoding off;
-
-            proxy_pass http://console;
-        }
-    }
-}

.github/workflows/mint/nginx-4-node.conf

@@ -1,105 +0,0 @@
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  4096;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-    sendfile        on;
-    keepalive_timeout  65;
-
-    # include /etc/nginx/conf.d/*.conf;
-
-    upstream minio {
-        server minio1:9000 max_fails=1 fail_timeout=10s;
-        server minio2:9000 max_fails=1 fail_timeout=10s;
-        server minio3:9000 max_fails=1 fail_timeout=10s;
-    }
-
-    upstream console {
-        ip_hash;
-        server minio1:9001;
-        server minio2:9001;
-        server minio3:9001;
-        server minio4:9001;
-    }
-
-    server {
-        listen       9000;
-        listen  [::]:9000;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-
-            proxy_connect_timeout 300;
-            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
-            proxy_http_version 1.1;
-            proxy_set_header Connection "";
-            chunked_transfer_encoding off;
-
-            proxy_pass http://minio;
-        }
-    }
-
-    server {
-        listen       9001;
-        listen  [::]:9001;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-NginX-Proxy true;
-
-            # This is necessary to pass the correct IP to be hashed
-            real_ip_header X-Real-IP;
-
-            proxy_connect_timeout 300;
-            
-            # To support websocket
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-            
-            chunked_transfer_encoding off;
-
-            proxy_pass http://console;
-        }
-    }
-}

.github/workflows/mint/nginx-8-node.conf

@@ -1,114 +0,0 @@
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  4096;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-    sendfile        on;
-    keepalive_timeout  65;
-
-    # include /etc/nginx/conf.d/*.conf;
-
-    upstream minio {
-        server minio1:9000 max_fails=1 fail_timeout=10s;
-        server minio2:9000 max_fails=1 fail_timeout=10s;
-        server minio3:9000 max_fails=1 fail_timeout=10s;
-        server minio4:9000 max_fails=1 fail_timeout=10s;
-        server minio5:9000 max_fails=1 fail_timeout=10s;
-        server minio6:9000 max_fails=1 fail_timeout=10s;
-        server minio7:9000 max_fails=1 fail_timeout=10s;
-        server minio8:9000 max_fails=1 fail_timeout=10s;
-    }
-
-    upstream console {
-        ip_hash;
-        server minio1:9001;
-        server minio2:9001;
-        server minio3:9001;
-        server minio4:9001;
-        server minio5:9001;
-        server minio6:9001;
-        server minio7:9001;
-        server minio8:9001;
-    }
-
-    server {
-        listen       9000;
-        listen  [::]:9000;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-
-            proxy_connect_timeout 300;
-            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
-            proxy_http_version 1.1;
-            proxy_set_header Connection "";
-            chunked_transfer_encoding off;
-
-            proxy_pass http://minio;
-        }
-    }
-
-    server {
-        listen       9001;
-        listen  [::]:9001;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-NginX-Proxy true;
-
-            # This is necessary to pass the correct IP to be hashed
-            real_ip_header X-Real-IP;
-
-            proxy_connect_timeout 300;
-            
-            # To support websocket
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-            
-            chunked_transfer_encoding off;
-
-            proxy_pass http://console;
-        }
-    }
-}

.github/workflows/mint/nginx.conf

@@ -1,106 +0,0 @@
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  4096;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-    sendfile        on;
-    keepalive_timeout  65;
-
-    # include /etc/nginx/conf.d/*.conf;
-
-    upstream minio {
-        server minio1:9000 max_fails=1 fail_timeout=10s;
-        server minio2:9000 max_fails=1 fail_timeout=10s;
-        server minio3:9000 max_fails=1 fail_timeout=10s;
-        server minio4:9000 max_fails=1 fail_timeout=10s;
-    }
-
-    upstream console {
-        ip_hash;
-        server minio1:9001;
-        server minio2:9001;
-        server minio3:9001;
-        server minio4:9001;
-    }
-
-    server {
-        listen       9000;
-        listen  [::]:9000;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-
-            proxy_connect_timeout 300;
-            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
-            proxy_http_version 1.1;
-            proxy_set_header Connection "";
-            chunked_transfer_encoding off;
-
-            proxy_pass http://minio;
-        }
-    }
-
-    server {
-        listen       9001;
-        listen  [::]:9001;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-NginX-Proxy true;
-
-            # This is necessary to pass the correct IP to be hashed
-            real_ip_header X-Real-IP;
-
-            proxy_connect_timeout 300;
-            
-            # To support websocket
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-            
-            chunked_transfer_encoding off;
-
-            proxy_pass http://console;
-        }
-    }
-}

.github/workflows/multipart/docker-compose-site1.yaml

@@ -1,66 +0,0 @@
-version: '3.7'
-
-# Settings and configurations that are common for all containers
-x-minio-common: &minio-common
-  image: quay.io/minio/minio:${RELEASE}
-  command: server http://site1-minio{1...4}/data{1...2}
-  environment:
-    - MINIO_PROMETHEUS_AUTH_TYPE=public
-    - CI=true
-
-# starts 4 docker containers running minio server instances.
-# using nginx reverse proxy, load balancing, you can access
-# it through port 9000.
-services:
-  site1-minio1:
-    <<: *minio-common
-    hostname: site1-minio1
-    volumes:
-      - site1-data1-1:/data1
-      - site1-data1-2:/data2
-
-  site1-minio2:
-    <<: *minio-common
-    hostname: site1-minio2
-    volumes:
-      - site1-data2-1:/data1
-      - site1-data2-2:/data2
-
-  site1-minio3:
-    <<: *minio-common
-    hostname: site1-minio3
-    volumes:
-      - site1-data3-1:/data1
-      - site1-data3-2:/data2
-
-  site1-minio4:
-    <<: *minio-common
-    hostname: site1-minio4
-    volumes:
-      - site1-data4-1:/data1
-      - site1-data4-2:/data2
-
-  site1-nginx:
-    image: nginx:1.19.2-alpine
-    hostname: site1-nginx
-    volumes:
-      - ./nginx-site1.conf:/etc/nginx/nginx.conf:ro
-    ports:
-      - "9001:9001"
-    depends_on:
-      - site1-minio1
-      - site1-minio2
-      - site1-minio3
-      - site1-minio4
-
-## By default this config uses default local driver,
-## For custom volumes replace with volume driver configuration.
-volumes:
-  site1-data1-1:
-  site1-data1-2:
-  site1-data2-1:
-  site1-data2-2:
-  site1-data3-1:
-  site1-data3-2:
-  site1-data4-1:
-  site1-data4-2:

.github/workflows/multipart/docker-compose-site2.yaml

@@ -1,66 +0,0 @@
-version: '3.7'
-
-# Settings and configurations that are common for all containers
-x-minio-common: &minio-common
-  image: quay.io/minio/minio:${RELEASE}
-  command: server http://site2-minio{1...4}/data{1...2}
-  environment:
-    - MINIO_PROMETHEUS_AUTH_TYPE=public
-    - CI=true
-
-# starts 4 docker containers running minio server instances.
-# using nginx reverse proxy, load balancing, you can access
-# it through port 9000.
-services:
-  site2-minio1:
-    <<: *minio-common
-    hostname: site2-minio1
-    volumes:
-      - site2-data1-1:/data1
-      - site2-data1-2:/data2
-
-  site2-minio2:
-    <<: *minio-common
-    hostname: site2-minio2
-    volumes:
-      - site2-data2-1:/data1
-      - site2-data2-2:/data2
-
-  site2-minio3:
-    <<: *minio-common
-    hostname: site2-minio3
-    volumes:
-      - site2-data3-1:/data1
-      - site2-data3-2:/data2
-
-  site2-minio4:
-    <<: *minio-common
-    hostname: site2-minio4
-    volumes:
-      - site2-data4-1:/data1
-      - site2-data4-2:/data2
-
-  site2-nginx:
-    image: nginx:1.19.2-alpine
-    hostname: site2-nginx
-    volumes:
-      - ./nginx-site2.conf:/etc/nginx/nginx.conf:ro
-    ports:
-      - "9002:9002"
-    depends_on:
-      - site2-minio1
-      - site2-minio2
-      - site2-minio3
-      - site2-minio4
-
-## By default this config uses default local driver,
-## For custom volumes replace with volume driver configuration.
-volumes:
-  site2-data1-1:
-  site2-data1-2:
-  site2-data2-1:
-  site2-data2-2:
-  site2-data3-1:
-  site2-data3-2:
-  site2-data4-1:
-  site2-data4-2:

.github/workflows/multipart/migrate.sh

@@ -1,147 +0,0 @@
-#!/bin/bash
-
-set -x
-
-## change working directory
-cd .github/workflows/multipart/
-
-function cleanup() {
-	docker-compose -f docker-compose-site1.yaml rm -s -f || true
-	docker-compose -f docker-compose-site2.yaml rm -s -f || true
-	for volume in $(docker volume ls -q | grep minio); do
-		docker volume rm ${volume} || true
-	done
-
-	docker system prune -f || true
-	docker volume prune -f || true
-	docker volume rm $(docker volume ls -q -f dangling=true) || true
-}
-
-cleanup
-
-if [ ! -f ./mc ]; then
-	wget --quiet -O mc https://dl.minio.io/client/mc/release/linux-amd64/mc &&
-		chmod +x mc
-fi
-
-export RELEASE=RELEASE.2023-08-29T23-07-35Z
-
-docker-compose -f docker-compose-site1.yaml up -d
-docker-compose -f docker-compose-site2.yaml up -d
-
-sleep 30s
-
-./mc alias set site1 http://site1-nginx:9001 minioadmin minioadmin --api s3v4
-./mc alias set site2 http://site2-nginx:9002 minioadmin minioadmin --api s3v4
-
-./mc ready site1/
-./mc ready site2/
-
-./mc admin replicate add site1 site2
-./mc mb site1/testbucket/
-./mc cp -r --quiet /usr/bin site1/testbucket/
-
-sleep 5
-
-./s3-check-md5 -h
-
-failed_count_site1=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l)
-failed_count_site2=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l)
-
-if [ $failed_count_site1 -ne 0 ]; then
-	echo "failed with multipart on site1 uploads"
-	exit 1
-fi
-
-if [ $failed_count_site2 -ne 0 ]; then
-	echo "failed with multipart on site2 uploads"
-	exit 1
-fi
-
-./mc cp -r --quiet /usr/bin site1/testbucket/
-
-sleep 5
-
-failed_count_site1=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l)
-failed_count_site2=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l)
-
-## we do not need to fail here, since we are going to test
-## upgrading to master, healing and being able to recover
-## the last version.
-if [ $failed_count_site1 -ne 0 ]; then
-	echo "failed with multipart on site1 uploads ${failed_count_site1}"
-fi
-
-if [ $failed_count_site2 -ne 0 ]; then
-	echo "failed with multipart on site2 uploads ${failed_count_site2}"
-fi
-
-export RELEASE=${1}
-
-docker-compose -f docker-compose-site1.yaml up -d
-docker-compose -f docker-compose-site2.yaml up -d
-
-./mc ready site1/
-./mc ready site2/
-
-for i in $(seq 1 10); do
-	# mc admin heal -r --remove when used against a LB endpoint
-	# behaves flaky, let this run 10 times before giving up
-	./mc admin heal -r --remove --json site1/ 2>&1 >/dev/null
-	./mc admin heal -r --remove --json site2/ 2>&1 >/dev/null
-done
-
-failed_count_site1=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site1-nginx:9001 -bucket testbucket 2>&1 | grep FAILED | wc -l)
-failed_count_site2=$(./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://site2-nginx:9002 -bucket testbucket 2>&1 | grep FAILED | wc -l)
-
-if [ $failed_count_site1 -ne 0 ]; then
-	echo "failed with multipart on site1 uploads"
-	exit 1
-fi
-
-if [ $failed_count_site2 -ne 0 ]; then
-	echo "failed with multipart on site2 uploads"
-	exit 1
-fi
-
-# Add user group test
-./mc admin user add site1 site-replication-issue-user site-replication-issue-password
-./mc admin group add site1 site-replication-issue-group site-replication-issue-user
-
-max_wait_attempts=30
-wait_interval=5
-
-attempt=1
-while true; do
-	diff <(./mc admin group info site1 site-replication-issue-group) <(./mc admin group info site2 site-replication-issue-group)
-
-	if [[ $? -eq 0 ]]; then
-		echo "Outputs are consistent."
-		break
-	fi
-
-	remaining_attempts=$((max_wait_attempts - attempt))
-	if ((attempt >= max_wait_attempts)); then
-		echo "Outputs remain inconsistent after $max_wait_attempts attempts. Exiting with error."
-		exit 1
-	else
-		echo "Outputs are inconsistent. Waiting for $wait_interval seconds (attempt $attempt/$max_wait_attempts)."
-		sleep $wait_interval
-	fi
-
-	((attempt++))
-done
-
-status=$(./mc admin group info site1 site-replication-issue-group --json | jq .groupStatus | tr -d '"')
-
-if [[ $status == "enabled" ]]; then
-	echo "Success"
-else
-	echo "Expected status: enabled, actual status: $status"
-	exit 1
-fi
-
-cleanup
-
-## change working directory
-cd ../../../

.github/workflows/multipart/nginx-site1.conf

@@ -1,61 +0,0 @@
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  4096;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-    sendfile        on;
-    keepalive_timeout  65;
-
-    # include /etc/nginx/conf.d/*.conf;
-
-    upstream minio {
-        server site1-minio1:9000;
-        server site1-minio2:9000;
-        server site1-minio3:9000;
-        server site1-minio4:9000;
-    }
-
-    server {
-        listen       9001;
-        listen  [::]:9001;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-
-            proxy_connect_timeout 300;
-            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
-            proxy_http_version 1.1;
-            proxy_set_header Connection "";
-            chunked_transfer_encoding off;
-
-            proxy_pass http://minio;
-        }
-    }
-}

.github/workflows/multipart/nginx-site2.conf

@@ -1,61 +0,0 @@
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  4096;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-    sendfile        on;
-    keepalive_timeout  65;
-
-    # include /etc/nginx/conf.d/*.conf;
-
-    upstream minio {
-        server site2-minio1:9000;
-        server site2-minio2:9000;
-        server site2-minio3:9000;
-        server site2-minio4:9000;
-    }
-
-    server {
-        listen       9002;
-        listen  [::]:9002;
-        server_name  localhost;
-
-        # To allow special characters in headers
-        ignore_invalid_headers off;
-        # Allow any size file to be uploaded.
-        # Set to a value such as 1000m; to restrict file size to a specific value
-        client_max_body_size 0;
-        # To disable buffering
-        proxy_buffering off;
-        proxy_request_buffering off;
-
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-
-            proxy_connect_timeout 300;
-            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
-            proxy_http_version 1.1;
-            proxy_set_header Connection "";
-            chunked_transfer_encoding off;
-
-            proxy_pass http://minio;
-        }
-    }
-}

.github/workflows/replication.yaml

@@ -1,79 +0,0 @@
-name: MinIO advanced tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  replication-test:
-    name: Advanced Tests with Go ${{ matrix.go-version }}
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Test Decom
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-decom
-
-      - name: Test ILM
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-ilm
-          make test-ilm-transition
-
-      - name: Test PBAC
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-pbac
-
-      - name: Test Config File
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-configfile
-
-      - name: Test Replication
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-replication
-
-      - name: Test MinIO IDP for automatic site replication
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-site-replication-minio
-
-      - name: Test Versioning
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-versioning
-
-      - name: Test Multipart upload with failures
-        run: |
-          sudo sysctl net.ipv6.conf.all.disable_ipv6=0
-          sudo sysctl net.ipv6.conf.default.disable_ipv6=0
-          make test-multipart

.github/workflows/root-disable.yml

@@ -1,34 +0,0 @@
-name: Root lockdown tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-        os: [ubuntu-latest]
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Start root lockdown tests
-        run: |
-          make test-root-disable

.github/workflows/root.cert

@@ -1,9 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBKDCB26ADAgECAhB6vebGMUfKnmBKyqoApRSOMAUGAytlcDAbMRkwFwYDVQQD
-DBByb290QHBsYXkubWluLmlvMB4XDTIwMDQzMDE1MjIyNVoXDTI1MDQyOTE1MjIy
-NVowGzEZMBcGA1UEAwwQcm9vdEBwbGF5Lm1pbi5pbzAqMAUGAytlcAMhALzn735W
-fmSH/ghKs+4iPWziZMmWdiWr/sqvqeW+WwSxozUwMzAOBgNVHQ8BAf8EBAMCB4Aw
-EwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAFBgMrZXADQQDZOrGK
-b2ATkDlu2pTcP3LyhSBDpYh7V4TvjRkBTRgjkacCzwFLm+mh+7US8V4dBpIDsJ4u
-uWoF0y6vbLVGIlkG
------END CERTIFICATE-----

.github/workflows/root.key

@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEID9E7FSYWrMD+VjhI6q545cYT9YOyFxZb7UnjEepYDRc
------END PRIVATE KEY-----

.github/workflows/run-mint.sh

@@ -1,64 +0,0 @@
-#!/bin/bash
-
-set -ex
-
-export MODE="$1"
-export ACCESS_KEY="$2"
-export SECRET_KEY="$3"
-export JOB_NAME="$4"
-export MINT_MODE="full"
-
-docker system prune -f || true
-docker volume prune -f || true
-docker volume rm $(docker volume ls -f dangling=true) || true
-
-## change working directory
-cd .github/workflows/mint
-
-## always pull latest
-docker pull docker.io/minio/mint:edge
-
-docker-compose -f minio-${MODE}.yaml up -d
-sleep 1m
-
-docker system prune -f || true
-docker volume prune -f || true
-docker volume rm $(docker volume ls -q -f dangling=true) || true
-
-# Stop two nodes, one of each pool, to check that all S3 calls work while quorum is still there
-[ "${MODE}" == "pools" ] && docker-compose -f minio-${MODE}.yaml stop minio2
-[ "${MODE}" == "pools" ] && docker-compose -f minio-${MODE}.yaml stop minio6
-
-# Pause one node, to check that all S3 calls work while one node goes wrong
-[ "${MODE}" == "resiliency" ] && docker-compose -f minio-${MODE}.yaml pause minio4
-
-docker run --rm --net=mint_default \
-	--name="mint-${MODE}-${JOB_NAME}" \
-	-e SERVER_ENDPOINT="nginx:9000" \
-	-e ACCESS_KEY="${ACCESS_KEY}" \
-	-e SECRET_KEY="${SECRET_KEY}" \
-	-e ENABLE_HTTPS=0 \
-	-e MINT_MODE="${MINT_MODE}" \
-	docker.io/minio/mint:edge
-
-# FIXME: enable this after fixing aws-sdk-java-v2 tests
-# # unpause the node, to check that all S3 calls work while one node goes wrong
-# [ "${MODE}" == "resiliency" ] && docker-compose -f minio-${MODE}.yaml unpause minio4
-# [ "${MODE}" == "resiliency" ] && docker run --rm --net=mint_default \
-# 	--name="mint-${MODE}-${JOB_NAME}" \
-# 	-e SERVER_ENDPOINT="nginx:9000" \
-# 	-e ACCESS_KEY="${ACCESS_KEY}" \
-# 	-e SECRET_KEY="${SECRET_KEY}" \
-# 	-e ENABLE_HTTPS=0 \
-# 	-e MINT_MODE="${MINT_MODE}" \
-# 	docker.io/minio/mint:edge
-
-docker-compose -f minio-${MODE}.yaml down || true
-sleep 10s
-
-docker system prune -f || true
-docker volume prune -f || true
-docker volume rm $(docker volume ls -q -f dangling=true) || true
-
-## change working directory
-cd ../../../

.github/workflows/shfmt.yml

@@ -1,22 +0,0 @@
-name: Shell formatting checks
-
-on:
-  pull_request:
-    branches:
-      - master
-
-permissions:
-  contents: read
-    
-jobs:
-  build:
-    name: runner / shfmt
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: luizm/action-sh-checker@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SHFMT_OPTS: "-s"
-        with:
-          sh_checker_shellcheck_disable: true # disable for now

.github/workflows/typos.yml

@@ -1,15 +0,0 @@
----
-name: Spelling
-on: [pull_request]
-
-jobs:
-  run:
-    name: Spell Check with Typos
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout Actions Repository
-      uses: actions/checkout@v4
-
-    - name: Check spelling of repo
-      uses: crate-ci/typos@master
-

.github/workflows/upgrade-ci-cd.yaml

@@ -1,34 +0,0 @@
-name: Upgrade old version tests
-
-on:
-  pull_request:
-    branches:
-      - master
-
-# This ensures that previous jobs for the PR are canceled when the PR is
-# updated.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    name: Go ${{ matrix.go-version }} on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        go-version: [1.24.x]
-        os: [ubuntu-latest]
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
-      - name: Start upgrade tests
-        run: |
-          make test-upgrade

.github/workflows/vulncheck.yml

@@ -1,31 +0,0 @@
-name: VulnCheck
-on:
-  pull_request:
-    branches:
-      - master
-
-  push:
-    branches:
-      - master
-
-permissions:
-  contents: read # to fetch code (actions/checkout)
-
-jobs:
-  vulncheck:
-    name: Analysis
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v4
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: 1.24.x
-          cached: false
-      - name: Get official govulncheck
-        run: go install golang.org/x/vuln/cmd/govulncheck@latest
-        shell: bash
-      - name: Run govulncheck
-        run: govulncheck -show verbose ./...
-        shell: bash

.gitignore

@@ -9,47 +9,7 @@ site/
 /.idea/
 /Minio.iml
 **/access.log
-vendor/
-.DS_Store
-*.syso
-coverage.txt
-.vscode/
-*.tar.bz2
-parts/
-prime/
-stage/
-.sia_temp/
-config.json
-node_modules/
-mc.*
-s3-check-md5*
-xl-meta*
-healing-*
-inspect*.zip
-200M*
-hash-set
-minio.RELEASE*
-mc
-nancy
-inspects/*
-.bin/
-*.gz
-docs/debugging/s3-verify/s3-verify
-docs/debugging/xl-meta/xl-meta
-docs/debugging/s3-check-md5/s3-check-md5
-docs/debugging/hash-set/hash-set
-docs/debugging/healing-bin/healing-bin
-docs/debugging/inspect/inspect
-docs/debugging/pprofgoparser/pprofgoparser
-docs/debugging/reorder-disks/reorder-disks
-docs/debugging/populate-hard-links/populate-hardlinks
-docs/debugging/xattr/xattr
-hash-set
-healing-bin
-inspect
-pprofgoparser
-reorder-disks
-s3-check-md5
-s3-verify
-xattr
-xl-meta
+build
+vendor/**/*.js
+vendor/**/*.json
+release

.golangci.yml

@@ -1,64 +0,0 @@
-version: "2"
-linters:
-  default: none
-  enable:
-    - durationcheck
-    - forcetypeassert
-    - gocritic
-    - gomodguard
-    - govet
-    - ineffassign
-    - misspell
-    - revive
-    - staticcheck
-    - unconvert
-    - unused
-    - usetesting
-    - whitespace
-  settings:
-    misspell:
-      locale: US
-    staticcheck:
-      checks:
-        - all
-        - -SA1008
-        - -SA1019
-        - -SA4000
-        - -SA9004
-        - -ST1000
-        - -ST1005
-        - -ST1016
-        - -U1000
-  exclusions:
-    generated: lax
-    rules:
-      - linters:
-          - forcetypeassert
-        path: _test\.go
-      - path: (.+)\.go$
-        text: 'empty-block:'
-      - path: (.+)\.go$
-        text: 'unused-parameter:'
-      - path: (.+)\.go$
-        text: 'dot-imports:'
-      - path: (.+)\.go$
-        text: should have a package comment
-      - path: (.+)\.go$
-        text: error strings should not be capitalized or end with punctuation or a newline
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  max-issues-per-linter: 100
-  max-same-issues: 100
-formatters:
-  enable:
-    - gofumpt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$

.mailmap

@@ -6,13 +6,13 @@
 #
 # For explanation on this file format: man git-shortlog
 
-Anand Babu (AB) Periasamy <ab@min.io> Anand Babu (AB) Periasamy <abperiasamy@users.noreply.github.com>
-Anand Babu (AB) Periasamy <ab@min.io> <ab@unlocksmith.org>
+Anand Babu (AB) Periasamy <ab@minio.io> Anand Babu (AB) Periasamy <abperiasamy@users.noreply.github.com>
+Anand Babu (AB) Periasamy <ab@minio.io> <ab@unlocksmith.org>
 Anis Elleuch <vadmeste@gmail.com>
-Frederick F. Kautz IV <fkautz@min.io> <fkautz@alumni.cmu.edu>
-Harshavardhana <harsha@min.io> <harsha@harshavardhana.net>
-Harshavardhana <harsha@min.io> <badger@gitter.im>
-Harshavardhana <harsha@min.io>
-Krishna Srinivas <krishna@min.io> <krishna.srinivas@gmail.com>
+Frederick F. Kautz IV <fkautz@minio.io> <fkautz@alumni.cmu.edu>
+Harshavardhana <harsha@minio.io> <harsha@harshavardhana.net>
+Harshavardhana <harsha@minio.io> <badger@gitter.im>
+Harshavardhana <harsha@minio.io>
+Krishna Srinivas <krishna@minio.io> <krishna.srinivas@gmail.com>
 Matthew Farrellee <matt@cs.wisc.edu>
 Nate Rosenblum <flander@gmail.com>

.travis.yml

@@ -0,0 +1,24 @@
+sudo: required
+dist: trusty
+language: go
+
+os:
+- linux
+- osx
+
+osx_image: xcode7.2
+
+env:
+- ARCH=x86_64
+- ARCH=i686
+
+script:
+- make test
+- make test GOFLAGS="-race"
+
+go:
+- 1.6
+
+notifications:
+  slack:
+    secure: K9tsn5MvrCAxuEZTxn+m3Kq1K2NG2xMEJFSv/sTp+RQBW7TslPHzv859GsIvrm8mU1y1btOU9RlOzqrRUczI5cJpE8IL1oljPZbXrIXgetE0kbsw0Wpy99g27UQ2VGp933WDu8tfj7zU4cZv+BI0RltNLwqYO6GWXmcWP0IueCU=

.typos.toml

@@ -1,45 +0,0 @@
-[files]
-extend-exclude = [".git/", "docs/", "CREDITS", "go.mod", "go.sum"]
-ignore-hidden = false
-
-[default]
-extend-ignore-re = [
-    "Patrick Collison",
-    "Copyright 2014 Unknwon",
-    "[0-9A-Za-z/+=]{64}",
-    "ZXJuZXQxDjAMBgNVBA-some-junk-Q4wDAYDVQQLEwVNaW5pbzEOMAwGA1UEAxMF",
-    "eyJmb28iOiJiYXIifQ",
-    "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.*",
-    "MIIDBTCCAe2gAwIBAgIQWHw7h.*",
-    'http\.Header\{"X-Amz-Server-Side-Encryptio":',
-    "ZoEoZdLlzVbOlT9rbhD7ZN7TLyiYXSAlB79uGEge",
-    "ERRO:",
-    "(?Rm)^.*(#|//)\\s*spellchecker:disable-line$", # ignore line
-]
-
-[default.extend-words]
-"encrypter" = "encrypter"
-"kms" = "kms"
-"requestor" = "requestor"
-
-[default.extend-identifiers]
-"HashiCorp" = "HashiCorp"
-
-[type.go.extend-identifiers]
-"bui" = "bui"
-"dm2nd" = "dm2nd"
-"ot" = "ot"
-"ParseND" = "ParseND"
-"ParseNDStream" = "ParseNDStream"
-"pn" = "pn"
-"TestGetPartialObjectMisAligned" = "TestGetPartialObjectMisAligned"
-"thr" = "thr"
-"toi" = "toi"
-
-[type.go]
-extend-ignore-identifiers-re = [
-    # Variants of `typ` used to mean `type` in golang as it is otherwise a
-    # keyword - some of these (like typ1 -> type1) can be fixed, but probably
-    # not worth the effort.
-    "[tT]yp[0-9]*",
-]

AWS-SDK-GO.md

@@ -0,0 +1,76 @@
+## Using aws-sdk-go with Minio
+
+aws-sdk-go is the official AWS SDK for the Go programming language. This document covers
+how to use aws-sdk-go with Minio server.
+
+### Install AWS SDK S3 service
+
+```sh
+$ go get github.com/aws/aws-sdk-go/service/s3
+```
+
+### List all buckets on Minio
+
+```go
+package main
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3"
+)
+
+func main() {
+	newSession := session.New()
+	s3Config := &aws.Config{
+		Credentials: credentials.NewStaticCredentials("<YOUR-ACCESS-KEY-ID>", "<YOUR-SECRET-ACCESS-KEY", ""),
+		Endpoint:         aws.String("http://localhost:9000"),
+		Region:           aws.String("us-east-1"),
+		DisableSSL:       aws.Bool(true),
+		S3ForcePathStyle: aws.Bool(true),
+	}
+	// Create an S3 service object in the default region.
+	s3Client := s3.New(newSession, s3Config)
+
+	cparams := &s3.CreateBucketInput{
+		Bucket: aws.String("newbucket"), // Required
+	}
+	_, err := s3Client.CreateBucket(cparams)
+	if err != nil {
+		// Message from an error.
+		fmt.Println(err.Error())
+		return
+	}
+
+	var lparams *s3.ListBucketsInput
+	// Call the ListBuckets() Operation
+	resp, err := s3Client.ListBuckets(lparams)
+	if err != nil {
+		// Message from an error.
+		fmt.Println(err.Error())
+		return
+	}
+
+	// Pretty-print the response data.
+	fmt.Println(resp)
+}
+```
+
+Populate your AccessKeyId and SecretAccessKey credentials and run the program as shown below.
+
+```sh
+$ go run aws-sdk-minio.go
+{
+  Buckets: [{
+      CreationDate: 2015-10-22 01:46:04 +0000 UTC,
+      Name: "newbucket"
+    }],
+  Owner: {
+    DisplayName: "minio",
+    ID: "minio"
+  }
+}
+```

Browser.md

@@ -0,0 +1,39 @@
+## Minio Browser
+
+Minio Browser uses Json Web Tokens to authenticate JSON RPC requests.
+
+Initial request generates a token for 'AccessKey' and 'SecretKey'
+provided by the user.
+
+<blockquote>
+Currently these tokens expire after 10hrs, this is not configurable yet.
+</blockquote>
+
+### Start minio server
+
+```
+minio server <testdir>
+```
+
+### JSON RPC APIs.
+
+JSON RPC namespace is `Web`.
+
+#### Auth Operations
+
+* Login - waits for 'username, password' and on success replies a new Json Web Token (JWT).
+* ResetToken - resets token, requires password and token.
+* Logout - currently a dummy operation.
+
+#### Bucket/Object Operations.
+
+* ListBuckets - lists buckets, requires a valid token.
+* ListObjects - lists objects, requires a valid token.
+* MakeBucket - make a new bucket, requires a valid token.
+* GetObjectURL - generates a URL for download access, requires a valid token.
+  (generated URL is valid for 1hr)
+* PutObjectURL - generates a URL for upload access, requies a valid token.
+  (generated URL is valid for 1hr)
+
+#### Server Operations. 
+* DiskInfo - get backend disk statistics.

Bucket-Policy.md

@@ -0,0 +1,33 @@
+## Access Policy
+
+This package implements parsing and validating bucket access policies based on Access Policy Language specification - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
+
+### Supports following effects.
+
+    Allow
+    Deny
+
+### Supports following set of operations.
+
+    s3:GetObject
+    s3:ListBucket
+    s3:PutObject
+    s3:GetBucketLocation
+    s3:DeleteObject
+    s3:AbortMultipartUpload
+    s3:ListBucketMultipartUploads
+    s3:ListMultipartUploadParts
+
+### Supports following conditions.
+
+    StringEquals
+    StringNotEquals
+
+Supported applicable condition keys for each conditions.
+
+    s3:prefix
+    s3:max-keys
+
+### Nested policy support.
+
+Nested policies are not allowed.

CNAME

@@ -1 +0,0 @@
-charts.min.io

COMPLIANCE.md

@@ -1,7 +0,0 @@
-# AGPLv3 Compliance
-
-We have designed MinIO as an Open Source software for the Open Source software community. This requires applications to consider whether their usage of MinIO is in compliance with the GNU AGPLv3 [license](https://github.com/minio/minio/blob/master/LICENSE).
-
-MinIO cannot make the determination as to whether your application's usage of MinIO is in compliance with the AGPLv3 license requirements. You should instead rely on your own legal counsel or licensing specialists to audit and ensure your application is in compliance with the licenses of MinIO and all other open-source projects with which your application integrates or interacts. We understand that AGPLv3 licensing is complex and nuanced. It is for that reason we strongly encourage using experts in licensing to make any such determinations around compliance instead of relying on apocryphal or anecdotal advice.
-
-[MinIO Commercial Licensing](https://min.io/pricing) is the best option for applications that trigger AGPLv3 obligations (e.g. open sourcing your application). Applications using MinIO - or any other OSS-licensed code - without validating their usage do so at their own risk.

CONTRIBUTING.md

@@ -1,82 +1,71 @@
-# MinIO Contribution Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![Docker Pulls](https://img.shields.io/docker/pulls/minio/minio.svg?maxAge=604800)](https://hub.docker.com/r/minio/minio/)
+### Install Golang
 
-``MinIO`` community welcomes your contribution. To make the process as seamless as possible, we recommend you read this contribution guide.
-
-## Development Workflow
-
-Start by forking the MinIO GitHub repository, make changes in a branch and then send a pull request. We encourage pull requests to discuss code changes. Here are the steps in details:
-
-### Setup your MinIO GitHub Repository
-
-Fork [MinIO upstream](https://github.com/minio/minio/fork) source repository to your own personal repository. Copy the URL of your MinIO fork (you will need it for the `git clone` command below).
+If you do not have a working Golang environment setup please follow [Golang Installation Guide](./INSTALLGO.md).
 
+### Setup your Minio Github Repository
+Fork [Minio upstream](https://github.com/minio/minio/fork) source repository to your own personal repository. Copy the URL and pass it to ``go get`` command. Go uses git to clone a copy into your project workspace folder.
 ```sh
-git clone https://github.com/minio/minio
-cd minio
-go install -v
-ls $(go env GOPATH)/bin/minio
+$ mkdir -p $GOPATH/src/github.com/minio
+$ cd $GOPATH/src/github.com/minio
+$ git clone https://github.com/$USER_ID/minio
+$ cd minio
 ```
 
-### Set up git remote as ``upstream``
+### Compiling Minio from source
+Minio uses ``Makefile`` to wrap around some of redundant checks done through command line.
 
 ```sh
-$ cd minio
+$ make
+Checking if proper environment variables are set.. Done
+...
+Checking dependencies for Minio.. Done
+Installed govet
+Building Libraries
+...
+...
+```
+
+### Setting up git remote as ``upstream``
+```sh
+$ cd $GOPATH/src/github.com/minio/minio
 $ git remote add upstream https://github.com/minio/minio
 $ git fetch upstream
 $ git merge upstream/master
 ...
+...
+$ make
+Checking if proper environment variables are set.. Done
+...
+Checking dependencies for Minio.. Done
+Installed govet
+Building Libraries
+...
 ```
 
-### Create your feature branch
+###  Developer Guidelines
+``Minio`` community welcomes your contribution. To make the process as seamless as possible, we ask for the following:
+* Go ahead and fork the project and make your changes. We encourage pull requests to discuss code changes.
+    - Fork it
+    - Create your feature branch (git checkout -b my-new-feature)
+    - Commit your changes (git commit -am 'Add some feature')
+    - Push to the branch (git push origin my-new-feature)
+    - Create new Pull Request
 
-Before making code changes, make sure you create a separate branch for these changes
+* If you have additional dependencies for ``Minio``, ``Minio`` manages its depedencies using [govendor](https://github.com/kardianos/govendor)
+    - Run `go get foo/bar`
+    - Edit your code to import foo/bar
+    - Run `make pkg-add PKG=foo/bar` from top-level directory
 
-```
-git checkout -b my-new-feature
-```
+* If you have dependencies for ``Minio`` which needs to be removed
+    - Edit your code to not import foo/bar
+    - Run `make pkg-remove PKG=foo/bar` from top-level directory
 
-### Test MinIO server changes
+* When you're ready to create a pull request, be sure to:
+    - Have test cases for the new code. If you have questions about how to do it, please ask in your pull request.
+    - Run `make verifiers`
+    - Squash your commits into a single commit. `git rebase -i`. It's okay to force update your pull request.
+    - Make sure `go test -race ./...` and `go build` completes.
 
-After your code changes, make sure
-
-- To add test cases for the new code. If you have questions about how to do it, please ask on our [Slack](https://slack.min.io) channel.
-- To run `make verifiers`
-- To squash your commits into a single commit. `git rebase -i`. It's okay to force update your pull request.
-- To run `make test` and `make build` completes.
-
-### Commit changes
-
-After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to write useful commit messages
-
-```
-git commit -am 'Add some feature'
-```
-
-### Push to the branch
-
-Push your locally committed changes to the remote origin (your fork)
-
-```
-git push origin my-new-feature
-```
-
-### Create a Pull Request
-
-Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.
-
-## FAQs
-
-### How does ``MinIO`` manage dependencies?
-
-``MinIO`` uses `go mod` to manage its dependencies.
-
-- Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.
-
-To remove a dependency
-
-- Edit your code and remove the import reference.
-- Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.
-
-### What are the coding guidelines for MinIO?
-
-``MinIO`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
+* Read [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project
+    - `Minio` project is fully conformant with Golang style
+    - if you happen to observe offending code, please feel free to send a pull request

Caddy.md

@@ -0,0 +1,27 @@
+## Setting up Proxy using Caddy.
+
+Please download [Caddy Server](https://caddyserver.com/download)
+
+Create a caddy configuration file as below, change the ip addresses according to your local
+minio and DNS configuration.
+
+```bash
+$ ./minio --address localhost:9000 server <your_export_dir>
+```
+
+```bash
+your.public.com {
+    proxy / localhost:9000 {
+        proxy_header Host {host}
+        proxy_header X-Real-IP {remote}
+        proxy_header X-Forwarded-Proto {scheme}
+    }
+}
+```
+
+```bash
+$ ./caddy
+Activating privacy features... done.
+your.public.com:443
+your.public.com:80
+```

Docker.md

@@ -0,0 +1,28 @@
+### Run Minio docker image
+
+## Test Minio Docker Container
+Minio generates new access and secret keys each time you run this command. Container state is lost after you end this session. This mode is only intended for testing purpose.
+```bash
+docker run -p 9000:9000 minio/minio /export
+```
+
+## Run Minio Docker Container
+Minio container requires a persistent volume to store configuration and application data. Following command maps local persistent directories from the host OS to virtual config `~/.minio` and export `/export` directories. 
+
+```bash
+docker run -p 9000:9000 --name minio1 \
+  -v /mnt/export/minio1:/export \
+  -v /mnt/config/minio1:/root/.minio \
+  minio/minio /export
+```
+
+## Custom Access and Secret Keys
+To override Minio's auto-generated keys, you may pass secret and access keys explicitly as environment variables. Minio server also allows regular strings as access and secret keys.
+```bash
+docker run -p 9000:9000 --name minio1 \
+  -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \
+  -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
+  -v /mnt/export/minio1:/export \
+  -v /mnt/config/minio1:/root/.minio \
+  minio/minio /export
+```

Dockerfile

@@ -1,18 +0,0 @@
-FROM minio/minio:latest
-
-ARG TARGETARCH
-ARG RELEASE
-
-RUN chmod -R 777 /usr/bin
-
-COPY ./minio-${TARGETARCH}.${RELEASE} /usr/bin/minio
-COPY ./minio-${TARGETARCH}.${RELEASE}.minisig /usr/bin/minio.minisig
-COPY ./minio-${TARGETARCH}.${RELEASE}.sha256sum /usr/bin/minio.sha256sum
-
-COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
-
-ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
-
-VOLUME ["/data"]
-
-CMD ["minio"]

Dockerfile.cicd

@@ -1,3 +0,0 @@
-FROM minio/minio:edge
-
-CMD ["minio", "server", "/data"]

Dockerfile.hotfix

@@ -1,71 +0,0 @@
-FROM golang:1.24-alpine as build
-
-ARG TARGETARCH
-ARG RELEASE
-
-ENV GOPATH=/go
-ENV CGO_ENABLED=0
-
-# Install curl and minisign
-RUN apk add -U --no-cache ca-certificates && \
-    apk add -U --no-cache curl && \
-    go install aead.dev/minisign/cmd/minisign@v0.2.1
-
-# Download minio binary and signature files
-RUN curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
-    curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
-    curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \
-    chmod +x /go/bin/minio
-
-# Download mc binary and signature files
-RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \
-    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \
-    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.sha256sum -o /go/bin/mc.sha256sum && \
-    chmod +x /go/bin/mc
-
-RUN if [ "$TARGETARCH" = "amd64" ]; then \
-       curl -L -s -q https://github.com/moparisthebest/static-curl/releases/latest/download/curl-${TARGETARCH} -o /go/bin/curl; \
-       chmod +x /go/bin/curl; \
-    fi
-
-# Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN"
-RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \
-    minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
-
-FROM registry.access.redhat.com/ubi9/ubi-micro:latest
-
-ARG RELEASE
-
-LABEL name="MinIO" \
-      vendor="MinIO Inc <dev@min.io>" \
-      maintainer="MinIO Inc <dev@min.io>" \
-      version="${RELEASE}" \
-      release="${RELEASE}" \
-      summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
-      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
-
-ENV MINIO_ACCESS_KEY_FILE=access_key \
-    MINIO_SECRET_KEY_FILE=secret_key \
-    MINIO_ROOT_USER_FILE=access_key \
-    MINIO_ROOT_PASSWORD_FILE=secret_key \
-    MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
-    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
-    MINIO_CONFIG_ENV_FILE=config.env \
-    MC_CONFIG_DIR=/tmp/.mc
-
-RUN chmod -R 777 /usr/bin
-
-COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=build /go/bin/minio* /usr/bin/
-COPY --from=build /go/bin/mc* /usr/bin/
-COPY --from=build /go/bin/cur* /usr/bin/
-
-COPY CREDITS /licenses/CREDITS
-COPY LICENSE /licenses/LICENSE
-COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
-
-EXPOSE 9000
-VOLUME ["/data"]
-
-ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
-CMD ["minio"]

Dockerfile.release

@@ -1,73 +0,0 @@
-FROM golang:1.24-alpine AS build
-
-ARG TARGETARCH
-ARG RELEASE
-
-ENV GOPATH=/go
-ENV CGO_ENABLED=0
-
-WORKDIR /build
-
-# Install curl and minisign
-RUN apk add -U --no-cache ca-certificates && \
-    apk add -U --no-cache curl && \
-    apk add -U --no-cache bash && \
-    go install aead.dev/minisign/cmd/minisign@v0.2.1
-
-# Download minio binary and signature files
-RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
-    curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
-    curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \
-    chmod +x /go/bin/minio
-
-# Download mc binary and signature files
-RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \
-    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \
-    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.sha256sum -o /go/bin/mc.sha256sum && \
-    chmod +x /go/bin/mc
-
-# Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN"
-RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \
-    minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
-
-COPY dockerscripts/download-static-curl.sh /build/download-static-curl
-RUN chmod +x /build/download-static-curl && \
-    /build/download-static-curl
-
-FROM registry.access.redhat.com/ubi9/ubi-micro:latest
-
-ARG RELEASE
-
-LABEL name="MinIO" \
-      vendor="MinIO Inc <dev@min.io>" \
-      maintainer="MinIO Inc <dev@min.io>" \
-      version="${RELEASE}" \
-      release="${RELEASE}" \
-      summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
-      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
-
-ENV MINIO_ACCESS_KEY_FILE=access_key \
-    MINIO_SECRET_KEY_FILE=secret_key \
-    MINIO_ROOT_USER_FILE=access_key \
-    MINIO_ROOT_PASSWORD_FILE=secret_key \
-    MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
-    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
-    MINIO_CONFIG_ENV_FILE=config.env \
-    MC_CONFIG_DIR=/tmp/.mc
-
-RUN chmod -R 777 /usr/bin
-
-COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=build /go/bin/minio* /usr/bin/
-COPY --from=build /go/bin/mc* /usr/bin/
-COPY --from=build /go/bin/curl* /usr/bin/
-
-COPY CREDITS /licenses/CREDITS
-COPY LICENSE /licenses/LICENSE
-COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
-
-EXPOSE 9000
-VOLUME ["/data"]
-
-ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
-CMD ["minio"]

Dockerfile.release.old_cpu

@@ -1,71 +0,0 @@
-FROM golang:1.24-alpine AS build
-
-ARG TARGETARCH
-ARG RELEASE
-
-ENV GOPATH=/go
-ENV CGO_ENABLED=0
-
-# Install curl and minisign
-RUN apk add -U --no-cache ca-certificates && \
-    apk add -U --no-cache curl && \
-    go install aead.dev/minisign/cmd/minisign@v0.2.1
-
-# Download minio binary and signature files
-RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
-    curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
-    curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \
-    chmod +x /go/bin/minio
-
-# Download mc binary and signature files
-RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \
-    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \
-    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.sha256sum -o /go/bin/mc.sha256sum && \
-    chmod +x /go/bin/mc
-
-RUN if [ "$TARGETARCH" = "amd64" ]; then \
-       curl -L -s -q https://github.com/moparisthebest/static-curl/releases/latest/download/curl-${TARGETARCH} -o /go/bin/curl; \
-       chmod +x /go/bin/curl; \
-    fi
-
-# Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN"
-RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav && \
-    minisign -Vqm /go/bin/mc -x /go/bin/mc.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
-
-FROM registry.access.redhat.com/ubi8/ubi-micro:latest
-
-ARG RELEASE
-
-LABEL name="MinIO" \
-      vendor="MinIO Inc <dev@min.io>" \
-      maintainer="MinIO Inc <dev@min.io>" \
-      version="${RELEASE}" \
-      release="${RELEASE}" \
-      summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
-      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
-
-ENV MINIO_ACCESS_KEY_FILE=access_key \
-    MINIO_SECRET_KEY_FILE=secret_key \
-    MINIO_ROOT_USER_FILE=access_key \
-    MINIO_ROOT_PASSWORD_FILE=secret_key \
-    MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
-    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
-    MINIO_CONFIG_ENV_FILE=config.env \
-    MC_CONFIG_DIR=/tmp/.mc
-
-RUN chmod -R 777 /usr/bin
-
-COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=build /go/bin/minio* /usr/bin/
-COPY --from=build /go/bin/mc* /usr/bin/
-COPY --from=build /go/bin/cur* /usr/bin/
-
-COPY CREDITS /licenses/CREDITS
-COPY LICENSE /licenses/LICENSE
-COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
-
-EXPOSE 9000
-VOLUME ["/data"]
-
-ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
-CMD ["minio"]

Dockerfile.scratch

@@ -1,5 +0,0 @@
-FROM scratch
-
-COPY minio /minio
-
-CMD ["/minio"]

INSTALLGO.md

@@ -0,0 +1,84 @@
+## Ubuntu (Kylin) 14.04
+### Build Dependencies
+This installation document assumes Ubuntu 14.04+ on x86-64 platform.
+
+##### Install Git, GCC
+```sh
+$ sudo apt-get install git build-essential
+```
+
+##### Install Go 1.6+
+
+Download Go 1.6+ from [https://golang.org/dl/](https://golang.org/dl/).
+
+```sh
+$ wget https://storage.googleapis.com/golang/go1.6.linux-amd64.tar.gz
+$ mkdir -p ${HOME}/bin/
+$ mkdir -p ${HOME}/go/
+$ tar -C ${HOME}/bin/ -xzf go1.6.linux-amd64.tar.gz
+```
+##### Setup GOROOT and GOPATH
+
+Add the following exports to your ``~/.bashrc``. Environment variable GOROOT specifies the location of your golang binaries
+and GOPATH specifies the location of your project workspace.
+
+```sh
+export GOROOT=${HOME}/bin/go
+export GOPATH=${HOME}/go
+export PATH=${HOME}/bin/go/bin:${GOPATH}/bin:$PATH
+```
+##### Source the new enviornment
+
+```sh
+$ source ~/.bashrc
+```
+
+##### Testing it all
+
+```sh
+$ go env
+```
+
+## OS X (Yosemite) 10.10
+### Build Dependencies
+This installation document assumes OS X Yosemite 10.10+ on x86-64 platform.
+
+##### Install brew
+```sh
+$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
+```
+
+##### Install Git, Python
+```sh
+$ brew install git python
+```
+
+##### Install Go 1.5+
+
+Install golang binaries using `brew`
+
+```sh
+$ brew install go
+$ mkdir -p $HOME/go
+```
+
+##### Setup GOROOT and GOPATH
+
+Add the following exports to your ``~/.bash_profile``. Environment variable GOROOT specifies the location of your golang binaries
+and GOPATH specifies the location of your project workspace.
+
+```sh
+export GOPATH=${HOME}/go
+export GOVERSION=$(brew list go | head -n 1 | cut -d '/' -f 6)
+export GOROOT=$(brew --prefix)/Cellar/go/${GOVERSION}/libexec
+export PATH=${GOPATH}/bin:$PATH
+```
+##### Source the new enviornment
+```sh
+$ source ~/.bash_profile
+```
+##### Testing it all
+
+```sh
+$ go env
+```

LICENSE

@@ -1,661 +1,202 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
-
-  A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate.  Many developers of free software are heartened and
-encouraged by the resulting cooperation.  However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
-
-  The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community.  It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
-
-  An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals.  This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU Affero General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Remote Network Interaction; Use with the GNU General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
-
-    You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source.  For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code.  There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
-<https://www.gnu.org/licenses/>.
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

MAINTAINERS.md

@@ -0,0 +1,37 @@
+# For maintainers only
+
+### Setup your minio Github Repository
+
+Fork [minio upstream](https://github.com/minio/minio/fork) source repository to your own personal repository.
+```bash
+$ mkdir -p $GOPATH/src/github.com/minio
+$ cd $GOPATH/src/github.com/minio
+$ git clone https://github.com/$USER_ID/minio
+$ 
+```
+
+``minio`` uses [govendor](https://github.com/kardianos/govendor) for its dependency management.
+
+### To manage dependencies
+
+#### Add new dependencies
+
+  - Run `go get foo/bar`
+  - Edit your code to import foo/bar
+  - Run `govendor add foo/bar` from top-level folder
+
+#### Remove dependencies 
+
+  - Run `govendor remove foo/bar`
+
+#### Update dependencies
+
+  - Run `govendor remove +vendor`
+  - Run to update the dependent package `go get -u foo/bar`
+  - Run `govendor add +external`
+
+### Making new releases 
+
+`minio` doesn't follow semantic versioning style, `minio` instead uses the release date and time as the release versions.
+
+`make release` will generate new binary into `release` directory.

Makefile

@@ -1,245 +1,152 @@
+LDFLAGS := $(shell go run buildscripts/gen-ldflags.go)
+DOCKER_BIN := $(shell which docker)
 PWD := $(shell pwd)
 GOPATH := $(shell go env GOPATH)
-LDFLAGS := $(shell go run buildscripts/gen-ldflags.go)
+DOCKER_LDFLAGS := '$(LDFLAGS) -extldflags "-static"'
+BUILD_LDFLAGS := '$(LDFLAGS)'
+TAG := latest
 
-GOOS ?= $(shell go env GOOS)
-GOARCH ?= $(shell go env GOARCH)
+HOST ?= $(shell uname)
+CPU ?= $(shell uname -m)
 
-VERSION ?= $(shell git describe --tags)
-REPO ?= quay.io/minio
-TAG ?= $(REPO)/minio:$(VERSION)
+# if no host is identifed (no uname tool)
+# we assume a Linux-64bit build
+ifeq ($(HOST),)
+  HOST = Linux
+endif
 
-GOLANGCI_DIR = .bin/golangci/$(GOLANGCI_VERSION)
-GOLANGCI = $(GOLANGCI_DIR)/golangci-lint
+# identify CPU
+ifeq ($(CPU), x86_64)
+  HOST := $(HOST)64
+else
+ifeq ($(CPU), amd64)
+  HOST := $(HOST)64
+else
+ifeq ($(CPU), i686)
+  HOST := $(HOST)32
+endif
+endif
+endif
 
-all: build
 
-checks: ## check dependencies
-	@echo "Checking dependencies"
+#############################################
+# now we find out the target OS for
+# which we are going to compile in case
+# the caller didn't yet define OS himself
+ifndef (OS)
+  ifeq ($(HOST), Linux64)
+    arch = gcc
+  else
+  ifeq ($(HOST), Linux32)
+    arch = 32
+  else
+  ifeq ($(HOST), Darwin64)
+    arch = clang
+  else
+  ifeq ($(HOST), Darwin32)
+    arch = clang
+  else
+  ifeq ($(HOST), FreeBSD64)
+    arch = gcc
+  endif
+  endif
+  endif
+  endif
+  endif
+endif
+
+all: install
+
+checks:
+	@echo "Checking deps:"
 	@(env bash $(PWD)/buildscripts/checkdeps.sh)
+	@(env bash $(PWD)/buildscripts/checkgopath.sh)
 
-help: ## print this help
-	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' Makefile | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-40s\033[0m %s\n", $$1, $$2}'
+checkdocker:
+	@echo "Checking if docker is installed.. "
+	@if [ -z ${DOCKER_BIN} ]; then echo "Docker not installed, cannot build docker image. Please install 'sudo apt-get install docker.io'" && exit 1; else echo "Docker installed at ${DOCKER_BIN}."; fi;
 
-getdeps: ## fetch necessary dependencies
-	@mkdir -p ${GOPATH}/bin
-	@echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOLANGCI_DIR)
+getdeps: checks
+	@go get -u github.com/golang/lint/golint && echo "Installed golint:"
+	@go get -u github.com/fzipp/gocyclo && echo "Installed gocyclo:"
+	@go get -u github.com/remyoudompheng/go-misc/deadcode && echo "Installed deadcode:"
+	@go get -u github.com/client9/misspell/cmd/misspell && echo "Installed misspell:"
 
-crosscompile: ## cross compile minio
-	@(env bash $(PWD)/buildscripts/cross-compile.sh)
+verifiers: vet fmt lint cyclo spelling
 
-verifiers: lint check-gen
+vet:
+	@echo "Running $@:"
+	@GO15VENDOREXPERIMENT=1 go tool vet -all *.go
+	@GO15VENDOREXPERIMENT=1 go tool vet -all ./pkg
+	@GO15VENDOREXPERIMENT=1 go tool vet -shadow=true *.go
+	@GO15VENDOREXPERIMENT=1 go tool vet -shadow=true ./pkg
 
-check-gen: ## check for updated autogenerated files
-	@go generate ./... >/dev/null
-	@go mod tidy -compat=1.21
-	@(! git diff --name-only | grep '_gen.go$$') || (echo "Non-committed changes in auto-generated code is detected, please commit them to proceed." && false)
-	@(! git diff --name-only | grep 'go.sum') || (echo "Non-committed changes in auto-generated go.sum is detected, please commit them to proceed." && false)
+fmt:
+	@echo "Running $@:"
+	@GO15VENDOREXPERIMENT=1 gofmt -s -l *.go
+	@GO15VENDOREXPERIMENT=1 gofmt -s -l pkg
 
-lint: getdeps ## runs golangci-lint suite of linters
-	@echo "Running $@ check"
-	@$(GOLANGCI) run --build-tags kqueue --timeout=10m --config ./.golangci.yml
-	@command typos && typos ./ || echo "typos binary is not found.. skipping.."
+lint:
+	@echo "Running $@:"
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/golint *.go
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/golint github.com/minio/minio/pkg...
 
-lint-fix: getdeps ## runs golangci-lint suite of linters with automatic fixes
-	@echo "Running $@ check"
-	@$(GOLANGCI) run --build-tags kqueue --timeout=10m --config ./.golangci.yml --fix
+cyclo:
+	@echo "Running $@:"
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/gocyclo -over 65 *.go
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/gocyclo -over 65 pkg
 
-check: test
-test: verifiers build ## builds minio, runs linters, tests
-	@echo "Running unit tests"
-	@MINIO_API_REQUESTS_MAX=10000 CGO_ENABLED=0 go test -v -tags kqueue,dev ./...
+build: getdeps verifiers $(UI_ASSETS)
 
-test-root-disable: install-race
-	@echo "Running minio root lockdown tests"
-	@env bash $(PWD)/buildscripts/disable-root.sh
+deadcode:
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/deadcode
 
-test-ilm: install-race
-	@echo "Running ILM tests"
-	@env bash $(PWD)/docs/bucket/replication/setup_ilm_expiry_replication.sh
+spelling:
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/misspell *.go
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/misspell pkg/**/*
 
-test-ilm-transition: install-race
-	@echo "Running ILM tiering tests with healing"
-	@env bash $(PWD)/docs/bucket/lifecycle/setup_ilm_transition.sh
+test: build
+	@echo "Running all minio testing:"
+	@GO15VENDOREXPERIMENT=1 go test $(GOFLAGS) .
+	@GO15VENDOREXPERIMENT=1 go test $(GOFLAGS) github.com/minio/minio/pkg...
 
-test-pbac: install-race
-	@echo "Running bucket policies tests"
-	@env bash $(PWD)/docs/iam/policies/pbac-tests.sh
+gomake-all: build
+	@echo "Installing minio:"
+	@GO15VENDOREXPERIMENT=1 go build --ldflags $(BUILD_LDFLAGS) -o $(GOPATH)/bin/minio
 
-test-decom: install-race
-	@echo "Running minio decom tests"
-	@env bash $(PWD)/docs/distributed/decom.sh
-	@env bash $(PWD)/docs/distributed/decom-encrypted.sh
-	@env bash $(PWD)/docs/distributed/decom-encrypted-sse-s3.sh
-	@env bash $(PWD)/docs/distributed/decom-compressed-sse-s3.sh
-	@env bash $(PWD)/docs/distributed/decom-encrypted-kes.sh
+pkg-add:
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/govendor add $(PKG)
 
-test-versioning: install-race
-	@echo "Running minio versioning tests"
-	@env bash $(PWD)/docs/bucket/versioning/versioning-tests.sh
+pkg-update:
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/govendor update $(PKG)
 
-test-configfile: install-race
-	@env bash $(PWD)/docs/distributed/distributed-from-config-file.sh
+pkg-remove:
+	@GO15VENDOREXPERIMENT=1 ${GOPATH}/bin/govendor remove $(PKG)
 
-test-upgrade: install-race
-	@echo "Running minio upgrade tests"
-	@(env bash $(PWD)/buildscripts/minio-upgrade.sh)
+pkg-list:
+	@GO15VENDOREXPERIMENT=1 $(GOPATH)/bin/govendor list
 
-test-race: verifiers build ## builds minio, runs linters, tests (race)
-	@echo "Running unit tests under -race"
-	@(env bash $(PWD)/buildscripts/race.sh)
+install: gomake-all
 
-test-iam: install-race ## verify IAM (external IDP, etcd backends)
-	@echo "Running tests for IAM (external IDP, etcd backends)"
-	@MINIO_API_REQUESTS_MAX=10000 CGO_ENABLED=0 go test -timeout 15m -tags kqueue,dev -v -run TestIAM* ./cmd
-	@echo "Running tests for IAM (external IDP, etcd backends) with -race"
-	@MINIO_API_REQUESTS_MAX=10000 GORACE=history_size=7 CGO_ENABLED=1 go test -timeout 15m -race -tags kqueue,dev -v -run TestIAM* ./cmd
+dockerimage: checkdocker getdeps verifiers $(UI_ASSETS)
+	@echo "Building docker image:" minio:$(TAG)
+	@GO15VENDOREXPERIMENT=1 GOOS=linux GOARCH=amd64 go build --ldflags $(DOCKER_LDFLAGS) -o docker/minio.dockerimage
+	@touch docker/dockerinit
+	@cd docker; mkdir -p export; sudo docker build --rm --tag=minio/minio:$(TAG) .
+	@rmdir docker/export
+	@rm docker/minio.dockerimage
+	@rm docker/dockerinit
 
-test-iam-ldap-upgrade-import: install-race ## verify IAM (external LDAP IDP)
-	@echo "Running upgrade tests for IAM (LDAP backend)"
-	@env bash $(PWD)/buildscripts/minio-iam-ldap-upgrade-import-test.sh
+release: verifiers
+	@MINIO_RELEASE=RELEASE ./buildscripts/build.sh
 
-test-iam-import-with-missing-entities: install-race ## test import of external iam config withg missing entities
-	@echo "Test IAM import configurations with missing entities"
-	@env bash $(PWD)/docs/distributed/iam-import-with-missing-entities.sh
+experimental: verifiers
+	@MINIO_RELEASE=EXPERIMENTAL ./buildscripts/build.sh
 
-test-iam-import-with-openid: install-race
-	@echo "Test IAM import configurations with openid"
-	@env bash $(PWD)/docs/distributed/iam-import-with-openid.sh
-
-test-sio-error:
-	@(env bash $(PWD)/docs/bucket/replication/sio-error.sh)
-
-test-replication-2site:
-	@(env bash $(PWD)/docs/bucket/replication/setup_2site_existing_replication.sh)
-
-test-replication-3site:
-	@(env bash $(PWD)/docs/bucket/replication/setup_3site_replication.sh)
-
-test-delete-replication:
-	@(env bash $(PWD)/docs/bucket/replication/delete-replication.sh)
-
-test-delete-marker-proxying:
-	@(env bash $(PWD)/docs/bucket/replication/test_del_marker_proxying.sh)
-
-test-replication: install-race test-replication-2site test-replication-3site test-delete-replication test-sio-error test-delete-marker-proxying ## verify multi site replication
-	@echo "Running tests for replicating three sites"
-
-test-site-replication-ldap: install-race ## verify automatic site replication
-	@echo "Running tests for automatic site replication of IAM (with LDAP)"
-	@(env bash $(PWD)/docs/site-replication/run-multi-site-ldap.sh)
-
-test-site-replication-oidc: install-race ## verify automatic site replication
-	@echo "Running tests for automatic site replication of IAM (with OIDC)"
-	@(env bash $(PWD)/docs/site-replication/run-multi-site-oidc.sh)
-
-test-site-replication-minio: install-race ## verify automatic site replication
-	@echo "Running tests for automatic site replication of IAM (with MinIO IDP)"
-	@(env bash $(PWD)/docs/site-replication/run-multi-site-minio-idp.sh)
-	@echo "Running tests for automatic site replication of SSE-C objects"
-	@(env bash $(PWD)/docs/site-replication/run-ssec-object-replication.sh)
-	@echo "Running tests for automatic site replication of SSE-C objects with SSE-KMS enabled for bucket"
-	@(env bash $(PWD)/docs/site-replication/run-sse-kms-object-replication.sh)
-	@echo "Running tests for automatic site replication of SSE-C objects with compression enabled for site"
-	@(env bash $(PWD)/docs/site-replication/run-ssec-object-replication-with-compression.sh)
-
-test-multipart: install-race ## test multipart
-	@echo "Test multipart behavior when part files are missing"
-	@(env bash $(PWD)/buildscripts/multipart-quorum-test.sh)
-
-test-timeout: install-race ## test multipart
-	@echo "Test server timeout"
-	@(env bash $(PWD)/buildscripts/test-timeout.sh)
-
-verify: install-race ## verify minio various setups
-	@echo "Verifying build with race"
-	@(env bash $(PWD)/buildscripts/verify-build.sh)
-
-verify-healing: install-race ## verify healing and replacing disks with minio binary
-	@echo "Verify healing build with race"
-	@(env bash $(PWD)/buildscripts/verify-healing.sh)
-	@(env bash $(PWD)/buildscripts/verify-healing-empty-erasure-set.sh)
-	@(env bash $(PWD)/buildscripts/heal-inconsistent-versions.sh)
-
-verify-healing-with-root-disks: install-race ## verify healing root disks
-	@echo "Verify healing with root drives"
-	@(env bash $(PWD)/buildscripts/verify-healing-with-root-disks.sh)
-
-verify-healing-with-rewrite: install-race ## verify healing to rewrite old xl.meta -> new xl.meta
-	@echo "Verify healing with rewrite"
-	@(env bash $(PWD)/buildscripts/rewrite-old-new.sh)
-
-verify-healing-inconsistent-versions: install-race ## verify resolving inconsistent versions
-	@echo "Verify resolving inconsistent versions build with race"
-	@(env bash $(PWD)/buildscripts/resolve-right-versions.sh)
-
-build-debugging:
-	@(env bash $(PWD)/docs/debugging/build.sh)
-
-build: checks build-debugging ## builds minio to $(PWD)
-	@echo "Building minio binary to './minio'"
-	@CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(GOARCH) go build -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null
-
-hotfix-vars:
-	$(eval LDFLAGS := $(shell MINIO_RELEASE="RELEASE" MINIO_HOTFIX="hotfix.$(shell git rev-parse --short HEAD)" go run buildscripts/gen-ldflags.go $(shell git describe --tags --abbrev=0 | \
-    sed 's#RELEASE\.\([0-9]\+\)-\([0-9]\+\)-\([0-9]\+\)T\([0-9]\+\)-\([0-9]\+\)-\([0-9]\+\)Z#\1-\2-\3T\4:\5:\6Z#')))
-	$(eval VERSION := $(shell git describe --tags --abbrev=0).hotfix.$(shell git rev-parse --short HEAD))
-
-hotfix: hotfix-vars clean install ## builds minio binary with hotfix tags
-	@wget -q -c https://github.com/minio/pkger/releases/download/v2.3.11/pkger_2.3.11_linux_amd64.deb
-	@wget -q -c https://raw.githubusercontent.com/minio/minio-service/v1.1.1/linux-systemd/distributed/minio.service
-	@sudo apt install ./pkger_2.3.11_linux_amd64.deb --yes
-	@mkdir -p minio-release/$(GOOS)-$(GOARCH)/archive
-	@cp -af ./minio minio-release/$(GOOS)-$(GOARCH)/minio
-	@cp -af ./minio minio-release/$(GOOS)-$(GOARCH)/minio.$(VERSION)
-	@minisign -qQSm minio-release/$(GOOS)-$(GOARCH)/minio.$(VERSION) -s "${CRED_DIR}/minisign.key" < "${CRED_DIR}/minisign-passphrase"
-	@sha256sum < minio-release/$(GOOS)-$(GOARCH)/minio.$(VERSION) | sed 's, -,minio.$(VERSION),g' > minio-release/$(GOOS)-$(GOARCH)/minio.$(VERSION).sha256sum
-	@cp -af minio-release/$(GOOS)-$(GOARCH)/minio.$(VERSION)* minio-release/$(GOOS)-$(GOARCH)/archive/
-	@pkger -r $(VERSION) --ignore
-
-hotfix-push: hotfix
-	@scp -q -r minio-release/$(GOOS)-$(GOARCH)/* minio@dl-0.minio.io:~/releases/server/minio/hotfixes/linux-$(GOOS)/
-	@scp -q -r minio-release/$(GOOS)-$(GOARCH)/* minio@dl-0.minio.io:~/releases/server/minio/hotfixes/linux-$(GOOS)/archive
-	@scp -q -r minio-release/$(GOOS)-$(GOARCH)/* minio@dl-1.minio.io:~/releases/server/minio/hotfixes/linux-$(GOOS)/
-	@scp -q -r minio-release/$(GOOS)-$(GOARCH)/* minio@dl-1.minio.io:~/releases/server/minio/hotfixes/linux-$(GOOS)/archive
-	@echo "Published new hotfix binaries at https://dl.min.io/server/minio/hotfixes/linux-$(GOOS)/archive/minio.$(VERSION)"
-
-docker-hotfix-push: docker-hotfix
-	@docker push -q $(TAG) && echo "Published new container $(TAG)"
-
-docker-hotfix: hotfix-push checks ## builds minio docker container with hotfix tags
-	@echo "Building minio docker image '$(TAG)'"
-	@docker build -q --no-cache -t $(TAG) --build-arg RELEASE=$(VERSION) . -f Dockerfile.hotfix
-
-docker: build ## builds minio docker container
-	@echo "Building minio docker image '$(TAG)'"
-	@docker build -q --no-cache -t $(TAG) . -f Dockerfile
-
-test-resiliency: build
-	@echo "Running resiliency tests"
-	@(DOCKER_COMPOSE_FILE=$(PWD)/docs/resiliency/docker-compose.yaml env bash $(PWD)/docs/resiliency/resiliency-tests.sh)
-
-install-race: checks build-debugging ## builds minio to $(PWD)
-	@echo "Building minio binary with -race to './minio'"
-	@GORACE=history_size=7 CGO_ENABLED=1 go build -tags kqueue,dev -race -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null
-	@echo "Installing minio binary with -race to '$(GOPATH)/bin/minio'"
-	@mkdir -p $(GOPATH)/bin && cp -af $(PWD)/minio $(GOPATH)/bin/minio
-
-install: build ## builds minio and installs it to $GOPATH/bin.
-	@echo "Installing minio binary to '$(GOPATH)/bin/minio'"
-	@mkdir -p $(GOPATH)/bin && cp -af $(PWD)/minio $(GOPATH)/bin/minio
-	@echo "Installation successful. To learn more, try \"minio --help\"."
-
-clean: ## cleanup all generated assets
-	@echo "Cleaning up all the generated files"
+clean:
+	@echo "Cleaning up all the generated files:"
+	@rm -fv minio minio.test cover.out
 	@find . -name '*.test' | xargs rm -fv
-	@find . -name '*~' | xargs rm -fv
-	@find . -name '.#*#' | xargs rm -fv
-	@find . -name '#*#' | xargs rm -fv
-	@rm -rvf minio
-	@rm -rvf build
-	@rm -rvf release
-	@rm -rvf .verify*
-	@rm -rvf minio-release
-	@rm -rvf minio.RELEASE*.hotfix.*
-	@rm -rvf pkger_*.deb
+	@rm -rf isa-l
+	@rm -rf build
+	@rm -rf release

Multipart.md

@@ -0,0 +1,10 @@
+## Multipart backend format
+
+When multipart upload is used for objects, below meta-data/staging files are created 
+
+- New multipart upload call creates file ```EXPORT_DIR/.minio/BUCKET/PATH/TO/OBJECT/UPLOAD_ID.uploadid```
+- Put object part call creates file ```EXPORT_DIR/.minio/BUCKET/PATH/TO/OBJECT/UPLOAD_ID.PART_NUMBER.MD5SUM_STRING```
+- Abort multipart call removes all files matching ```EXPORT_DIR/.minio/BUCKET/PATH/TO/OBJECT/UPLOAD_ID.*```
+- Complete multipart call does
+  1. Create a staging file ```EXPORT_DIR/.minio/BUCKET/PATH/TO/OBJECT/UPLOAD_ID.complete.TEMP_NAME``` then rename to ```EXPORT_DIR/.minio/BUCKET/PATH/TO/OBJECT/UPLOAD_ID.complete```
+  2. Rename staging file ```EXPORT_DIR/.minio/BUCKET/PATH/TO/OBJECT/UPLOAD_ID.complete``` to ```EXPORT_DIR/BUCKET/PATH/TO/OBJECT```

NOTICE

@@ -1,9 +1,9 @@
-MinIO Project, (C) 2015-2023 MinIO, Inc.
+Minio Cloud Storage, (C) 2014,2015 Minio, Inc.
 
-This product includes software developed at MinIO, Inc.
-(https://min.io/).
+This product includes software developed at Minio, Inc.
+(https://minio.io/).
 
-The MinIO project contains unmodified/modified subcomponents too with
+The Minio project contains unmodified/modified subcomponents too with
 separate copyright notices and license terms. Your use of the source
 code for these subcomponents is subject to the terms and conditions
-of GNU Affero General Public License 3.0.
+of the following licenses.

PULL_REQUESTS_ETIQUETTE.md

@@ -1,93 +0,0 @@
-# MinIO Pull Request Guidelines
-
-These guidelines ensure high-quality commits in MinIO’s GitHub repositories, maintaining 
-a clear, valuable commit history for our open-source projects. They apply to all contributors, 
-fostering efficient reviews and robust code.
-
-## Why Pull Requests?
-
-Pull Requests (PRs) drive quality in MinIO’s codebase by:
-- Enabling peer review without pair programming.
-- Documenting changes for future reference.
-- Ensuring commits tell a clear story of development.
-
-**A poor commit lasts forever, even if code is refactored.**
-
-## Crafting a Quality PR
-
-A strong MinIO PR:
-- Delivers a complete, valuable change (feature, bug fix, or improvement).
-- Has a concise title (e.g., `[S3] Fix bucket policy parsing #1234`) and a summary with context, referencing issues (e.g., `#1234`).
-- Contains well-written, logical commits explaining *why* changes were made (e.g., “Add S3 bucket tagging support so that users can organize resources efficiently”).
-- Is small, focused, and easy to review—ideally one commit, unless multiple commits better narrate complex work.
-- Adheres to MinIO’s coding standards (e.g., Go style, error handling, testing).
-
-PRs must flow smoothly through review to reach production. Large PRs should be split into smaller, manageable ones.
-
-## Submitting PRs
-
-1. **Title and Summary**:
-   - Use a scannable title: `[Subsystem] Action Description #Issue` (e.g., `[IAM] Add role-based access control #567`).
-   - Include context in the summary: what changed, why, and any issue references.
-   - Use `[WIP]` for in-progress PRs to avoid premature merging or choose GitHub draft PRs.
-
-2. **Commits**:
-   - Write clear messages: what changed and why (e.g., “Refactor S3 API handler to reduce latency so that requests process 20% faster”).
-   - Rebase to tidy commits before submitting (e.g., `git rebase -i main` to squash typos or reword messages), unless multiple contributors worked on the branch.
-   - Keep PRs focused—one feature or fix. Split large changes into multiple PRs.
-
-3. **Testing**:
-   - Include unit tests for new functionality or bug fixes.
-   - Ensure existing tests pass (`make test`).
-   - Document testing steps in the PR summary if manual testing was performed.
-
-4. **Before Submitting**:
-   - Run `make verify` to check formatting, linting, and tests.
-   - Reference related issues (e.g., “Closes #1234”).
-   - Notify team members via GitHub `@mentions` if urgent or complex.
-
-## Reviewing PRs
-
-Reviewers ensure MinIO’s commit history remains a clear, reliable record. Responsibilities include:
-
-1. **Commit Quality**:
-   - Verify each commit explains *why* the change was made (e.g., “So that…”).
-   - Request rebasing if commits are unclear, redundant, or lack context (e.g., “Please squash typo fixes into the parent commit”).
-
-2. **Code Quality**:
-   - Check adherence to MinIO’s Go standards (e.g., error handling, documentation).
-   - Ensure tests cover new code and pass CI.
-   - Flag bugs or critical issues for immediate fixes; suggest non-blocking improvements as follow-up issues.
-
-3. **Flow**:
-   - Review promptly to avoid blocking progress.
-   - Balance quality and speed—minor issues can be addressed later via issues, not PR blocks.
-   - If unable to complete the review, tag another reviewer (e.g., `@username please take over`).
-
-4. **Shared Responsibility**:
-   - All MinIO contributors are reviewers. The first commenter on a PR owns the review unless they delegate.
-   - Multiple reviewers are encouraged for complex PRs.
-
-5. **No Self-Edits**:
-   - Don’t modify the PR directly (e.g., fixing bugs). Request changes from the submitter or create a follow-up PR.
-   - If you edit, you’re a collaborator, not a reviewer, and cannot merge.
-
-6. **Testing**:
-   - Assume the submitter tested the code. If testing is unclear, ask for details (e.g., “How was this tested?”).
-   - Reject untested PRs unless testing is infeasible, then assist with test setup.
-
-## Tips for Success
-
-- **Small PRs**: Easier to review, faster to merge. Split large changes logically.
-- **Clear Commits**: Use `git rebase -i` to refine history before submitting.
-- **Engage Early**: Discuss complex changes in issues or Slack (https://slack.min.io) before coding.
-- **Be Responsive**: Address reviewer feedback promptly to keep PRs moving.
-- **Learn from Reviews**: Use feedback to improve future contributions.
-
-## Resources
-
-- [MinIO Coding Standards](https://github.com/minio/minio/blob/master/CONTRIBUTING.md)
-- [Effective Commit Messages](https://mislav.net/2014/02/hidden-documentation/)
-- [GitHub PR Tips](https://github.com/blog/1943-how-to-write-the-perfect-pull-request)
-
-By following these guidelines, we ensure MinIO’s codebase remains high-quality, maintainable, and a joy to contribute to. Happy coding!

README.md

@@ -1,173 +1,232 @@
-# Maintenance Mode
+## Minio [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/minio/minio?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-**This project is currently under maintenance and is not accepting new changes.**
+Minio is an object storage server compatible with Amazon S3 and licensed under [Apache license 2.0](./LICENSE).
 
-**Alternate Options:**
+## Description
 
-- **AIStor Free**: Fully featured, standalone version of AIStor for community use. Download a free license key from [Free license download](https://min.io/download)
-- **AIStor Enterprise**:  Fully featured, Distributed version of AIStor for commercial enterprise use. [Subscription](https://www.min.io/pricing)
+Minio is an open source object storage server released under Apache License V2. It is compatible with Amazon S3 cloud storage service. Minio follows a minimalist design philosophy.
+Minio is light enough to be bundled with the application stack. It sits on the side of NodeJS, Redis, MySQL and the likes. Unlike databases, Minio stores objects such as photos, videos, log files, backups, container / VM images and so on. Minio is best suited for storing blobs of information ranging from KBs to 5 TBs each. In a simplistic sense, it is like a FTP server with a simple get / put API over HTTP.
 
-Learn more about [subscription tiers](https://blog.min.io/introducing-new-subscription-tiers-for-minio-aistor-free-enterprise-lite-and-enterprise/)
+Minio currently implements two backends
 
----
+  - Filesystem (FS) - is available and ready for general purpose use. This version of the Minio binary is built using Filesystem storage backend for magnetic and solid state disks.
+  - ErasureCoded (XL) - is work in progress and not ready for general purpose use.
 
-# MinIO Quickstart Guide
+## Minio Client
 
-[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![Docker Pulls](https://img.shields.io/docker/pulls/minio/minio.svg?maxAge=604800)](https://hub.docker.com/r/minio/minio/) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE)
+[Minio Client (mc)](https://github.com/minio/mc#minio-client-mc-) provides a modern alternative to Unix commands like ``ls``, ``cat``, ``cp``, ``sync``, and ``diff``. It supports POSIX compatible filesystems and Amazon S3 compatible cloud storage systems. It is entirely written in Golang.
 
-[![MinIO](https://raw.githubusercontent.com/minio/minio/master/.github/logo.svg?sanitize=true)](https://min.io)
+## Amazon S3 Compatible Client Libraries
+- [Golang Library](https://github.com/minio/minio-go)
+- [Java Library](https://github.com/minio/minio-java)
+- [Nodejs Library](https://github.com/minio/minio-js)
+- [Python Library](https://github.com/minio/minio-py)
+- [.Net Library](https://github.com/minio/minio-dotnet)
 
-MinIO is a high-performance, S3-compatible object storage solution released under the GNU AGPL v3.0 license.
-Designed for speed and scalability, it powers AI/ML, analytics, and data-intensive workloads with industry-leading performance.
+### Install [![Build Status](https://travis-ci.org/minio/minio.svg?branch=master)](https://travis-ci.org/minio/minio)[![Build status](https://ci.appveyor.com/api/projects/status/royh137dni8yevep/branch/master?svg=true)](https://ci.appveyor.com/project/harshavardhana/minio-qxbjq/branch/master)
 
-- S3 API Compatible – Seamless integration with existing S3 tools
-- Built for AI & Analytics – Optimized for large-scale data pipelines
-- High Performance – Ideal for demanding storage workloads.
+#### GNU/Linux
 
-This README provides instructions for building MinIO from source and deploying onto baremetal hardware.
-Use the [MinIO Documentation](https://github.com/minio/docs) project to build and host a local copy of the documentation.
+Download ``minio`` for:
 
-## MinIO is Open Source Software
+- ``64-bit Intel`` from https://dl.minio.io/server/minio/release/linux-amd64/minio
+- ``32-bit Intel`` from https://dl.minio.io/server/minio/release/linux-386/minio
+- ``32-bit ARM`` from https://dl.minio.io/server/minio/release/linux-arm/minio
 
-We designed MinIO as Open Source software for the Open Source software community. We encourage the community to remix, redesign, and reshare MinIO under the terms of the AGPLv3 license.
+~~~
+$ chmod +x minio
+$ ./minio --help
+~~~
 
-All usage of MinIO in your application stack requires validation against AGPLv3 obligations, which include but are not limited to the release of modified code to the community from which you have benefited. Any commercial/proprietary usage of the AGPLv3 software, including repackaging or reselling services/features, is done at your own risk.
+#### OS X
 
-The AGPLv3 provides no obligation by any party to support, maintain, or warranty the original or any modified work.
-All support is provided on a best-effort basis through Github and our [Slack](https//slack.min.io) channel, and any member of the community is welcome to contribute and assist others in their usage of the software.
+Download ``minio`` from https://dl.minio.io/server/minio/release/darwin-amd64/minio
 
-MinIO [AIStor](https://www.min.io/product/aistor) includes enterprise-grade support and licensing for workloads which require commercial or proprietary usage and production-level SLA/SLO-backed support. For more information, [reach out for a quote](https://min.io/pricing).
+~~~
+$ chmod 755 minio
+$ ./minio --help
+~~~
 
-## Source-Only Distribution
+#### Microsoft Windows
 
-**Important:** The MinIO community edition is now distributed as source code only. We will no longer provide pre-compiled binary releases for the community version.
+Download ``minio`` for:
 
-### Installing Latest MinIO Community Edition
+- ``64-bit`` from https://dl.minio.io/server/minio/release/windows-amd64/minio.exe
+- ``32-bit`` from https://dl.minio.io/server/minio/release/windows-386/minio.exe
 
-To use MinIO community edition, you have two options:
+~~~
+C:\Users\Username\Downloads> minio.exe --help
+~~~
 
-1. **Install from source** using `go install github.com/minio/minio@latest` (recommended)
-2. **Build a Docker image** from the provided Dockerfile
+#### FreeBSD
 
-See the sections below for detailed instructions on each method.
+Download ``minio`` from https://dl.minio.io/server/minio/release/freebsd-amd64/minio
 
-### Legacy Binary Releases
+~~~
+$ chmod 755 minio
+$ ./minio --help
+~~~
 
-Historical pre-compiled binary releases remain available for reference but are no longer maintained:
-- GitHub Releases: https://github.com/minio/minio/releases
-- Direct downloads: https://dl.min.io/server/minio/release/
+#### Docker container
 
-**These legacy binaries will not receive updates.** We strongly recommend using source builds for access to the latest features, bug fixes, and security updates.
+Download ``minio`` for docker.
 
-## Install from Source
+~~~
+$ docker pull minio/minio
+~~~
 
-Use the following commands to compile and run a standalone MinIO server from source.
-If you do not have a working Golang environment, please follow [How to install Golang](https://golang.org/doc/install). Minimum version required is [go1.24](https://golang.org/dl/#stable)
+Read more here on [How to configure data volume containers for Minio?](./Docker.md)
 
-```sh
-go install github.com/minio/minio@latest
-```
+#### Source
+<blockquote>
+NOTE: Source installation is intended for only developers and advanced users.  For general use, please download official releases from https://minio.io/download.
+</blockquote>
 
-You can alternatively run `go build` and use the `GOOS` and `GOARCH` environment variables to control the OS and architecture target.
-For example:
+If you do not have a working Golang environment, please follow [Install Golang](./INSTALLGO.md).
+
+~~~
+$ go get -d github.com/minio/minio
+$ cd $GOPATH/src/github.com/minio/minio
+$ make
+~~~
+
+### How to use Minio?
+
+Start minio server.
+
+~~~
+$ minio server ~/Photos
+
+AccessKey: WLGDGYAQYIGI833EV05A  SecretKey: BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF  Region: us-east-1
+
+Minio Object Storage:
+    http://127.0.0.1:9000
+    http://10.1.10.177:9000
+
+Minio Browser:
+    http://127.0.0.1:9000
+    http://10.1.10.177:9000
+
+To configure Minio Client:
+    $ wget https://dl.minio.io/client/mc/release/darwin-amd64/mc
+    $ chmod 755 mc
+    $ ./mc config host add myminio http://localhost:9000 WLGDGYAQYIGI833EV05A BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF
+~~~
+
+#### How to use AWS CLI with Minio?
+
+<blockquote>
+This section assumes that you have already installed aws-cli, if not please visit https://aws.amazon.com/cli/
+</blockquote>
+
+To configure `aws-cli`, type `aws configure` and follow below steps.
 
 ```
-env GOOS=linux GOARCh=arm64 go build
+$ aws configure
+AWS Access Key ID [None]: YOUR_ACCESS_KEY_HERE
+AWS Secret Access Key [None]: YOUR_SECRET_KEY_HERE
+Default region name [None]: us-east-1
+Default output format [None]: ENTER
 ```
 
-Start MinIO by running `minio server PATH` where `PATH` is any empty folder on your local filesystem.
+Additionally enable `aws-cli` to use AWS Signature Version '4' for Minio server.
 
-The MinIO deployment starts using default root credentials `minioadmin:minioadmin`.
-You can test the deployment using the MinIO Console, an embedded web-based object browser built into MinIO Server.
-Point a web browser running on the host machine to <http://127.0.0.1:9000> and log in with the root credentials.
-You can use the Browser to create buckets, upload objects, and browse the contents of the MinIO server.
-
-You can also connect using any S3-compatible tool, such as the MinIO Client `mc` commandline tool:
-
-```sh
-mc alias set local http://localhost:9000 minioadmin minioadmin
-mc admin info local
+```
+$ aws configure set default.s3.signature_version s3v4
 ```
 
-See [Test using MinIO Client `mc`](#test-using-minio-client-mc) for more information on using the `mc` commandline tool.
-For application developers, see <https://docs.min.io/enterprise/aistor-object-store/developers/sdk/> to view MinIO SDKs for supported languages.
-
-> [!NOTE]
-> Production environments using compiled-from-source MinIO binaries do so at their own risk.
-> The AGPLv3 license provides no warranties nor liabilites for any such usage.
-
-## Build Docker Image
-
-You can use the `docker build .` command to build a Docker image on your local host machine.
-You must first [build MinIO](#install-from-source) and ensure the `minio` binary exists in the project root.
-
-The following command builds the Docker image using the default `Dockerfile` in the root project directory with the repository and image tag `myminio:minio`
-
-```sh
-docker build -t myminio:minio .
+To list your buckets.
+```
+$ aws --endpoint-url http://localhost:9000 s3 ls
+2016-01-07 16:38:23 testbucket
 ```
 
-Use `docker image ls` to confirm the image exists in your local repository.
-You can run the server using standard Docker invocation:
-
-```sh
-docker run -p 9000:9000 -p 9001:9001 myminio:minio server /tmp/minio --console-address :9001
+To list contents inside bucket.
+```
+$ aws --endpoint-url http://localhost:9000 s3 ls s3://testbucket
+                           PRE test/
+2015-12-17 08:46:41   12232928 vim
+2016-01-07 16:38:23   32232928 emacs
+2015-12-09 08:05:24     138504 s3cmd
 ```
 
-Complete documentation for building Docker containers, managing custom images, or loading images into orchestration platforms is out of scope for this documentation.
-You can modify the `Dockerfile` and `dockerscripts/docker-entrypoint.sh` as-needed to reflect your specific image requirements.
+#### How to use AWS SDK with Minio?
 
-See the [MinIO Container](https://docs.min.io/community/minio-object-store/operations/deployments/baremetal-deploy-minio-as-a-container.html#deploy-minio-container) documentation for more guidance on running MinIO within a Container image.
+Please follow the documentation here - [Using aws-sdk-go with Minio server](./AWS-SDK-GO.md)
 
-## Install using Helm Charts
+#### How to use s3cmd with Minio?
 
-There are two paths for installing MinIO onto Kubernetes infrastructure:
+<blockquote>
+This section assumes that you have already installed s3cmd, if not please visit http://s3tools.org/s3cmd
+</blockquote>
 
-- Use the [MinIO Operator](https://github.com/minio/operator)
-- Use the community-maintained [Helm charts](https://github.com/minio/minio/tree/master/helm/minio)
+Edit the following fields in your s3cmd configuration file `~/.s3cfg` .
 
-See the [MinIO Documentation](https://docs.min.io/community/minio-object-store/operations/deployments/kubernetes.html) for guidance on deploying using the Operator.
-The Community Helm chart has instructions in the folder-level README.
-
-## Test MinIO Connectivity
-
-### Test using MinIO Console
-
-MinIO Server comes with an embedded web based object browser.
-Point your web browser to <http://127.0.0.1:9000> to ensure your server has started successfully.
-
-> [!NOTE]
-> MinIO runs console on random port by default, if you wish to choose a specific port use `--console-address` to pick a specific interface and port.
-
-### Test using MinIO Client `mc`
-
-`mc` provides a modern alternative to UNIX commands like ls, cat, cp, mirror, diff etc. It supports filesystems and Amazon S3 compatible cloud storage services.
-
-The following commands set a local alias, validate the server information, create a bucket, copy data to that bucket, and list the contents of the bucket.
-
-```sh
-mc alias set local http://localhost:9000 minioadmin minioadmin
-mc admin info
-mc mb data
-mc cp ~/Downloads/mydata data/
-mc ls data/
+```
+host_base = localhost:9000
+host_bucket = localhost:9000
+access_key = YOUR_ACCESS_KEY_HERE
+secret_key = YOUR_SECRET_KEY_HERE
+signature_v2 = False
 ```
 
-Follow the MinIO Client [Quickstart Guide](https://docs.min.io/community/minio-object-store/reference/minio-mc.html#quickstart) for further instructions.
+To make a bucket
+```
+$ s3cmd mb s3://mybucket
+Bucket 's3://mybucket/' created
+```
 
-## Explore Further
+To copy an object to bucket
+```
+$ s3cmd put newfile.txt s3://testbucket
+upload: 'newfile' -> 's3://testbucket/newfile'  
+```
 
-- [The MinIO documentation website](https://docs.min.io/community/minio-object-store/index.html)
-- [MinIO Erasure Code Overview](https://docs.min.io/community/minio-object-store/operations/concepts/erasure-coding.html)
-- [Use `mc` with MinIO Server](https://docs.min.io/community/minio-object-store/reference/minio-mc.html)
-- [Use `minio-go` SDK with MinIO Server](https://docs.min.io/enterprise/aistor-object-store/developers/sdk/go/)
+To copy an object to local system
+```
+$ s3cmd get s3://testbucket/newfile
+download: 's3://testbucket/newfile' -> './newfile'
+```
 
-## Contribute to MinIO Project
+To sync local file/directory to a bucket 
+```
+$ s3cmd sync newdemo s3://testbucket
+upload: 'newdemo/newdemofile.txt' -> 's3://testbucket/newdemo/newdemofile.txt'
+```
 
-Please follow MinIO [Contributor's Guide](https://github.com/minio/minio/blob/master/CONTRIBUTING.md) for guidance on making new contributions to the repository.
+To sync bucket or object with local filesystem
+```
+$ s3cmd sync  s3://otherbucket otherlocalbucket
+download: 's3://otherbucket/cat.jpg' -> 'otherlocalbucket/cat.jpg' 
+```
 
-## License
+To list buckets.
+```
+$ s3cmd ls s3://
+2015-12-09 16:12  s3://testbbucket
+```
 
-- MinIO source is licensed under the [GNU AGPLv3](https://github.com/minio/minio/blob/master/LICENSE).
-- MinIO [documentation](https://github.com/minio/minio/tree/master/docs) is licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/).
-- [License Compliance](https://github.com/minio/minio/blob/master/COMPLIANCE.md)
+To list contents inside bucket.
+```
+$ s3cmd ls s3://testbucket/
+                       DIR   s3://testbucket/test/
+2015-12-09 16:05    138504   s3://testbucket/newfile
+```
+
+Delete an object from bucket
+```
+$ s3cmd del s3://testbucket/newfile
+delete: 's3://testbucket/newfile'
+```
+
+Delete a bucket
+```
+$ s3cmd rb s3://testbucket
+Bucket 's3://testbucket/' removed
+```
+
+## Contribute to Minio Project
+Please follow Minio [Contributor's Guide](./CONTRIBUTING.md)
+
+### Jobs
+If you think in Lisp or Haskell and hack in go, you would blend right in. Send your github link to callhome@minio.io.

SECURITY.md

@@ -1,42 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-We always provide security updates for the [latest release](https://github.com/minio/minio/releases/latest).
-Whenever there is a security update you just need to upgrade to the latest version.
-
-## Reporting a Vulnerability
-
-All security bugs in [minio/minio](https://github,com/minio/minio) (or other minio/* repositories)
-should be reported by email to security@min.io. Your email will be acknowledged within 48 hours,
-and you'll receive a more detailed response to your email within 72 hours indicating the next steps
-in handling your report.
-
-Please, provide a detailed explanation of the issue. In particular, outline the type of the security
-issue (DoS, authentication bypass, information disclose, ...) and the assumptions you're making (e.g. do
-you need access credentials for a successful exploit).
-
-If you have not received a reply to your email within 48 hours or you have not heard from the security team
-for the past five days please contact the security team directly:
-
-- Primary security coordinator: aead@min.io
-- Secondary coordinator: harsha@min.io
-- If you receive no response: dev@min.io
-
-### Disclosure Process
-
-MinIO uses the following disclosure process:
-
-1. Once the security report is received one member of the security team tries to verify and reproduce
-   the issue and determines the impact it has.
-2. A member of the security team will respond and either confirm or reject the security report.
-   If the report is rejected the response explains why.
-3. Code is audited to find any potential similar problems.
-4. Fixes are prepared for the latest release.
-5. On the date that the fixes are applied a security advisory will be published on <https://blog.min.io>.
-   Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing
-   the security issue. By default MinIO will **not** publish this information to protect your privacy.
-
-This process can take some time, especially when coordination is required with maintainers of other projects.
-Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we
-follow the process described above to ensure that disclosures are handled consistently.

VULNERABILITY_REPORT.md

@@ -1,38 +0,0 @@
-# Vulnerability Management Policy
-
-This document formally describes the process of addressing and managing a
-reported vulnerability that has been found in the MinIO server code base,
-any directly connected ecosystem component or a direct / indirect dependency
-of the code base.
-
-## Scope
-
-The vulnerability management policy described in this document covers the
-process of investigating, assessing and resolving a vulnerability report
-opened by a MinIO employee or an external third party.
-
-Therefore, it lists pre-conditions and actions that should be performed to
-resolve and fix a reported vulnerability.
-
-## Vulnerability Management Process
-
-The vulnerability management process requires that the vulnerability report
-contains the following information:
-
-- The project / component that contains the reported vulnerability.
-- A description of the vulnerability. In particular, the type of the
-   reported vulnerability and how it might be exploited. Alternatively,
-   a well-established vulnerability identifier, e.g. CVE number, can be
-   used instead.
-
-Based on the description mentioned above, a MinIO engineer or security team
-member investigates:
-
-- Whether the reported vulnerability exists.
-- The conditions that are required such that the vulnerability can be exploited.
-- The steps required to fix the vulnerability.
-
-In general, if the vulnerability exists in one of the MinIO code bases
-itself - not in a code dependency - then MinIO will, if possible, fix
-the vulnerability or implement reasonable countermeasures such that the
-vulnerability cannot be exploited anymore.

_config.yml

@@ -1 +0,0 @@
-theme: jekyll-theme-minimal

access-key.go

@@ -0,0 +1,96 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"regexp"
+
+	"github.com/minio/minio/pkg/probe"
+)
+
+// credential container for access and secret keys.
+type credential struct {
+	AccessKeyID     string `json:"accessKey"`
+	SecretAccessKey string `json:"secretKey"`
+}
+
+// stringer colorized access keys.
+func (a credential) String() string {
+	accessStr := colorMagenta("AccessKey: ") + colorWhite(a.AccessKeyID)
+	secretStr := colorMagenta("SecretKey: ") + colorWhite(a.SecretAccessKey)
+	return fmt.Sprint(accessStr + "  " + secretStr)
+}
+
+const (
+	minioAccessID = 20
+	minioSecretID = 40
+)
+
+// isValidSecretKey - validate secret key.
+var isValidSecretKey = regexp.MustCompile(`^.{8,40}$`)
+
+// isValidAccessKey - validate access key.
+var isValidAccessKey = regexp.MustCompile(`^[a-zA-Z0-9\\-\\.\\_\\~]{5,20}$`)
+
+// mustGenAccessKeys - must generate access credentials.
+func mustGenAccessKeys() (creds credential) {
+	creds, err := genAccessKeys()
+	fatalIf(err.Trace(), "Unable to generate access keys.", nil)
+	return creds
+}
+
+// genAccessKeys - generate access credentials.
+func genAccessKeys() (credential, *probe.Error) {
+	accessKeyID, err := genAccessKeyID()
+	if err != nil {
+		return credential{}, err.Trace()
+	}
+	secretAccessKey, err := genSecretAccessKey()
+	if err != nil {
+		return credential{}, err.Trace()
+	}
+	creds := credential{
+		AccessKeyID:     string(accessKeyID),
+		SecretAccessKey: string(secretAccessKey),
+	}
+	return creds, nil
+}
+
+// genAccessKeyID - generate random alpha numeric value using only uppercase characters
+// takes input as size in integer
+func genAccessKeyID() ([]byte, *probe.Error) {
+	alpha := make([]byte, minioAccessID)
+	if _, e := rand.Read(alpha); e != nil {
+		return nil, probe.NewError(e)
+	}
+	for i := 0; i < minioAccessID; i++ {
+		alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
+	}
+	return alpha, nil
+}
+
+// genSecretAccessKey - generate random base64 numeric value from a random seed.
+func genSecretAccessKey() ([]byte, *probe.Error) {
+	rb := make([]byte, minioSecretID)
+	if _, e := rand.Read(rb); e != nil {
+		return nil, probe.NewError(e)
+	}
+	return []byte(base64.StdEncoding.EncodeToString(rb))[:minioSecretID], nil
+}

accesslog-handler.go

@@ -0,0 +1,120 @@
+/*
+ * Minimalist Object Storage, (C) 2015 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"os"
+	"time"
+
+	"github.com/minio/minio/pkg/probe"
+)
+
+type accessLogHandler struct {
+	http.Handler
+	accessLogFile *os.File
+}
+
+// LogMessage is a serializable json log message
+type LogMessage struct {
+	StartTime     time.Time
+	Duration      time.Duration
+	StatusMessage string // human readable http status message
+	ContentLength string // human readable content length
+
+	// HTTP detailed message
+	HTTP struct {
+		ResponseHeaders http.Header
+		Request         struct {
+			Method     string
+			URL        *url.URL
+			Proto      string // "HTTP/1.0"
+			ProtoMajor int    // 1
+			ProtoMinor int    // 0
+			Header     http.Header
+			Host       string
+			Form       url.Values
+			PostForm   url.Values
+			Trailer    http.Header
+			RemoteAddr string
+			RequestURI string
+		}
+	}
+}
+
+func (h *accessLogHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	message, err := getLogMessage(w, req)
+	fatalIf(err.Trace(), "Unable to extract http message.", nil)
+	_, e := h.accessLogFile.Write(message)
+	fatalIf(probe.NewError(e), "Writing to log file failed.", nil)
+
+	h.Handler.ServeHTTP(w, req)
+}
+
+func getLogMessage(w http.ResponseWriter, req *http.Request) ([]byte, *probe.Error) {
+	logMessage := &LogMessage{
+		StartTime: time.Now().UTC(),
+	}
+	// store lower level details
+	logMessage.HTTP.ResponseHeaders = w.Header()
+	logMessage.HTTP.Request = struct {
+		Method     string
+		URL        *url.URL
+		Proto      string // "HTTP/1.0"
+		ProtoMajor int    // 1
+		ProtoMinor int    // 0
+		Header     http.Header
+		Host       string
+		Form       url.Values
+		PostForm   url.Values
+		Trailer    http.Header
+		RemoteAddr string
+		RequestURI string
+	}{
+		Method:     req.Method,
+		URL:        req.URL,
+		Proto:      req.Proto,
+		ProtoMajor: req.ProtoMajor,
+		ProtoMinor: req.ProtoMinor,
+		Header:     req.Header,
+		Host:       req.Host,
+		Form:       req.Form,
+		PostForm:   req.PostForm,
+		Trailer:    req.Header,
+		RemoteAddr: req.RemoteAddr,
+		RequestURI: req.RequestURI,
+	}
+
+	// logMessage.HTTP.Request = req
+	logMessage.Duration = time.Now().UTC().Sub(logMessage.StartTime)
+	js, e := json.Marshal(logMessage)
+	if e != nil {
+		return nil, probe.NewError(e)
+	}
+	js = append(js, byte('\n')) // append a new line
+	return js, nil
+}
+
+// setAccessLogHandler logs requests
+func setAccessLogHandler(h http.Handler) http.Handler {
+	file, e := os.OpenFile("access.log", os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+	fatalIf(probe.NewError(e), "Unable to open access log.", nil)
+
+	return &accessLogHandler{Handler: h, accessLogFile: file}
+}

api-datatypes.go

@@ -0,0 +1,30 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+// ObjectIdentifier carries key name for the object to delete.
+type ObjectIdentifier struct {
+	ObjectName string `xml:"Key"`
+}
+
+// DeleteObjectsRequest - xml carrying the object key names which needs to be deleted.
+type DeleteObjectsRequest struct {
+	// Element to enable quiet mode for the request
+	Quiet bool
+	// List of objects to be deleted
+	Objects []ObjectIdentifier `xml:"Object"`
+}

api-errors.go

@@ -0,0 +1,420 @@
+/*
+ * Minio Cloud Storage, (C) 2015 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"encoding/xml"
+	"net/http"
+)
+
+// APIError structure
+type APIError struct {
+	Code           string
+	Description    string
+	HTTPStatusCode int
+}
+
+// APIErrorResponse - error response format
+type APIErrorResponse struct {
+	XMLName    xml.Name `xml:"Error" json:"-"`
+	Code       string
+	Message    string
+	Key        string
+	BucketName string
+	Resource   string
+	RequestID  string `xml:"RequestId"`
+	HostID     string `xml:"HostId"`
+}
+
+// APIErrorCode type of error status.
+type APIErrorCode int
+
+// Error codes, non exhaustive list - http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
+const (
+	ErrNone APIErrorCode = iota
+	ErrAccessDenied
+	ErrBadDigest
+	ErrBucketAlreadyExists
+	ErrEntityTooSmall
+	ErrEntityTooLarge
+	ErrIncompleteBody
+	ErrInternalError
+	ErrInvalidAccessKeyID
+	ErrInvalidBucketName
+	ErrInvalidDigest
+	ErrInvalidRange
+	ErrInvalidMaxKeys
+	ErrInvalidMaxUploads
+	ErrInvalidMaxParts
+	ErrInvalidPartNumberMarker
+	ErrInvalidRequestBody
+	ErrInvalidCopySource
+	ErrInvalidCopyDest
+	ErrInvalidPolicyDocument
+	ErrMalformedXML
+	ErrMissingContentLength
+	ErrMissingContentMD5
+	ErrMissingRequestBodyError
+	ErrNoSuchBucket
+	ErrNoSuchBucketPolicy
+	ErrNoSuchKey
+	ErrNoSuchUpload
+	ErrNotImplemented
+	ErrRequestTimeTooSkewed
+	ErrSignatureDoesNotMatch
+	ErrMethodNotAllowed
+	ErrInvalidPart
+	ErrInvalidPartOrder
+	ErrAuthorizationHeaderMalformed
+	ErrMalformedPOSTRequest
+	ErrSignatureVersionNotSupported
+	ErrBucketNotEmpty
+	ErrRootPathFull
+	ErrObjectExistsAsPrefix
+	ErrAllAccessDisabled
+	ErrMalformedPolicy
+	ErrMissingFields
+	ErrMissingCredTag
+	ErrCredMalformed
+	ErrInvalidRegion
+	ErrInvalidService
+	ErrInvalidRequestVersion
+	ErrMissingSignTag
+	ErrMissingSignHeadersTag
+	ErrPolicyAlreadyExpired
+	ErrMalformedDate
+	ErrMalformedExpires
+	ErrAuthHeaderEmpty
+	ErrDateHeaderMissing
+	ErrExpiredPresignRequest
+	ErrMissingDateHeader
+	ErrInvalidQuerySignatureAlgo
+	ErrInvalidQueryParams
+	// Add new error codes here.
+)
+
+// error code to APIError structure, these fields carry respective
+// descriptions for all the error responses.
+var errorCodeResponse = map[APIErrorCode]APIError{
+	ErrInvalidCopyDest: {
+		Code:           "InvalidRequest",
+		Description:    "This copy request is illegal because it is trying to copy an object to itself.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidCopySource: {
+		Code:           "InvalidArgument",
+		Description:    "Copy Source must mention the source bucket and key: sourcebucket/sourcekey.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidRequestBody: {
+		Code:           "InvalidArgument",
+		Description:    "Body shouldn't be set for this request.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidMaxUploads: {
+		Code:           "InvalidArgument",
+		Description:    "Argument maxUploads must be an integer between 0 and 2147483647.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidMaxKeys: {
+		Code:           "InvalidArgument",
+		Description:    "Argument maxKeys must be an integer between 0 and 2147483647.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidMaxParts: {
+		Code:           "InvalidArgument",
+		Description:    "Argument maxParts must be an integer between 1 and 10000.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidPartNumberMarker: {
+		Code:           "InvalidArgument",
+		Description:    "Argument partNumberMarker must be an integer.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidPolicyDocument: {
+		Code:           "InvalidPolicyDocument",
+		Description:    "The content of the form does not meet the conditions specified in the policy document.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrAccessDenied: {
+		Code:           "AccessDenied",
+		Description:    "Access Denied.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrBadDigest: {
+		Code:           "BadDigest",
+		Description:    "The Content-Md5 you specified did not match what we received.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrBucketAlreadyExists: {
+		Code:           "BucketAlreadyExists",
+		Description:    "The requested bucket name is not available.",
+		HTTPStatusCode: http.StatusConflict,
+	},
+	ErrEntityTooSmall: {
+		Code:           "EntityTooSmall",
+		Description:    "Your proposed upload is smaller than the minimum allowed object size.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrEntityTooLarge: {
+		Code:           "EntityTooLarge",
+		Description:    "Your proposed upload exceeds the maximum allowed object size.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrIncompleteBody: {
+		Code:           "IncompleteBody",
+		Description:    "You did not provide the number of bytes specified by the Content-Length HTTP header.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInternalError: {
+		Code:           "InternalError",
+		Description:    "We encountered an internal error, please try again.",
+		HTTPStatusCode: http.StatusInternalServerError,
+	},
+	ErrInvalidAccessKeyID: {
+		Code:           "InvalidAccessKeyID",
+		Description:    "The access key ID you provided does not exist in our records.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrInvalidBucketName: {
+		Code:           "InvalidBucketName",
+		Description:    "The specified bucket is not valid.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidDigest: {
+		Code:           "InvalidDigest",
+		Description:    "The Content-Md5 you specified is not valid.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidRange: {
+		Code:           "InvalidRange",
+		Description:    "The requested range cannot be satisfied.",
+		HTTPStatusCode: http.StatusRequestedRangeNotSatisfiable,
+	},
+	ErrMalformedXML: {
+		Code:           "MalformedXML",
+		Description:    "The XML you provided was not well-formed or did not validate against our published schema.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMissingContentLength: {
+		Code:           "MissingContentLength",
+		Description:    "You must provide the Content-Length HTTP header.",
+		HTTPStatusCode: http.StatusLengthRequired,
+	},
+	ErrMissingContentMD5: {
+		Code:           "MissingContentMD5",
+		Description:    "Missing required header for this request: Content-Md5.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMissingRequestBodyError: {
+		Code:           "MissingRequestBodyError",
+		Description:    "Request body is empty.",
+		HTTPStatusCode: http.StatusLengthRequired,
+	},
+	ErrNoSuchBucket: {
+		Code:           "NoSuchBucket",
+		Description:    "The specified bucket does not exist.",
+		HTTPStatusCode: http.StatusNotFound,
+	},
+	ErrNoSuchBucketPolicy: {
+		Code:           "NoSuchBucketPolicy",
+		Description:    "The specified bucket does not have a bucket policy.",
+		HTTPStatusCode: http.StatusNotFound,
+	},
+	ErrNoSuchKey: {
+		Code:           "NoSuchKey",
+		Description:    "The specified key does not exist.",
+		HTTPStatusCode: http.StatusNotFound,
+	},
+	ErrNoSuchUpload: {
+		Code:           "NoSuchUpload",
+		Description:    "The specified multipart upload does not exist.",
+		HTTPStatusCode: http.StatusNotFound,
+	},
+	ErrNotImplemented: {
+		Code:           "NotImplemented",
+		Description:    "A header you provided implies functionality that is not implemented.",
+		HTTPStatusCode: http.StatusNotImplemented,
+	},
+	ErrRequestTimeTooSkewed: {
+		Code:           "RequestTimeTooSkewed",
+		Description:    "The difference between the request time and the server's time is too large.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrSignatureDoesNotMatch: {
+		Code:           "SignatureDoesNotMatch",
+		Description:    "The request signature we calculated does not match the signature you provided.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrMethodNotAllowed: {
+		Code:           "MethodNotAllowed",
+		Description:    "The specified method is not allowed against this resource.",
+		HTTPStatusCode: http.StatusMethodNotAllowed,
+	},
+	ErrInvalidPart: {
+		Code:           "InvalidPart",
+		Description:    "One or more of the specified parts could not be found.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidPartOrder: {
+		Code:           "InvalidPartOrder",
+		Description:    "The list of parts was not in ascending order. The parts list must be specified in order by part number.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrAuthorizationHeaderMalformed: {
+		Code:           "AuthorizationHeaderMalformed",
+		Description:    "The authorization header is malformed; the region is wrong; expecting 'us-east-1'.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMalformedPOSTRequest: {
+		Code:           "MalformedPOSTRequest",
+		Description:    "The body of your POST request is not well-formed multipart/form-data.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSignatureVersionNotSupported: {
+		Code:           "InvalidRequest",
+		Description:    "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrBucketNotEmpty: {
+		Code:           "BucketNotEmpty",
+		Description:    "The bucket you tried to delete is not empty.",
+		HTTPStatusCode: http.StatusConflict,
+	},
+	ErrRootPathFull: {
+		Code:           "RootPathFull",
+		Description:    "Root path has reached its minimum free disk threshold. Please delete few objects to proceed.",
+		HTTPStatusCode: http.StatusInternalServerError,
+	},
+	ErrObjectExistsAsPrefix: {
+		Code:           "ObjectExistsAsPrefix",
+		Description:    "An object already exists as your prefix, choose a different prefix to proceed.",
+		HTTPStatusCode: http.StatusConflict,
+	},
+	ErrAllAccessDisabled: {
+		Code:           "AllAccessDisabled",
+		Description:    "All access to this bucket has been disabled.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrMalformedPolicy: {
+		Code:           "MalformedPolicy",
+		Description:    "Policy has invalid resource.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMissingFields: {
+		Code:           "MissingFields",
+		Description:    "Missing fields in request.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMissingCredTag: {
+		Code:           "InvalidRequest",
+		Description:    "Missing Credential field for this request.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrCredMalformed: {
+		Code:           "CredentialMalformed",
+		Description:    "Credential field malformed does not follow accessKeyID/credScope.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMalformedDate: {
+		Code:           "MalformedDate",
+		Description:    "Invalid date format header, expected to be in ISO8601, RFC1123 or RFC1123Z time format.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidRegion: {
+		Code:           "InvalidRegion",
+		Description:    "Region does not match.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidService: {
+		Code:           "AccessDenied",
+		Description:    "Service scope should be of value 's3'.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidRequestVersion: {
+		Code:           "AccessDenied",
+		Description:    "Request scope should be of value 'aws4_request'.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMissingSignTag: {
+		Code:           "AccessDenied",
+		Description:    "Signature header missing Signature field.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMissingSignHeadersTag: {
+		Code:           "InvalidArgument",
+		Description:    "Signature header missing SignedHeaders field.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrPolicyAlreadyExpired: {
+		Code:           "AccessDenied",
+		Description:    "Invalid according to Policy: Policy expired.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMalformedExpires: {
+		Code:           "MalformedExpires",
+		Description:    "Malformed expires header, expected non-zero number.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrAuthHeaderEmpty: {
+		Code:           "InvalidArgument",
+		Description:    "Authorization header is invalid -- one and only one ' ' (space) required.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrMissingDateHeader: {
+		Code:           "AccessDenied",
+		Description:    "AWS authentication requires a valid Date or x-amz-date header",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidQuerySignatureAlgo: {
+		Code:           "AuthorizationQueryParametersError",
+		Description:    "X-Amz-Algorithm only supports \"AWS4-HMAC-SHA256\".",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrExpiredPresignRequest: {
+		Code:           "AccessDenied",
+		Description:    "Request has expired.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidQueryParams: {
+		Code:           "AuthorizationQueryParametersError",
+		Description:    "Query-string authentication version 4 requires the X-Amz-Algorithm, X-Amz-Credential, X-Amz-Signature, X-Amz-Date, X-Amz-SignedHeaders, and X-Amz-Expires parameters.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	// Add your error structure here.
+}
+
+// getAPIError provides API Error for input API error code.
+func getAPIError(code APIErrorCode) APIError {
+	return errorCodeResponse[code]
+}
+
+// getErrorResponse gets in standard error and resource value and
+// provides a encodable populated response values
+func getAPIErrorResponse(err APIError, resource string) APIErrorResponse {
+	var data = APIErrorResponse{}
+	data.Code = err.Code
+	data.Message = err.Description
+	if resource != "" {
+		data.Resource = resource
+	}
+	// TODO implement this in future
+	data.RequestID = "3L137"
+	data.HostID = "3L137"
+
+	return data
+}

api-headers.go

@@ -0,0 +1,85 @@
+/*
+ * Minio Cloud Storage, (C) 2015 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/xml"
+	"net/http"
+	"runtime"
+	"strconv"
+)
+
+//// helpers
+
+// Static alphaNumeric table used for generating unique request ids
+var alphaNumericTable = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
+
+// generateRequestID - Generate request id
+func generateRequestID() []byte {
+	alpha := make([]byte, 16)
+	rand.Read(alpha)
+	for i := 0; i < 16; i++ {
+		alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
+	}
+	return alpha
+}
+
+// Write http common headers
+func setCommonHeaders(w http.ResponseWriter) {
+	// Set unique request ID for each reply.
+	w.Header().Set("X-Amz-Request-Id", string(generateRequestID()))
+	w.Header().Set("Server", ("Minio/" + minioReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"))
+	w.Header().Set("Accept-Ranges", "bytes")
+}
+
+// Encodes the response headers into XML format.
+func encodeResponse(response interface{}) []byte {
+	var bytesBuffer bytes.Buffer
+	bytesBuffer.WriteString(xml.Header)
+	e := xml.NewEncoder(&bytesBuffer)
+	e.Encode(response)
+	return bytesBuffer.Bytes()
+}
+
+// Write object header
+func setObjectHeaders(w http.ResponseWriter, objInfo ObjectInfo, contentRange *httpRange) {
+	// set common headers
+	setCommonHeaders(w)
+
+	// set object-related metadata headers
+	lastModified := objInfo.ModifiedTime.UTC().Format(http.TimeFormat)
+	w.Header().Set("Last-Modified", lastModified)
+
+	w.Header().Set("Content-Type", objInfo.ContentType)
+	if objInfo.MD5Sum != "" {
+		w.Header().Set("ETag", "\""+objInfo.MD5Sum+"\"")
+	}
+
+	w.Header().Set("Content-Length", strconv.FormatInt(objInfo.Size, 10))
+
+	// for providing ranged content
+	if contentRange != nil {
+		if contentRange.start > 0 || contentRange.length > 0 {
+			// override content-length
+			w.Header().Set("Content-Length", strconv.FormatInt(contentRange.length, 10))
+			w.Header().Set("Content-Range", contentRange.String())
+			w.WriteHeader(http.StatusPartialContent)
+		}
+	}
+}

api-headers_test.go

@@ -0,0 +1,40 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"testing"
+)
+
+func TestGenerateRequestID(t *testing.T) {
+	// Ensure that it returns an alphanumeric result of length 16.
+	var id = generateRequestID()
+
+	if len(id) != 16 {
+		t.Fail()
+	}
+
+	var e rune
+	for _, char := range id {
+		e = rune(char)
+
+		// Ensure that it is alphanumeric, in this case, between 0-9 and A-Z.
+		if !(('0' <= e && e <= '9') || ('A' <= e && e <= 'Z')) {
+			t.Fail()
+		}
+	}
+}

api-resources.go

@@ -0,0 +1,70 @@
+/*
+ * Minio Cloud Storage, (C) 2015 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"net/url"
+	"strconv"
+)
+
+// Parse bucket url queries
+func getBucketResources(values url.Values) (prefix, marker, delimiter string, maxkeys int, encodingType string) {
+	prefix = values.Get("prefix")
+	marker = values.Get("marker")
+	delimiter = values.Get("delimiter")
+	if values.Get("max-keys") != "" {
+		maxkeys, _ = strconv.Atoi(values.Get("max-keys"))
+	} else {
+		maxkeys = maxObjectList
+	}
+	encodingType = values.Get("encoding-type")
+	return
+}
+
+// Parse bucket url queries for ?uploads
+func getBucketMultipartResources(values url.Values) (prefix, keyMarker, uploadIDMarker, delimiter string, maxUploads int, encodingType string) {
+	prefix = values.Get("prefix")
+	keyMarker = values.Get("key-marker")
+	uploadIDMarker = values.Get("upload-id-marker")
+	delimiter = values.Get("delimiter")
+	if values.Get("max-uploads") != "" {
+		maxUploads, _ = strconv.Atoi(values.Get("max-uploads"))
+	} else {
+		maxUploads = maxUploadsList
+	}
+	encodingType = values.Get("encoding-type")
+	return
+}
+
+// Parse object url queries
+func getObjectResources(values url.Values) (uploadID string, partNumberMarker, maxParts int, encodingType string) {
+	uploadID = values.Get("uploadId")
+	partNumberMarker, _ = strconv.Atoi(values.Get("part-number-marker"))
+	if values.Get("max-parts") != "" {
+		maxParts, _ = strconv.Atoi(values.Get("max-parts"))
+	} else {
+		maxParts = maxPartsList
+	}
+	encodingType = values.Get("encoding-type")
+	return
+}
+
+// Get upload id.
+func getUploadID(values url.Values) (uploadID string) {
+	uploadID, _, _, _ = getObjectResources(values)
+	return
+}

api-response.go

@@ -0,0 +1,422 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"encoding/xml"
+	"net/http"
+	"time"
+)
+
+const (
+	timeFormatAMZ  = "2006-01-02T15:04:05.000Z" // Reply date format
+	maxObjectList  = 1000                       // Limit number of objects in a listObjectsResponse.
+	maxUploadsList = 1000                       // Limit number of uploads in a listUploadsResponse.
+	maxPartsList   = 1000                       // Limit number of parts in a listPartsResponse.
+)
+
+// LocationResponse - format for location response.
+type LocationResponse struct {
+	XMLName  xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ LocationConstraint" json:"-"`
+	Location string   `xml:",chardata"`
+}
+
+// ListObjectsResponse - format for list objects response.
+type ListObjectsResponse struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListBucketResult" json:"-"`
+
+	CommonPrefixes []CommonPrefix
+	Contents       []Object
+
+	Delimiter string
+
+	// Encoding type used to encode object keys in the response.
+	EncodingType string
+
+	// A flag that indicates whether or not ListObjects returned all of the results
+	// that satisfied the search criteria.
+	IsTruncated bool
+	Marker      string
+	MaxKeys     int
+	Name        string
+
+	// When response is truncated (the IsTruncated element value in the response
+	// is true), you can use the key name in this field as marker in the subsequent
+	// request to get next set of objects. Server lists objects in alphabetical
+	// order Note: This element is returned only if you have delimiter request parameter
+	// specified. If response does not include the NextMaker and it is truncated,
+	// you can use the value of the last Key in the response as the marker in the
+	// subsequent request to get the next set of object keys.
+	NextMarker string
+	Prefix     string
+}
+
+// Part container for part metadata.
+type Part struct {
+	PartNumber   int
+	ETag         string
+	LastModified string
+	Size         int64
+}
+
+// ListPartsResponse - format for list parts response.
+type ListPartsResponse struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListPartsResult" json:"-"`
+
+	Bucket   string
+	Key      string
+	UploadID string `xml:"UploadId"`
+
+	Initiator Initiator
+	Owner     Owner
+
+	// The class of storage used to store the object.
+	StorageClass string
+
+	PartNumberMarker     int
+	NextPartNumberMarker int
+	MaxParts             int
+	IsTruncated          bool
+
+	// List of parts.
+	Parts []Part `xml:"Part"`
+}
+
+// ListMultipartUploadsResponse - format for list multipart uploads response.
+type ListMultipartUploadsResponse struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListMultipartUploadsResult" json:"-"`
+
+	Bucket             string
+	KeyMarker          string
+	UploadIDMarker     string `xml:"UploadIdMarker"`
+	NextKeyMarker      string
+	NextUploadIDMarker string `xml:"NextUploadIdMarker"`
+	EncodingType       string
+	MaxUploads         int
+	IsTruncated        bool
+	Uploads            []Upload `xml:"Upload"`
+	Prefix             string
+	Delimiter          string
+	CommonPrefixes     []CommonPrefix
+}
+
+// ListBucketsResponse - format for list buckets response
+type ListBucketsResponse struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ ListAllMyBucketsResult" json:"-"`
+	// Container for one or more buckets.
+	Buckets struct {
+		Buckets []Bucket `xml:"Bucket"`
+	} // Buckets are nested
+	Owner Owner
+}
+
+// Upload container for in progress multipart upload
+type Upload struct {
+	Key          string
+	UploadID     string `xml:"UploadId"`
+	Initiator    Initiator
+	Owner        Owner
+	StorageClass string
+	Initiated    string
+}
+
+// CommonPrefix container for prefix response in ListObjectsResponse
+type CommonPrefix struct {
+	Prefix string
+}
+
+// Bucket container for bucket metadata
+type Bucket struct {
+	Name         string
+	CreationDate string // time string of format "2006-01-02T15:04:05.000Z"
+}
+
+// Object container for object metadata
+type Object struct {
+	ETag         string
+	Key          string
+	LastModified string // time string of format "2006-01-02T15:04:05.000Z"
+	Size         int64
+
+	Owner Owner
+
+	// The class of storage used to store the object.
+	StorageClass string
+}
+
+// CopyObjectResponse container returns ETag and LastModified of the
+// successfully copied object
+type CopyObjectResponse struct {
+	XMLName      xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ CopyObjectResult" json:"-"`
+	ETag         string
+	LastModified string // time string of format "2006-01-02T15:04:05.000Z"
+}
+
+// Initiator inherit from Owner struct, fields are same
+type Initiator Owner
+
+// Owner - bucket owner/principal
+type Owner struct {
+	ID          string
+	DisplayName string
+}
+
+// InitiateMultipartUploadResponse container for InitiateMultiPartUpload response, provides uploadID to start MultiPart upload
+type InitiateMultipartUploadResponse struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ InitiateMultipartUploadResult" json:"-"`
+
+	Bucket   string
+	Key      string
+	UploadID string `xml:"UploadId"`
+}
+
+// CompleteMultipartUploadResponse container for completed multipart upload response
+type CompleteMultipartUploadResponse struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ CompleteMultipartUploadResult" json:"-"`
+
+	Location string
+	Bucket   string
+	Key      string
+	ETag     string
+}
+
+// DeleteError structure.
+type DeleteError struct {
+	Code    string
+	Message string
+	Key     string
+}
+
+// DeleteObjectsResponse container for multiple object deletes.
+type DeleteObjectsResponse struct {
+	XMLName xml.Name `xml:"http://s3.amazonaws.com/doc/2006-03-01/ DeleteResult" json:"-"`
+
+	// Collection of all deleted objects
+	DeletedObjects []ObjectIdentifier `xml:"Deleted,omitempty"`
+
+	// Collection of errors deleting certain objects.
+	Errors []DeleteError `xml:"Error,omitempty"`
+}
+
+// getLocation get URL location.
+func getLocation(r *http.Request) string {
+	return r.URL.Path
+}
+
+// takes an array of Bucketmetadata information for serialization
+// input:
+// array of bucket metadata
+//
+// output:
+// populated struct that can be serialized to match xml and json api spec output
+func generateListBucketsResponse(buckets []BucketInfo) ListBucketsResponse {
+	var listbuckets []Bucket
+	var data = ListBucketsResponse{}
+	var owner = Owner{}
+
+	owner.ID = "minio"
+	owner.DisplayName = "minio"
+
+	for _, bucket := range buckets {
+		var listbucket = Bucket{}
+		listbucket.Name = bucket.Name
+		listbucket.CreationDate = bucket.Created.Format(timeFormatAMZ)
+		listbuckets = append(listbuckets, listbucket)
+	}
+
+	data.Owner = owner
+	data.Buckets.Buckets = listbuckets
+
+	return data
+}
+
+// generates an ListObjects response for the said bucket with other enumerated options.
+func generateListObjectsResponse(bucket, prefix, marker, delimiter string, maxKeys int, resp ListObjectsInfo) ListObjectsResponse {
+	var contents []Object
+	var prefixes []CommonPrefix
+	var owner = Owner{}
+	var data = ListObjectsResponse{}
+
+	owner.ID = "minio"
+	owner.DisplayName = "minio"
+
+	for _, object := range resp.Objects {
+		var content = Object{}
+		if object.Name == "" {
+			continue
+		}
+		content.Key = object.Name
+		content.LastModified = object.ModifiedTime.UTC().Format(timeFormatAMZ)
+		if object.MD5Sum != "" {
+			content.ETag = "\"" + object.MD5Sum + "\""
+		}
+		content.Size = object.Size
+		content.StorageClass = "STANDARD"
+		content.Owner = owner
+		contents = append(contents, content)
+	}
+	// TODO - support EncodingType in xml decoding
+	data.Name = bucket
+	data.Contents = contents
+
+	data.Prefix = prefix
+	data.Marker = marker
+	data.Delimiter = delimiter
+	data.MaxKeys = maxKeys
+
+	data.NextMarker = resp.NextMarker
+	data.IsTruncated = resp.IsTruncated
+	for _, prefix := range resp.Prefixes {
+		var prefixItem = CommonPrefix{}
+		prefixItem.Prefix = prefix
+		prefixes = append(prefixes, prefixItem)
+	}
+	data.CommonPrefixes = prefixes
+	return data
+}
+
+// generateCopyObjectResponse
+func generateCopyObjectResponse(etag string, lastModified time.Time) CopyObjectResponse {
+	return CopyObjectResponse{
+		ETag:         "\"" + etag + "\"",
+		LastModified: lastModified.UTC().Format(timeFormatAMZ),
+	}
+}
+
+// generateInitiateMultipartUploadResponse
+func generateInitiateMultipartUploadResponse(bucket, key, uploadID string) InitiateMultipartUploadResponse {
+	return InitiateMultipartUploadResponse{
+		Bucket:   bucket,
+		Key:      key,
+		UploadID: uploadID,
+	}
+}
+
+// generateCompleteMultipartUploadResponse
+func generateCompleteMultpartUploadResponse(bucket, key, location, etag string) CompleteMultipartUploadResponse {
+	return CompleteMultipartUploadResponse{
+		Location: location,
+		Bucket:   bucket,
+		Key:      key,
+		ETag:     etag,
+	}
+}
+
+// generateListPartsResult
+func generateListPartsResponse(partsInfo ListPartsInfo) ListPartsResponse {
+	// TODO - support EncodingType in xml decoding
+	listPartsResponse := ListPartsResponse{}
+	listPartsResponse.Bucket = partsInfo.Bucket
+	listPartsResponse.Key = partsInfo.Object
+	listPartsResponse.UploadID = partsInfo.UploadID
+	listPartsResponse.StorageClass = "STANDARD"
+	listPartsResponse.Initiator.ID = "minio"
+	listPartsResponse.Initiator.DisplayName = "minio"
+	listPartsResponse.Owner.ID = "minio"
+	listPartsResponse.Owner.DisplayName = "minio"
+
+	listPartsResponse.MaxParts = partsInfo.MaxParts
+	listPartsResponse.PartNumberMarker = partsInfo.PartNumberMarker
+	listPartsResponse.IsTruncated = partsInfo.IsTruncated
+	listPartsResponse.NextPartNumberMarker = partsInfo.NextPartNumberMarker
+
+	listPartsResponse.Parts = make([]Part, len(partsInfo.Parts))
+	for index, part := range partsInfo.Parts {
+		newPart := Part{}
+		newPart.PartNumber = part.PartNumber
+		newPart.ETag = "\"" + part.ETag + "\""
+		newPart.Size = part.Size
+		newPart.LastModified = part.LastModified.UTC().Format(timeFormatAMZ)
+		listPartsResponse.Parts[index] = newPart
+	}
+	return listPartsResponse
+}
+
+// generateListMultipartUploadsResponse
+func generateListMultipartUploadsResponse(bucket string, multipartsInfo ListMultipartsInfo) ListMultipartUploadsResponse {
+	listMultipartUploadsResponse := ListMultipartUploadsResponse{}
+	listMultipartUploadsResponse.Bucket = bucket
+	listMultipartUploadsResponse.Delimiter = multipartsInfo.Delimiter
+	listMultipartUploadsResponse.IsTruncated = multipartsInfo.IsTruncated
+	listMultipartUploadsResponse.EncodingType = multipartsInfo.EncodingType
+	listMultipartUploadsResponse.Prefix = multipartsInfo.Prefix
+	listMultipartUploadsResponse.KeyMarker = multipartsInfo.KeyMarker
+	listMultipartUploadsResponse.NextKeyMarker = multipartsInfo.NextKeyMarker
+	listMultipartUploadsResponse.MaxUploads = multipartsInfo.MaxUploads
+	listMultipartUploadsResponse.NextUploadIDMarker = multipartsInfo.NextUploadIDMarker
+	listMultipartUploadsResponse.UploadIDMarker = multipartsInfo.UploadIDMarker
+	listMultipartUploadsResponse.CommonPrefixes = make([]CommonPrefix, len(multipartsInfo.CommonPrefixes))
+	for index, commonPrefix := range multipartsInfo.CommonPrefixes {
+		listMultipartUploadsResponse.CommonPrefixes[index] = CommonPrefix{
+			Prefix: commonPrefix,
+		}
+	}
+	listMultipartUploadsResponse.Uploads = make([]Upload, len(multipartsInfo.Uploads))
+	for index, upload := range multipartsInfo.Uploads {
+		newUpload := Upload{}
+		newUpload.UploadID = upload.UploadID
+		newUpload.Key = upload.Object
+		newUpload.Initiated = upload.Initiated.UTC().Format(timeFormatAMZ)
+		listMultipartUploadsResponse.Uploads[index] = newUpload
+	}
+	return listMultipartUploadsResponse
+}
+
+// generate multi objects delete response.
+func generateMultiDeleteResponse(quiet bool, deletedObjects []ObjectIdentifier, errs []DeleteError) DeleteObjectsResponse {
+	deleteResp := DeleteObjectsResponse{}
+	if !quiet {
+		deleteResp.DeletedObjects = deletedObjects
+	}
+	deleteResp.Errors = errs
+	return deleteResp
+}
+
+// writeSuccessResponse write success headers and response if any.
+func writeSuccessResponse(w http.ResponseWriter, response []byte) {
+	setCommonHeaders(w)
+	if response == nil {
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+	w.Write(response)
+	w.(http.Flusher).Flush()
+}
+
+// writeSuccessNoContent write success headers with http status 204
+func writeSuccessNoContent(w http.ResponseWriter) {
+	setCommonHeaders(w)
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// writeErrorRespone write error headers
+func writeErrorResponse(w http.ResponseWriter, req *http.Request, errorCode APIErrorCode, resource string) {
+	error := getAPIError(errorCode)
+	// generate error response
+	errorResponse := getAPIErrorResponse(error, resource)
+	encodedErrorResponse := encodeResponse(errorResponse)
+	// set common headers
+	setCommonHeaders(w)
+	// write Header
+	w.WriteHeader(error.HTTPStatusCode)
+	// HEAD should have no body, do not attempt to write to it
+	if req.Method != "HEAD" {
+		// write error body
+		w.Write(encodedErrorResponse)
+		w.(http.Flusher).Flush()
+	}
+}

api-router.go

@@ -0,0 +1,86 @@
+/*
+ * Minio Cloud Storage, (C) 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import router "github.com/gorilla/mux"
+
+// objectStorageAPI container for S3 compatible API.
+type objectStorageAPI struct {
+	ObjectAPI ObjectAPI
+}
+
+// registerAPIRouter - registers S3 compatible APIs.
+func registerAPIRouter(mux *router.Router, api objectStorageAPI) {
+	// API Router
+	apiRouter := mux.NewRoute().PathPrefix("/").Subrouter()
+
+	// Bucket router
+	bucket := apiRouter.PathPrefix("/{bucket}").Subrouter()
+
+	/// Object operations
+
+	// HeadObject
+	bucket.Methods("HEAD").Path("/{object:.+}").HandlerFunc(api.HeadObjectHandler)
+	// PutObjectPart
+	bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(api.PutObjectPartHandler).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
+	// ListObjectPxarts
+	bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(api.ListObjectPartsHandler).Queries("uploadId", "{uploadId:.*}")
+	// CompleteMultipartUpload
+	bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(api.CompleteMultipartUploadHandler).Queries("uploadId", "{uploadId:.*}")
+	// NewMultipartUpload
+	bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(api.NewMultipartUploadHandler).Queries("uploads", "")
+	// AbortMultipartUpload
+	bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(api.AbortMultipartUploadHandler).Queries("uploadId", "{uploadId:.*}")
+	// GetObject
+	bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(api.GetObjectHandler)
+	// CopyObject
+	bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/).*?").HandlerFunc(api.CopyObjectHandler)
+	// PutObject
+	bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(api.PutObjectHandler)
+	// DeleteObject
+	bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(api.DeleteObjectHandler)
+
+	/// Bucket operations
+
+	// GetBucketLocation
+	bucket.Methods("GET").HandlerFunc(api.GetBucketLocationHandler).Queries("location", "")
+	// GetBucketPolicy
+	bucket.Methods("GET").HandlerFunc(api.GetBucketPolicyHandler).Queries("policy", "")
+	// ListMultipartUploads
+	bucket.Methods("GET").HandlerFunc(api.ListMultipartUploadsHandler).Queries("uploads", "")
+	// ListObjects
+	bucket.Methods("GET").HandlerFunc(api.ListObjectsHandler)
+	// PutBucketPolicy
+	bucket.Methods("PUT").HandlerFunc(api.PutBucketPolicyHandler).Queries("policy", "")
+	// PutBucket
+	bucket.Methods("PUT").HandlerFunc(api.PutBucketHandler)
+	// HeadBucket
+	bucket.Methods("HEAD").HandlerFunc(api.HeadBucketHandler)
+	// PostPolicy
+	bucket.Methods("POST").HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(api.PostPolicyBucketHandler)
+	// DeleteMultipleObjects
+	bucket.Methods("POST").HandlerFunc(api.DeleteMultipleObjectsHandler)
+	// DeleteBucketPolicy
+	bucket.Methods("DELETE").HandlerFunc(api.DeleteBucketPolicyHandler).Queries("policy", "")
+	// DeleteBucket
+	bucket.Methods("DELETE").HandlerFunc(api.DeleteBucketHandler)
+
+	/// Root operation
+
+	// ListBuckets
+	apiRouter.Methods("GET").HandlerFunc(api.ListBucketsHandler)
+}

appveyor.yml

@@ -0,0 +1,39 @@
+# Operating system (build VM template)
+os: Visual Studio 2015
+
+platform: x64
+
+clone_folder: c:\gopath\src\github.com\minio\minio
+
+# environment variables
+environment:
+  GOPATH: c:\gopath
+  GO_EXTLINK_ENABLED: 0
+  GO15VENDOREXPERIMENT: 1
+
+# scripts that run after cloning repository
+install:
+  - '"C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd" /x64'
+  - set PATH=%GOPATH%\bin;c:\go\bin;%PATH%
+  - rd C:\Go /s /q
+  - appveyor DownloadFile https://storage.googleapis.com/golang/go1.6.windows-amd64.zip
+  - 7z x go1.6.windows-amd64.zip -oC:\ >nul
+  - go version
+  - go env
+  - cd %GOPATH%\src\github.com\minio\minio
+
+# to run your custom scripts instead of automatic MSBuild
+build_script:
+  - go test .
+  - go test -race .
+  - go test github.com/minio/minio/pkg...
+  - go test -race github.com/minio/minio/pkg...
+  - go run buildscripts/gen-ldflags.go > temp.txt
+  - set /p BUILD_LDFLAGS=<temp.txt
+  - go build -ldflags="%BUILD_LDFLAGS%" -o %GOPATH%\bin\minio.exe
+
+# to disable automatic tests
+test: off
+
+# to disable deployment
+deploy: off

auth-handler.go

@@ -0,0 +1,171 @@
+/*
+ * Minio Cloud Storage, (C) 2015 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/base64"
+	"encoding/hex"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	fastSha256 "github.com/minio/minio/pkg/crypto/sha256"
+	"github.com/minio/minio/pkg/probe"
+)
+
+// Verify if request has JWT.
+func isRequestJWT(r *http.Request) bool {
+	if _, ok := r.Header["Authorization"]; ok {
+		if strings.HasPrefix(r.Header.Get("Authorization"), jwtAlgorithm) {
+			return true
+		}
+	}
+	return false
+}
+
+// Verify if request has AWS Signature Version '4'.
+func isRequestSignatureV4(r *http.Request) bool {
+	if _, ok := r.Header["Authorization"]; ok {
+		if strings.HasPrefix(r.Header.Get("Authorization"), signV4Algorithm) {
+			return true
+		}
+	}
+	return false
+}
+
+// Verify if request has AWS Presignature Version '4'.
+func isRequestPresignedSignatureV4(r *http.Request) bool {
+	if _, ok := r.URL.Query()["X-Amz-Credential"]; ok {
+		return true
+	}
+	return false
+}
+
+// Verify if request has AWS Post policy Signature Version '4'.
+func isRequestPostPolicySignatureV4(r *http.Request) bool {
+	if _, ok := r.Header["Content-Type"]; ok {
+		if strings.Contains(r.Header.Get("Content-Type"), "multipart/form-data") && r.Method == "POST" {
+			return true
+		}
+	}
+	return false
+}
+
+// Authorization type.
+type authType int
+
+// List of all supported auth types.
+const (
+	authTypeUnknown authType = iota
+	authTypeAnonymous
+	authTypePresigned
+	authTypePostPolicy
+	authTypeSigned
+	authTypeJWT
+)
+
+// Get request authentication type.
+func getRequestAuthType(r *http.Request) authType {
+	if isRequestSignatureV4(r) {
+		return authTypeSigned
+	} else if isRequestPresignedSignatureV4(r) {
+		return authTypePresigned
+	} else if isRequestJWT(r) {
+		return authTypeJWT
+	} else if isRequestPostPolicySignatureV4(r) {
+		return authTypePostPolicy
+	} else if _, ok := r.Header["Authorization"]; !ok {
+		return authTypeAnonymous
+	}
+	return authTypeUnknown
+}
+
+// sum256 calculate sha256 sum for an input byte array
+func sum256(data []byte) []byte {
+	hash := fastSha256.New()
+	hash.Write(data)
+	return hash.Sum(nil)
+}
+
+// sumMD5 calculate md5 sum for an input byte array
+func sumMD5(data []byte) []byte {
+	hash := md5.New()
+	hash.Write(data)
+	return hash.Sum(nil)
+}
+
+// Verify if request has valid AWS Signature Version '4'.
+func isReqAuthenticated(r *http.Request) (s3Error APIErrorCode) {
+	if r == nil {
+		errorIf(probe.NewError(errInvalidArgument), "HTTP request cannot be empty.", nil)
+		return ErrInternalError
+	}
+	payload, e := ioutil.ReadAll(r.Body)
+	if e != nil {
+		errorIf(probe.NewError(e), "Unable to read HTTP body.", nil)
+		return ErrInternalError
+	}
+	// Verify Content-Md5, if payload is set.
+	if r.Header.Get("Content-Md5") != "" {
+		if r.Header.Get("Content-Md5") != base64.StdEncoding.EncodeToString(sumMD5(payload)) {
+			return ErrBadDigest
+		}
+	}
+	// Populate back the payload.
+	r.Body = ioutil.NopCloser(bytes.NewReader(payload))
+	validateRegion := true // Validate region.
+	if isRequestSignatureV4(r) {
+		return doesSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
+	} else if isRequestPresignedSignatureV4(r) {
+		return doesPresignedSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
+	}
+	return ErrAccessDenied
+}
+
+// authHandler - handles all the incoming authorization headers and
+// validates them if possible.
+type authHandler struct {
+	handler http.Handler
+}
+
+// setAuthHandler to validate authorization header for the incoming request.
+func setAuthHandler(h http.Handler) http.Handler {
+	return authHandler{h}
+}
+
+// handler for validating incoming authorization headers.
+func (a authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	switch getRequestAuthType(r) {
+	case authTypeAnonymous, authTypePresigned, authTypeSigned, authTypePostPolicy:
+		// Let top level caller validate for anonymous and known
+		// signed requests.
+		a.handler.ServeHTTP(w, r)
+		return
+	case authTypeJWT:
+		// Validate Authorization header if its valid for JWT request.
+		if !isJWTReqAuthenticated(r) {
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+		a.handler.ServeHTTP(w, r)
+	default:
+		writeErrorResponse(w, r, ErrSignatureVersionNotSupported, r.URL.Path)
+		return
+	}
+}

bucket-handlers.go

@@ -0,0 +1,668 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/xml"
+	"io"
+	"io/ioutil"
+	"mime/multipart"
+	"net/http"
+	"net/url"
+	"strings"
+
+	mux "github.com/gorilla/mux"
+	"github.com/minio/minio/pkg/probe"
+)
+
+// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+func enforceBucketPolicy(action string, bucket string, reqURL *url.URL) (s3Error APIErrorCode) {
+	// Read saved bucket policy.
+	policy, err := readBucketPolicy(bucket)
+	if err != nil {
+		errorIf(err.Trace(bucket), "GetBucketPolicy failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNotFound:
+			return ErrNoSuchBucket
+		case BucketNameInvalid:
+			return ErrInvalidBucketName
+		default:
+			// For any other error just return AccessDenied.
+			return ErrAccessDenied
+		}
+	}
+	// Parse the saved policy.
+	bucketPolicy, e := parseBucketPolicy(policy)
+	if e != nil {
+		errorIf(probe.NewError(e), "Parse policy failed.", nil)
+		return ErrAccessDenied
+	}
+
+	// Construct resource in 'arn:aws:s3:::examplebucket' format.
+	resource := AWSResourcePrefix + strings.TrimPrefix(reqURL.Path, "/")
+
+	// Get conditions for policy verification.
+	conditions := make(map[string]string)
+	for queryParam := range reqURL.Query() {
+		conditions[queryParam] = reqURL.Query().Get(queryParam)
+	}
+
+	// Validate action, resource and conditions with current policy statements.
+	if !bucketPolicyEvalStatements(action, resource, conditions, bucketPolicy.Statements) {
+		return ErrAccessDenied
+	}
+	return ErrNone
+}
+
+// GetBucketLocationHandler - GET Bucket location.
+// -------------------------
+// This operation returns bucket location.
+func (api objectStorageAPI) GetBucketLocationHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypeAnonymous:
+		// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+		if s3Error := enforceBucketPolicy("s3:GetBucketLocation", bucket, r.URL); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	case authTypeSigned, authTypePresigned:
+		payload, e := ioutil.ReadAll(r.Body)
+		if e != nil {
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+			return
+		}
+		// Verify Content-Md5, if payload is set.
+		if r.Header.Get("Content-Md5") != "" {
+			if r.Header.Get("Content-Md5") != base64.StdEncoding.EncodeToString(sumMD5(payload)) {
+				writeErrorResponse(w, r, ErrBadDigest, r.URL.Path)
+				return
+			}
+		}
+		// Populate back the payload.
+		r.Body = ioutil.NopCloser(bytes.NewReader(payload))
+		var s3Error APIErrorCode // API error code.
+		validateRegion := false  // Validate region.
+		if isRequestSignatureV4(r) {
+			s3Error = doesSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
+		} else if isRequestPresignedSignatureV4(r) {
+			s3Error = doesPresignedSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
+		}
+		if s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	_, err := api.ObjectAPI.GetBucketInfo(bucket)
+	if err != nil {
+		errorIf(err.Trace(), "GetBucketInfo failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNotFound:
+			writeErrorResponse(w, r, ErrNoSuchBucket, r.URL.Path)
+		case BucketNameInvalid:
+			writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+
+	// Generate response.
+	encodedSuccessResponse := encodeResponse(LocationResponse{})
+	// Get current region.
+	region := serverConfig.GetRegion()
+	if region != "us-east-1" {
+		encodedSuccessResponse = encodeResponse(LocationResponse{
+			Location: region,
+		})
+	}
+	setCommonHeaders(w) // Write headers.
+	writeSuccessResponse(w, encodedSuccessResponse)
+}
+
+// ListMultipartUploadsHandler - GET Bucket (List Multipart uploads)
+// -------------------------
+// This operation lists in-progress multipart uploads. An in-progress
+// multipart upload is a multipart upload that has been initiated,
+// using the Initiate Multipart Upload request, but has not yet been
+// completed or aborted. This operation returns at most 1,000 multipart
+// uploads in the response.
+//
+func (api objectStorageAPI) ListMultipartUploadsHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypeAnonymous:
+		// http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html
+		if s3Error := enforceBucketPolicy("s3:ListBucketMultipartUploads", bucket, r.URL); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	prefix, keyMarker, uploadIDMarker, delimiter, maxUploads, _ := getBucketMultipartResources(r.URL.Query())
+	if maxUploads < 0 {
+		writeErrorResponse(w, r, ErrInvalidMaxUploads, r.URL.Path)
+		return
+	}
+	if keyMarker != "" {
+		// Unescape keyMarker string
+		keyMarkerUnescaped, e := url.QueryUnescape(keyMarker)
+		if e != nil {
+			if e != nil {
+				// Return 'NoSuchKey' to indicate invalid marker key.
+				writeErrorResponse(w, r, ErrNoSuchKey, r.URL.Path)
+				return
+			}
+			keyMarker = keyMarkerUnescaped
+			// Marker not common with prefix is not implemented.
+			if !strings.HasPrefix(keyMarker, prefix) {
+				writeErrorResponse(w, r, ErrNotImplemented, r.URL.Path)
+				return
+			}
+		}
+	}
+
+	listMultipartsInfo, err := api.ObjectAPI.ListMultipartUploads(bucket, prefix, keyMarker, uploadIDMarker, delimiter, maxUploads)
+	if err != nil {
+		errorIf(err.Trace(), "ListMultipartUploads failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNotFound:
+			writeErrorResponse(w, r, ErrNoSuchBucket, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+	// generate response
+	response := generateListMultipartUploadsResponse(bucket, listMultipartsInfo)
+	encodedSuccessResponse := encodeResponse(response)
+	// write headers.
+	setCommonHeaders(w)
+	// write success response.
+	writeSuccessResponse(w, encodedSuccessResponse)
+}
+
+// ListObjectsHandler - GET Bucket (List Objects)
+// -- -----------------------
+// This implementation of the GET operation returns some or all (up to 1000)
+// of the objects in a bucket. You can use the request parameters as selection
+// criteria to return a subset of the objects in a bucket.
+//
+func (api objectStorageAPI) ListObjectsHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypeAnonymous:
+		// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+		if s3Error := enforceBucketPolicy("s3:ListBucket", bucket, r.URL); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	case authTypeSigned, authTypePresigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	// TODO handle encoding type.
+	prefix, marker, delimiter, maxkeys, _ := getBucketResources(r.URL.Query())
+	if maxkeys < 0 {
+		writeErrorResponse(w, r, ErrInvalidMaxKeys, r.URL.Path)
+		return
+	}
+	// Verify if delimiter is anything other than '/', which we do not support.
+	if delimiter != "" && delimiter != "/" {
+		writeErrorResponse(w, r, ErrNotImplemented, r.URL.Path)
+		return
+	}
+	// If marker is set unescape.
+	if marker != "" {
+		// Try to unescape marker.
+		markerUnescaped, e := url.QueryUnescape(marker)
+		if e != nil {
+			// Return 'NoSuchKey' to indicate invalid marker key.
+			writeErrorResponse(w, r, ErrNoSuchKey, r.URL.Path)
+			return
+		}
+		marker = markerUnescaped
+		// Marker not common with prefix is not implemented.
+		if !strings.HasPrefix(marker, prefix) {
+			writeErrorResponse(w, r, ErrNotImplemented, r.URL.Path)
+			return
+		}
+	}
+
+	listObjectsInfo, err := api.ObjectAPI.ListObjects(bucket, prefix, marker, delimiter, maxkeys)
+	if err == nil {
+		// generate response
+		response := generateListObjectsResponse(bucket, prefix, marker, delimiter, maxkeys, listObjectsInfo)
+		encodedSuccessResponse := encodeResponse(response)
+		// Write headers
+		setCommonHeaders(w)
+		// Write success response.
+		writeSuccessResponse(w, encodedSuccessResponse)
+		return
+	}
+	switch err.ToGoError().(type) {
+	case BucketNameInvalid:
+		writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+	case BucketNotFound:
+		writeErrorResponse(w, r, ErrNoSuchBucket, r.URL.Path)
+	case ObjectNotFound:
+		writeErrorResponse(w, r, ErrNoSuchKey, r.URL.Path)
+	case ObjectNameInvalid:
+		writeErrorResponse(w, r, ErrNoSuchKey, r.URL.Path)
+	default:
+		errorIf(err.Trace(), "ListObjects failed.", nil)
+		writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+	}
+}
+
+// ListBucketsHandler - GET Service
+// -----------
+// This implementation of the GET operation returns a list of all buckets
+// owned by the authenticated sender of the request.
+func (api objectStorageAPI) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
+	// List buckets does not support bucket policies.
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypeSigned, authTypePresigned:
+		payload, e := ioutil.ReadAll(r.Body)
+		if e != nil {
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+			return
+		}
+		// Verify Content-Md5, if payload is set.
+		if r.Header.Get("Content-Md5") != "" {
+			if r.Header.Get("Content-Md5") != base64.StdEncoding.EncodeToString(sumMD5(payload)) {
+				writeErrorResponse(w, r, ErrBadDigest, r.URL.Path)
+				return
+			}
+		}
+		// Populate back the payload.
+		r.Body = ioutil.NopCloser(bytes.NewReader(payload))
+		var s3Error APIErrorCode // API error code.
+		validateRegion := false  // Validate region.
+		if isRequestSignatureV4(r) {
+			s3Error = doesSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
+		} else if isRequestPresignedSignatureV4(r) {
+			s3Error = doesPresignedSignatureMatch(hex.EncodeToString(sum256(payload)), r, validateRegion)
+		}
+		if s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	bucketsInfo, err := api.ObjectAPI.ListBuckets()
+	if err == nil {
+		// generate response
+		response := generateListBucketsResponse(bucketsInfo)
+		encodedSuccessResponse := encodeResponse(response)
+		// write headers
+		setCommonHeaders(w)
+		// write response
+		writeSuccessResponse(w, encodedSuccessResponse)
+		return
+	}
+	errorIf(err.Trace(), "ListBuckets failed.", nil)
+	writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+}
+
+// DeleteMultipleObjectsHandler - deletes multiple objects.
+func (api objectStorageAPI) DeleteMultipleObjectsHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypeAnonymous:
+		// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+		if s3Error := enforceBucketPolicy("s3:DeleteObject", bucket, r.URL); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	// Content-Length is required and should be non-zero
+	// http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html
+	if r.ContentLength <= 0 {
+		writeErrorResponse(w, r, ErrMissingContentLength, r.URL.Path)
+		return
+	}
+
+	// Content-Md5 is requied should be set
+	// http://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html
+	if _, ok := r.Header["Content-Md5"]; !ok {
+		writeErrorResponse(w, r, ErrMissingContentMD5, r.URL.Path)
+		return
+	}
+
+	// Allocate incoming content length bytes.
+	deleteXMLBytes := make([]byte, r.ContentLength)
+
+	// Read incoming body XML bytes.
+	_, e := io.ReadFull(r.Body, deleteXMLBytes)
+	if e != nil {
+		errorIf(probe.NewError(e), "DeleteMultipleObjects failed.", nil)
+		writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		return
+	}
+
+	// Unmarshal list of keys to be deleted.
+	deleteObjects := &DeleteObjectsRequest{}
+	if e := xml.Unmarshal(deleteXMLBytes, deleteObjects); e != nil {
+		writeErrorResponse(w, r, ErrMalformedXML, r.URL.Path)
+		return
+	}
+
+	var deleteErrors []DeleteError
+	var deletedObjects []ObjectIdentifier
+	// Loop through all the objects and delete them sequentially.
+	for _, object := range deleteObjects.Objects {
+		err := api.ObjectAPI.DeleteObject(bucket, object.ObjectName)
+		if err == nil {
+			deletedObjects = append(deletedObjects, ObjectIdentifier{
+				ObjectName: object.ObjectName,
+			})
+		} else {
+			errorIf(err.Trace(object.ObjectName), "DeleteObject failed.", nil)
+			switch err.ToGoError().(type) {
+			case BucketNameInvalid:
+				deleteErrors = append(deleteErrors, DeleteError{
+					Code:    errorCodeResponse[ErrInvalidBucketName].Code,
+					Message: errorCodeResponse[ErrInvalidBucketName].Description,
+					Key:     object.ObjectName,
+				})
+			case BucketNotFound:
+				deleteErrors = append(deleteErrors, DeleteError{
+					Code:    errorCodeResponse[ErrNoSuchBucket].Code,
+					Message: errorCodeResponse[ErrNoSuchBucket].Description,
+					Key:     object.ObjectName,
+				})
+			case ObjectNotFound:
+				deleteErrors = append(deleteErrors, DeleteError{
+					Code:    errorCodeResponse[ErrNoSuchKey].Code,
+					Message: errorCodeResponse[ErrNoSuchKey].Description,
+					Key:     object.ObjectName,
+				})
+			case ObjectNameInvalid:
+				deleteErrors = append(deleteErrors, DeleteError{
+					Code:    errorCodeResponse[ErrNoSuchKey].Code,
+					Message: errorCodeResponse[ErrNoSuchKey].Description,
+					Key:     object.ObjectName,
+				})
+			default:
+				deleteErrors = append(deleteErrors, DeleteError{
+					Code:    errorCodeResponse[ErrInternalError].Code,
+					Message: errorCodeResponse[ErrInternalError].Description,
+					Key:     object.ObjectName,
+				})
+			}
+		}
+	}
+	// Generate response
+	response := generateMultiDeleteResponse(deleteObjects.Quiet, deletedObjects, deleteErrors)
+	encodedSuccessResponse := encodeResponse(response)
+	// Write headers
+	setCommonHeaders(w)
+	// Write success response.
+	writeSuccessResponse(w, encodedSuccessResponse)
+}
+
+// PutBucketHandler - PUT Bucket
+// ----------
+// This implementation of the PUT operation creates a new bucket for authenticated request
+func (api objectStorageAPI) PutBucketHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	// Set http request for signature.
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	// Make bucket.
+	err := api.ObjectAPI.MakeBucket(bucket)
+	if err != nil {
+		errorIf(err.Trace(), "MakeBucket failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNameInvalid:
+			writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+		case BucketExists:
+			writeErrorResponse(w, r, ErrBucketAlreadyExists, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+	// Make sure to add Location information here only for bucket
+	w.Header().Set("Location", getLocation(r))
+	writeSuccessResponse(w, nil)
+}
+
+func extractHTTPFormValues(reader *multipart.Reader) (io.Reader, map[string]string, *probe.Error) {
+	/// HTML Form values
+	formValues := make(map[string]string)
+	filePart := new(bytes.Buffer)
+	var e error
+	for e == nil {
+		var part *multipart.Part
+		part, e = reader.NextPart()
+		if part != nil {
+			if part.FileName() == "" {
+				buffer, e := ioutil.ReadAll(part)
+				if e != nil {
+					return nil, nil, probe.NewError(e)
+				}
+				formValues[http.CanonicalHeaderKey(part.FormName())] = string(buffer)
+			} else {
+				if _, e := io.Copy(filePart, part); e != nil {
+					return nil, nil, probe.NewError(e)
+				}
+			}
+		}
+	}
+	return filePart, formValues, nil
+}
+
+// PostPolicyBucketHandler - POST policy
+// ----------
+// This implementation of the POST operation handles object creation with a specified
+// signature policy in multipart/form-data
+func (api objectStorageAPI) PostPolicyBucketHandler(w http.ResponseWriter, r *http.Request) {
+	// Here the parameter is the size of the form data that should
+	// be loaded in memory, the remaining being put in temporary files.
+	reader, e := r.MultipartReader()
+	if e != nil {
+		errorIf(probe.NewError(e), "Unable to initialize multipart reader.", nil)
+		writeErrorResponse(w, r, ErrMalformedPOSTRequest, r.URL.Path)
+		return
+	}
+
+	fileBody, formValues, err := extractHTTPFormValues(reader)
+	if err != nil {
+		errorIf(err.Trace(), "Unable to parse form values.", nil)
+		writeErrorResponse(w, r, ErrMalformedPOSTRequest, r.URL.Path)
+		return
+	}
+	bucket := mux.Vars(r)["bucket"]
+	formValues["Bucket"] = bucket
+	object := formValues["Key"]
+
+	// Verify policy signature.
+	apiErr := doesPolicySignatureMatch(formValues)
+	if apiErr != ErrNone {
+		writeErrorResponse(w, r, apiErr, r.URL.Path)
+		return
+	}
+	if apiErr = checkPostPolicy(formValues); apiErr != ErrNone {
+		writeErrorResponse(w, r, apiErr, r.URL.Path)
+		return
+	}
+	objInfo, err := api.ObjectAPI.PutObject(bucket, object, -1, fileBody, nil)
+	if err != nil {
+		errorIf(err.Trace(), "PutObject failed.", nil)
+		switch err.ToGoError().(type) {
+		case RootPathFull:
+			writeErrorResponse(w, r, ErrRootPathFull, r.URL.Path)
+		case BucketNotFound:
+			writeErrorResponse(w, r, ErrNoSuchBucket, r.URL.Path)
+		case BucketNameInvalid:
+			writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+		case BadDigest:
+			writeErrorResponse(w, r, ErrBadDigest, r.URL.Path)
+		case IncompleteBody:
+			writeErrorResponse(w, r, ErrIncompleteBody, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+	if objInfo.MD5Sum != "" {
+		w.Header().Set("ETag", "\""+objInfo.MD5Sum+"\"")
+	}
+	writeSuccessResponse(w, nil)
+}
+
+// HeadBucketHandler - HEAD Bucket
+// ----------
+// This operation is useful to determine if a bucket exists.
+// The operation returns a 200 OK if the bucket exists and you
+// have permission to access it. Otherwise, the operation might
+// return responses such as 404 Not Found and 403 Forbidden.
+func (api objectStorageAPI) HeadBucketHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypeAnonymous:
+		// http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+		if s3Error := enforceBucketPolicy("s3:ListBucket", bucket, r.URL); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	_, err := api.ObjectAPI.GetBucketInfo(bucket)
+	if err != nil {
+		errorIf(err.Trace(), "GetBucketInfo failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNotFound:
+			writeErrorResponse(w, r, ErrNoSuchBucket, r.URL.Path)
+		case BucketNameInvalid:
+			writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+	writeSuccessResponse(w, nil)
+}
+
+// DeleteBucketHandler - Delete bucket
+func (api objectStorageAPI) DeleteBucketHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	err := api.ObjectAPI.DeleteBucket(bucket)
+	if err != nil {
+		errorIf(err.Trace(), "DeleteBucket failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNotFound:
+			writeErrorResponse(w, r, ErrNoSuchBucket, r.URL.Path)
+		case BucketNotEmpty:
+			writeErrorResponse(w, r, ErrBucketNotEmpty, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+
+	// Delete bucket access policy, if present - ignore any errors.
+	removeBucketPolicy(bucket)
+
+	// Write success response.
+	writeSuccessNoContent(w)
+}

bucket-policy-handlers.go

@@ -0,0 +1,272 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"regexp"
+	"strings"
+
+	mux "github.com/gorilla/mux"
+	"github.com/minio/minio/pkg/probe"
+)
+
+// maximum supported access policy size.
+const maxAccessPolicySize = 20 * 1024 * 1024 // 20KiB.
+
+// Verify if a given action is valid for the url path based on the
+// existing bucket access policy.
+func bucketPolicyEvalStatements(action string, resource string, conditions map[string]string, statements []policyStatement) bool {
+	for _, statement := range statements {
+		if bucketPolicyMatchStatement(action, resource, conditions, statement) {
+			if statement.Effect == "Allow" {
+				return true
+			}
+			// Do not uncomment kept here for readability.
+			// else statement.Effect == "Deny"
+			return false
+		}
+	}
+	// None match so deny.
+	return false
+}
+
+// Verify if action, resource and conditions match input policy statement.
+func bucketPolicyMatchStatement(action string, resource string, conditions map[string]string, statement policyStatement) bool {
+	// Verify if action matches.
+	if bucketPolicyActionMatch(action, statement) {
+		// Verify if resource matches.
+		if bucketPolicyResourceMatch(resource, statement) {
+			// Verify if condition matches.
+			if bucketPolicyConditionMatch(conditions, statement) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// Verify if given action matches with policy statement.
+func bucketPolicyActionMatch(action string, statement policyStatement) bool {
+	for _, policyAction := range statement.Actions {
+		// Policy action can be a regex, validate the action with matching string.
+		matched, e := regexp.MatchString(policyAction, action)
+		fatalIf(probe.NewError(e), "Invalid pattern, please verify the pattern string.", nil)
+		if matched {
+			return true
+		}
+	}
+	return false
+}
+
+// Verify if given resource matches with policy statement.
+func bucketPolicyResourceMatch(resource string, statement policyStatement) bool {
+	for _, presource := range statement.Resources {
+		matched, e := regexp.MatchString(presource, strings.TrimPrefix(resource, "/"))
+		fatalIf(probe.NewError(e), "Invalid pattern, please verify the pattern string.", nil)
+		// For any path matches, we return quickly and the let the caller continue.
+		if matched {
+			return true
+		}
+	}
+	return false
+}
+
+// Verify if given condition matches with policy statement.
+func bucketPolicyConditionMatch(conditions map[string]string, statement policyStatement) bool {
+	// Supports following conditions.
+	// - StringEquals
+	// - StringNotEquals
+	//
+	// Supported applicable condition keys for each conditions.
+	// - s3:prefix
+	// - s3:max-keys
+	var conditionMatches = true
+	for condition, conditionKeys := range statement.Conditions {
+		if condition == "StringEquals" {
+			if conditionKeys["s3:prefix"] != conditions["prefix"] {
+				conditionMatches = false
+				break
+			}
+			if conditionKeys["s3:max-keys"] != conditions["max-keys"] {
+				conditionMatches = false
+				break
+			}
+		} else if condition == "StringNotEquals" {
+			if conditionKeys["s3:prefix"] == conditions["prefix"] {
+				conditionMatches = false
+				break
+			}
+			if conditionKeys["s3:max-keys"] == conditions["max-keys"] {
+				conditionMatches = false
+				break
+			}
+		}
+	}
+	return conditionMatches
+}
+
+// PutBucketPolicyHandler - PUT Bucket policy
+// -----------------
+// This implementation of the PUT operation uses the policy
+// subresource to add to or replace a policy on a bucket
+func (api objectStorageAPI) PutBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	// If Content-Length is unknown or zero, deny the
+	// request. PutBucketPolicy always needs a Content-Length if
+	// incoming request is not chunked.
+	if !contains(r.TransferEncoding, "chunked") {
+		if r.ContentLength == -1 || r.ContentLength == 0 {
+			writeErrorResponse(w, r, ErrMissingContentLength, r.URL.Path)
+			return
+		}
+		// If Content-Length is greater than maximum allowed policy size.
+		if r.ContentLength > maxAccessPolicySize {
+			writeErrorResponse(w, r, ErrEntityTooLarge, r.URL.Path)
+			return
+		}
+	}
+
+	// Read access policy up to maxAccessPolicySize.
+	// http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
+	// bucket policies are limited to 20KB in size, using a limit reader.
+	bucketPolicyBuf, e := ioutil.ReadAll(io.LimitReader(r.Body, maxAccessPolicySize))
+	if e != nil {
+		errorIf(probe.NewError(e).Trace(bucket), "Reading policy failed.", nil)
+		writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		return
+	}
+
+	// Parse bucket policy.
+	bucketPolicy, e := parseBucketPolicy(bucketPolicyBuf)
+	if e != nil {
+		errorIf(probe.NewError(e), "Unable to parse bucket policy.", nil)
+		writeErrorResponse(w, r, ErrInvalidPolicyDocument, r.URL.Path)
+		return
+	}
+
+	// Parse check bucket policy.
+	if s3Error := checkBucketPolicyResources(bucket, bucketPolicy); s3Error != ErrNone {
+		writeErrorResponse(w, r, s3Error, r.URL.Path)
+		return
+	}
+
+	// Save bucket policy.
+	err := writeBucketPolicy(bucket, bucketPolicyBuf)
+	if err != nil {
+		errorIf(err.Trace(bucket, string(bucketPolicyBuf)), "SaveBucketPolicy failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNameInvalid:
+			writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+	writeSuccessNoContent(w)
+}
+
+// DeleteBucketPolicyHandler - DELETE Bucket policy
+// -----------------
+// This implementation of the DELETE operation uses the policy
+// subresource to add to remove a policy on a bucket.
+func (api objectStorageAPI) DeleteBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	// Delete bucket access policy.
+	err := removeBucketPolicy(bucket)
+	if err != nil {
+		errorIf(err.Trace(bucket), "DeleteBucketPolicy failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNameInvalid:
+			writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+		case BucketPolicyNotFound:
+			writeErrorResponse(w, r, ErrNoSuchBucketPolicy, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+	writeSuccessNoContent(w)
+}
+
+// GetBucketPolicyHandler - GET Bucket policy
+// -----------------
+// This operation uses the policy
+// subresource to return the policy of a specified bucket.
+func (api objectStorageAPI) GetBucketPolicyHandler(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	bucket := vars["bucket"]
+
+	switch getRequestAuthType(r) {
+	default:
+		// For all unknown auth types return error.
+		writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path)
+		return
+	case authTypePresigned, authTypeSigned:
+		if s3Error := isReqAuthenticated(r); s3Error != ErrNone {
+			writeErrorResponse(w, r, s3Error, r.URL.Path)
+			return
+		}
+	}
+
+	// Read bucket access policy.
+	p, err := readBucketPolicy(bucket)
+	if err != nil {
+		errorIf(err.Trace(bucket), "GetBucketPolicy failed.", nil)
+		switch err.ToGoError().(type) {
+		case BucketNameInvalid:
+			writeErrorResponse(w, r, ErrInvalidBucketName, r.URL.Path)
+		case BucketPolicyNotFound:
+			writeErrorResponse(w, r, ErrNoSuchBucketPolicy, r.URL.Path)
+		default:
+			writeErrorResponse(w, r, ErrInternalError, r.URL.Path)
+		}
+		return
+	}
+	io.Copy(w, bytes.NewReader(p))
+}

bucket-policy-parser.go

@@ -0,0 +1,320 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// This file implements AWS Access Policy Language parser in
+// accordance with http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"regexp"
+	"sort"
+	"strings"
+)
+
+const (
+	// AWSResourcePrefix - bucket policy resource prefix.
+	AWSResourcePrefix = "arn:aws:s3:::"
+)
+
+// supportedActionMap - lists all the actions supported by minio.
+var supportedActionMap = map[string]struct{}{
+	"s3:GetObject":                  {},
+	"s3:ListBucket":                 {},
+	"s3:PutObject":                  {},
+	"s3:GetBucketLocation":          {},
+	"s3:DeleteObject":               {},
+	"s3:AbortMultipartUpload":       {},
+	"s3:ListBucketMultipartUploads": {},
+	"s3:ListMultipartUploadParts":   {},
+}
+
+// supported Conditions type.
+var supportedConditionsType = map[string]struct{}{
+	"StringEquals":    {},
+	"StringNotEquals": {},
+}
+
+// Validate s3:prefix, s3:max-keys are present if not
+// supported keys for the conditions.
+var supportedConditionsKey = map[string]struct{}{
+	"s3:prefix":   {},
+	"s3:max-keys": {},
+}
+
+// User - canonical users list.
+type policyUser struct {
+	AWS []string
+}
+
+// Statement - minio policy statement
+type policyStatement struct {
+	Sid        string
+	Effect     string
+	Principal  policyUser                   `json:"Principal"`
+	Actions    []string                     `json:"Action"`
+	Resources  []string                     `json:"Resource"`
+	Conditions map[string]map[string]string `json:"Condition"`
+}
+
+// BucketPolicy - minio policy collection
+type BucketPolicy struct {
+	Version    string            // date in 0000-00-00 format
+	Statements []policyStatement `json:"Statement"`
+}
+
+// supportedEffectMap - supported effects.
+var supportedEffectMap = map[string]struct{}{
+	"Allow": {},
+	"Deny":  {},
+}
+
+// isValidActions - are actions valid.
+func isValidActions(actions []string) (err error) {
+	// Statement actions cannot be empty.
+	if len(actions) == 0 {
+		err = errors.New("Action list cannot be empty.")
+		return err
+	}
+	for _, action := range actions {
+		if _, ok := supportedActionMap[action]; !ok {
+			err = errors.New("Unsupported action found: ‘" + action + "’, please validate your policy document.")
+			return err
+		}
+	}
+	return nil
+}
+
+// isValidEffect - is effect valid.
+func isValidEffect(effect string) error {
+	// Statement effect cannot be empty.
+	if len(effect) == 0 {
+		err := errors.New("Policy effect cannot be empty.")
+		return err
+	}
+	_, ok := supportedEffectMap[effect]
+	if !ok {
+		err := errors.New("Unsupported Effect found: ‘" + effect + "’, please validate your policy document.")
+		return err
+	}
+	return nil
+}
+
+// isValidResources - are valid resources.
+func isValidResources(resources []string) (err error) {
+	// Statement resources cannot be empty.
+	if len(resources) == 0 {
+		err = errors.New("Resource list cannot be empty.")
+		return err
+	}
+	for _, resource := range resources {
+		if !strings.HasPrefix(resource, AWSResourcePrefix) {
+			err = errors.New("Unsupported resource style found: ‘" + resource + "’, please validate your policy document.")
+			return err
+		}
+		resourceSuffix := strings.SplitAfter(resource, AWSResourcePrefix)[1]
+		if len(resourceSuffix) == 0 || strings.HasPrefix(resourceSuffix, "/") {
+			err = errors.New("Invalid resource style found: ‘" + resource + "’, please validate your policy document.")
+			return err
+		}
+	}
+	return nil
+}
+
+// isValidPrincipals - are valid principals.
+func isValidPrincipals(principals []string) (err error) {
+	// Statement principal should have a value.
+	if len(principals) == 0 {
+		err = errors.New("Principal cannot be empty.")
+		return err
+	}
+	for _, principal := range principals {
+		// Minio does not support or implement IAM, "*" is the only valid value.
+		// Amazon s3 doc on principals: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Principal
+		if principal != "*" {
+			err = fmt.Errorf("Unsupported principal style found: ‘%s’, please validate your policy document.", principal)
+			return err
+		}
+	}
+	return nil
+}
+
+// isValidConditions - are valid conditions.
+func isValidConditions(conditions map[string]map[string]string) (err error) {
+	// Returns true if string 'a' is found in the list.
+	findString := func(a string, list []string) bool {
+		for _, b := range list {
+			if b == a {
+				return true
+			}
+		}
+		return false
+	}
+	conditionKeyVal := make(map[string][]string)
+	// Verify conditions should be valid.
+	// Validate if stringEquals, stringNotEquals are present
+	// if not throw an error.
+	for conditionType := range conditions {
+		_, validType := supportedConditionsType[conditionType]
+		if !validType {
+			err = fmt.Errorf("Unsupported condition type '%s', please validate your policy document.", conditionType)
+			return err
+		}
+		for key := range conditions[conditionType] {
+			_, validKey := supportedConditionsKey[key]
+			if !validKey {
+				err = fmt.Errorf("Unsupported condition key '%s', please validate your policy document.", conditionType)
+				return err
+			}
+			conditionArray, ok := conditionKeyVal[key]
+			if ok && findString(conditions[conditionType][key], conditionArray) {
+				err = fmt.Errorf("Ambigious condition values for key '%s', please validate your policy document.", key)
+				return err
+			}
+			conditionKeyVal[key] = append(conditionKeyVal[key], conditions[conditionType][key])
+		}
+	}
+	return nil
+}
+
+// List of actions for which prefixes are not allowed.
+var invalidPrefixActions = map[string]struct{}{
+	"s3:GetBucketLocation":          {},
+	"s3:ListBucket":                 {},
+	"s3:ListBucketMultipartUploads": {},
+	// Add actions which do not honor prefixes.
+}
+
+// checkBucketPolicyResources validates Resources in unmarshalled bucket policy structure.
+// First valation of Resources done for given set of Actions.
+// Later its validated for recursive Resources.
+func checkBucketPolicyResources(bucket string, bucketPolicy BucketPolicy) APIErrorCode {
+	// Validate statements for special actions and collect resources
+	// for others to validate nesting.
+	var resourceMap = make(map[string]struct{})
+	for _, statement := range bucketPolicy.Statements {
+		for _, action := range statement.Actions {
+			for _, resource := range statement.Resources {
+				resourcePrefix := strings.SplitAfter(resource, AWSResourcePrefix)[1]
+				if _, ok := invalidPrefixActions[action]; ok {
+					// Resource prefix is not equal to bucket for
+					// prefix invalid actions, reject them.
+					if resourcePrefix != bucket {
+						return ErrMalformedPolicy
+					}
+				} else {
+					// For all other actions validate if resourcePrefix begins
+					// with bucket name, if not reject them.
+					if strings.Split(resourcePrefix, "/")[0] != bucket {
+						return ErrMalformedPolicy
+					}
+					// All valid resources collect them separately to verify nesting.
+					resourceMap[resourcePrefix] = struct{}{}
+				}
+			}
+		}
+	}
+
+	var resources []string
+	for resource := range resourceMap {
+		resources = append(resources, resource)
+	}
+
+	// Sort strings as shorter first.
+	sort.Strings(resources)
+
+	for len(resources) > 1 {
+		var resource string
+		resource, resources = resources[0], resources[1:]
+		resourceRegex := regexp.MustCompile(resource)
+		// Loop through all resources, if one of them matches with
+		// previous shorter one, it means we have detected
+		// nesting. Reject such rules.
+		for _, otherResource := range resources {
+			if resourceRegex.MatchString(otherResource) {
+				return ErrMalformedPolicy
+			}
+		}
+	}
+
+	// No errors found.
+	return ErrNone
+}
+
+// parseBucketPolicy - parses and validates if bucket policy is of
+// proper JSON and follows allowed restrictions with policy standards.
+func parseBucketPolicy(bucketPolicyBuf []byte) (policy BucketPolicy, err error) {
+	if err = json.Unmarshal(bucketPolicyBuf, &policy); err != nil {
+		return BucketPolicy{}, err
+	}
+
+	// Policy version cannot be empty.
+	if len(policy.Version) == 0 {
+		err = errors.New("Policy version cannot be empty.")
+		return BucketPolicy{}, err
+	}
+
+	// Policy statements cannot be empty.
+	if len(policy.Statements) == 0 {
+		err = errors.New("Policy statement cannot be empty.")
+		return BucketPolicy{}, err
+	}
+
+	// Loop through all policy statements and validate entries.
+	for _, statement := range policy.Statements {
+		// Statement effect should be valid.
+		if err := isValidEffect(statement.Effect); err != nil {
+			return BucketPolicy{}, err
+		}
+		// Statement principal should be supported format.
+		if err := isValidPrincipals(statement.Principal.AWS); err != nil {
+			return BucketPolicy{}, err
+		}
+		// Statement actions should be valid.
+		if err := isValidActions(statement.Actions); err != nil {
+			return BucketPolicy{}, err
+		}
+		// Statement resources should be valid.
+		if err := isValidResources(statement.Resources); err != nil {
+			return BucketPolicy{}, err
+		}
+		// Statement conditions should be valid.
+		if err := isValidConditions(statement.Conditions); err != nil {
+			return BucketPolicy{}, err
+		}
+	}
+
+	// Separate deny and allow statements, so that we can apply deny
+	// statements in the beginning followed by Allow statements.
+	var denyStatements []policyStatement
+	var allowStatements []policyStatement
+	for _, statement := range policy.Statements {
+		if statement.Effect == "Deny" {
+			denyStatements = append(denyStatements, statement)
+			continue
+		}
+		// else if statement.Effect == "Allow"
+		allowStatements = append(allowStatements, statement)
+	}
+
+	// Deny statements are enforced first once matched.
+	policy.Statements = append(denyStatements, allowStatements...)
+
+	// Return successfully parsed policy structure.
+	return policy, nil
+}

bucket-policy-parser_test.go

@@ -0,0 +1,645 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"reflect"
+	"testing"
+)
+
+var (
+	readWriteBucketActions = []string{
+		"s3:GetBucketLocation",
+		"s3:ListBucket",
+		"s3:ListBucketMultipartUploads",
+		// Add more bucket level read-write actions here.
+	}
+	readWriteObjectActions = []string{
+		"s3:AbortMultipartUpload",
+		"s3:DeleteObject",
+		"s3:GetObject",
+		"s3:ListMultipartUploadParts",
+		"s3:PutObject",
+		// Add more object level read-write actions here.
+	}
+)
+
+// Write only actions.
+var (
+	writeOnlyBucketActions = []string{
+		"s3:GetBucketLocation",
+		"s3:ListBucketMultipartUploads",
+		// Add more bucket level write actions here.
+	}
+	writeOnlyObjectActions = []string{
+		"s3:AbortMultipartUpload",
+		"s3:DeleteObject",
+		"s3:ListMultipartUploadParts",
+		"s3:PutObject",
+		// Add more object level write actions here.
+	}
+)
+
+// Read only actions.
+var (
+	readOnlyBucketActions = []string{
+		"s3:GetBucketLocation",
+		"s3:ListBucket",
+		// Add more bucket level read actions here.
+	}
+	readOnlyObjectActions = []string{
+		"s3:GetObject",
+		// Add more object level read actions here.
+	}
+)
+
+// Obtain statements for read-write BucketPolicy.
+func setReadWriteStatement(bucketName, objectPrefix string) []policyStatement {
+	bucketResourceStatement := policyStatement{}
+	objectResourceStatement := policyStatement{}
+	statements := []policyStatement{}
+
+	bucketResourceStatement.Effect = "Allow"
+	bucketResourceStatement.Principal.AWS = []string{"*"}
+	bucketResourceStatement.Resources = []string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName)}
+	bucketResourceStatement.Actions = readWriteBucketActions
+	objectResourceStatement.Effect = "Allow"
+	objectResourceStatement.Principal.AWS = []string{"*"}
+	objectResourceStatement.Resources = []string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName+"/"+objectPrefix+"*")}
+	objectResourceStatement.Actions = readWriteObjectActions
+	// Save the read write policy.
+	statements = append(statements, bucketResourceStatement, objectResourceStatement)
+	return statements
+}
+
+// Obtain statements for read only BucketPolicy.
+func setReadOnlyStatement(bucketName, objectPrefix string) []policyStatement {
+	bucketResourceStatement := policyStatement{}
+	objectResourceStatement := policyStatement{}
+	statements := []policyStatement{}
+
+	bucketResourceStatement.Effect = "Allow"
+	bucketResourceStatement.Principal.AWS = []string{"*"}
+	bucketResourceStatement.Resources = []string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName)}
+	bucketResourceStatement.Actions = readOnlyBucketActions
+	objectResourceStatement.Effect = "Allow"
+	objectResourceStatement.Principal.AWS = []string{"*"}
+	objectResourceStatement.Resources = []string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName+"/"+objectPrefix+"*")}
+	objectResourceStatement.Actions = readOnlyObjectActions
+	// Save the read only policy.
+	statements = append(statements, bucketResourceStatement, objectResourceStatement)
+	return statements
+}
+
+// Obtain statements for write only BucketPolicy.
+func setWriteOnlyStatement(bucketName, objectPrefix string) []policyStatement {
+	bucketResourceStatement := policyStatement{}
+	objectResourceStatement := policyStatement{}
+	statements := []policyStatement{}
+	// Write only policy.
+	bucketResourceStatement.Effect = "Allow"
+	bucketResourceStatement.Principal.AWS = []string{"*"}
+	bucketResourceStatement.Resources = []string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName)}
+	bucketResourceStatement.Actions = writeOnlyBucketActions
+	objectResourceStatement.Effect = "Allow"
+	objectResourceStatement.Principal.AWS = []string{"*"}
+	objectResourceStatement.Resources = []string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName+"/"+objectPrefix+"*")}
+	objectResourceStatement.Actions = writeOnlyObjectActions
+	// Save the write only policy.
+	statements = append(statements, bucketResourceStatement, objectResourceStatement)
+	return statements
+}
+
+// Tests validate Action validator.
+func TestIsValidActions(t *testing.T) {
+	testCases := []struct {
+		// input.
+		actions []string
+		// expected output.
+		err error
+		// flag indicating whether the test should pass.
+		shouldPass bool
+	}{
+		// Inputs with unsupported Action.
+		// Test case - 1.
+		// "s3:ListObject" is an invalid Action.
+		{[]string{"s3:GetObject", "s3:ListObject", "s3:RemoveObject"}, errors.New("Unsupported action found: ‘s3:ListObject’, please validate your policy document."), false},
+		// Test case - 2.
+		// Empty Actions.
+		{[]string{}, errors.New("Action list cannot be empty."), false},
+		// Test case - 3.
+		// "s3:DeleteEverything"" is an invalid Action.
+		{[]string{"s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:DeleteEverything"}, errors.New("Unsupported action found: ‘s3:DeleteEverything’, please validate your policy document."), false},
+
+		// Inputs with valid Action.
+		// Test Case - 4.
+		{[]string{"s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:GetBucketLocation", "s3:DeleteObject", "s3:AbortMultipartUpload", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts"}, nil, true},
+	}
+	for i, testCase := range testCases {
+		err := isValidActions(testCase.actions)
+		if err != nil && testCase.shouldPass {
+			t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
+		}
+		if err == nil && !testCase.shouldPass {
+			t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
+		}
+		// Failed as expected, but does it fail for the expected reason.
+		if err != nil && !testCase.shouldPass {
+			if err.Error() != testCase.err.Error() {
+				t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
+			}
+		}
+
+	}
+}
+
+// Tests validate Effect validator.
+func TestIsValidEffect(t *testing.T) {
+	testCases := []struct {
+		// input.
+		effect string
+		// expected output.
+		err error
+		// flag indicating whether the test should pass.
+		shouldPass bool
+	}{
+		// Inputs with unsupported Effect.
+		// Test case - 1.
+		{"DontAllow", errors.New("Unsupported Effect found: ‘DontAllow’, please validate your policy document."), false},
+		// Test case - 2.
+		{"NeverAllow", errors.New("Unsupported Effect found: ‘NeverAllow’, please validate your policy document."), false},
+		// Test case - 3.
+		{"AllowAlways", errors.New("Unsupported Effect found: ‘AllowAlways’, please validate your policy document."), false},
+
+		// Inputs with valid Effect.
+		// Test Case - 4.
+		{"Allow", nil, true},
+		// Test Case - 5.
+		{"Deny", nil, true},
+	}
+	for i, testCase := range testCases {
+		err := isValidEffect(testCase.effect)
+		if err != nil && testCase.shouldPass {
+			t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
+		}
+		if err == nil && !testCase.shouldPass {
+			t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
+		}
+		// Failed as expected, but does it fail for the expected reason.
+		if err != nil && !testCase.shouldPass {
+			if err.Error() != testCase.err.Error() {
+				t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
+			}
+		}
+	}
+}
+
+// Tests validate Resources validator.
+func TestIsValidResources(t *testing.T) {
+	testCases := []struct {
+		// input.
+		resources []string
+		// expected output.
+		err error
+		// flag indicating whether the test should pass.
+		shouldPass bool
+	}{
+		// Inputs with unsupported Action.
+		// Test case - 1.
+		// Empty Resources.
+		{[]string{}, errors.New("Resource list cannot be empty."), false},
+		// Test case - 2.
+		// A valid resource should have prefix "arn:aws:s3:::".
+		{[]string{"my-resource"}, errors.New("Unsupported resource style found: ‘my-resource’, please validate your policy document."), false},
+		// Test case - 3.
+		// A Valid resource should have bucket name followed by "arn:aws:s3:::".
+		{[]string{"arn:aws:s3:::"}, errors.New("Invalid resource style found: ‘arn:aws:s3:::’, please validate your policy document."), false},
+		// Test Case - 4.
+		// Valid resource shouldn't have slash('/') followed by "arn:aws:s3:::".
+		{[]string{"arn:aws:s3:::/"}, errors.New("Invalid resource style found: ‘arn:aws:s3:::/’, please validate your policy document."), false},
+
+		// Test cases with valid Resources.
+		{[]string{"arn:aws:s3:::my-bucket"}, nil, true},
+		{[]string{"arn:aws:s3:::my-bucket/Asia/*"}, nil, true},
+		{[]string{"arn:aws:s3:::my-bucket/Asia/India/*"}, nil, true},
+	}
+	for i, testCase := range testCases {
+		err := isValidResources(testCase.resources)
+		if err != nil && testCase.shouldPass {
+			t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
+		}
+		if err == nil && !testCase.shouldPass {
+			t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
+		}
+		// Failed as expected, but does it fail for the expected reason.
+		if err != nil && !testCase.shouldPass {
+			if err.Error() != testCase.err.Error() {
+				t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
+			}
+		}
+	}
+}
+
+// Tests validate principals validator.
+func TestIsValidPrincipals(t *testing.T) {
+	testCases := []struct {
+		// input.
+		principals []string
+		// expected output.
+		err error
+		// flag indicating whether the test should pass.
+		shouldPass bool
+	}{
+		// Inputs with unsupported Principals.
+		// Test case - 1.
+		// Empty Principals list.
+		{[]string{}, errors.New("Principal cannot be empty."), false},
+		// Test case - 2.
+		// "*" is the only valid principal.
+		{[]string{"my-principal"}, errors.New("Unsupported principal style found: ‘my-principal’, please validate your policy document."), false},
+		// Test case - 3.
+		{[]string{"*", "111122233"}, errors.New("Unsupported principal style found: ‘111122233’, please validate your policy document."), false},
+
+		// Test case - 4.
+		// Test case with valid principal value.
+		{[]string{"*"}, nil, true},
+	}
+	for i, testCase := range testCases {
+		err := isValidPrincipals(testCase.principals)
+		if err != nil && testCase.shouldPass {
+			t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
+		}
+		if err == nil && !testCase.shouldPass {
+			t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
+		}
+		// Failed as expected, but does it fail for the expected reason.
+		if err != nil && !testCase.shouldPass {
+			if err.Error() != testCase.err.Error() {
+				t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
+			}
+		}
+	}
+}
+
+// Tests validate policyStatement condition validator.
+func TestIsValidConditions(t *testing.T) {
+	// returns empty conditions map.
+	setEmptyConditions := func() map[string]map[string]string {
+		return make(map[string]map[string]string)
+	}
+
+	// returns map with the "StringEquals" set to empty map.
+	setEmptyStringEquals := func() map[string]map[string]string {
+		emptyMap := make(map[string]string)
+		conditions := make(map[string]map[string]string)
+		conditions["StringEquals"] = emptyMap
+		return conditions
+
+	}
+
+	// returns map with the "StringNotEquals" set to empty map.
+	setEmptyStringNotEquals := func() map[string]map[string]string {
+		emptyMap := make(map[string]string)
+		conditions := make(map[string]map[string]string)
+		conditions["StringNotEquals"] = emptyMap
+		return conditions
+
+	}
+	// Generate conditions.
+	generateConditions := func(key1, key2, value string) map[string]map[string]string {
+		innerMap := make(map[string]string)
+		innerMap[key2] = value
+		conditions := make(map[string]map[string]string)
+		conditions[key1] = innerMap
+		return conditions
+	}
+
+	// generate ambigious conditions.
+	generateAmbigiousConditions := func() map[string]map[string]string {
+		innerMap := make(map[string]string)
+		innerMap["s3:prefix"] = "Asia/"
+		conditions := make(map[string]map[string]string)
+		conditions["StringEquals"] = innerMap
+		conditions["StringNotEquals"] = innerMap
+		return conditions
+	}
+
+	// generate valid and non valid type in the condition map.
+	generateValidInvalidConditions := func() map[string]map[string]string {
+		innerMap := make(map[string]string)
+		innerMap["s3:prefix"] = "Asia/"
+		conditions := make(map[string]map[string]string)
+		conditions["StringEquals"] = innerMap
+		conditions["InvalidType"] = innerMap
+		return conditions
+	}
+
+	// generate valid and invalid keys for valid types in the same condition map.
+	generateValidInvalidConditionKeys := func() map[string]map[string]string {
+		innerMapValid := make(map[string]string)
+		innerMapValid["s3:prefix"] = "Asia/"
+		innerMapInValid := make(map[string]string)
+		innerMapInValid["s3:invalid"] = "Asia/"
+		conditions := make(map[string]map[string]string)
+		conditions["StringEquals"] = innerMapValid
+		conditions["StringEquals"] = innerMapInValid
+		return conditions
+	}
+
+	// List of Conditions used for test cases.
+	testConditions := []map[string]map[string]string{
+		generateConditions("StringValues", "s3:max-keys", "100"),
+		generateConditions("StringEquals", "s3:Object", "100"),
+		generateAmbigiousConditions(),
+		generateValidInvalidConditions(),
+		generateValidInvalidConditionKeys(),
+		setEmptyConditions(),
+		setEmptyStringEquals(),
+		setEmptyStringNotEquals(),
+		generateConditions("StringEquals", "s3:prefix", "Asia/"),
+		generateConditions("StringEquals", "s3:max-keys", "100"),
+		generateConditions("StringNotEquals", "s3:prefix", "Asia/"),
+		generateConditions("StringNotEquals", "s3:max-keys", "100"),
+	}
+
+	testCases := []struct {
+		inputCondition map[string]map[string]string
+		// expected result.
+		expectedErr error
+		// flag indicating whether test should pass.
+		shouldPass bool
+	}{
+		// Malformed conditions.
+		// Test case - 1.
+		// "StringValues" is an invalid type.
+		{testConditions[0], fmt.Errorf("Unsupported condition type 'StringValues', " +
+			"please validate your policy document."), false},
+		// Test case - 2.
+		// "s3:Object" is an invalid key.
+		{testConditions[1], fmt.Errorf("Unsupported condition key " +
+			"'StringEquals', please validate your policy document."), false},
+		// Test case - 3.
+		// Test case with Ambigious conditions set.
+		{testConditions[2], fmt.Errorf("Ambigious condition values for key 's3:prefix', " +
+			"please validate your policy document."), false},
+		// Test case - 4.
+		// Test case with valid and invalid condition types.
+		{testConditions[3], fmt.Errorf("Unsupported condition type 'InvalidType', " +
+			"please validate your policy document."), false},
+		// Test case - 5.
+		// Test case with valid and invalid condition keys.
+		{testConditions[4], fmt.Errorf("Unsupported condition key 'StringEquals', " +
+			"please validate your policy document."), false},
+		// Test cases with valid conditions.
+		// Test case - 6.
+		{testConditions[5], nil, true},
+		// Test case - 7.
+		{testConditions[6], nil, true},
+		// Test case - 8.
+		{testConditions[7], nil, true},
+		// Test case - 9.
+		{testConditions[8], nil, true},
+		// Test case - 10.
+		{testConditions[9], nil, true},
+		// Test case - 11.
+		{testConditions[10], nil, true},
+		// Test case 10.
+		{testConditions[11], nil, true},
+	}
+	for i, testCase := range testCases {
+		actualErr := isValidConditions(testCase.inputCondition)
+		if actualErr != nil && testCase.shouldPass {
+			t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, actualErr.Error())
+		}
+		if actualErr == nil && !testCase.shouldPass {
+			t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.expectedErr.Error())
+		}
+		// Failed as expected, but does it fail for the expected reason.
+		if actualErr != nil && !testCase.shouldPass {
+			if actualErr.Error() != testCase.expectedErr.Error() {
+				t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.expectedErr.Error(), actualErr.Error())
+			}
+		}
+	}
+}
+
+// Tests validate Policy Action and Resource fields.
+func TestCheckBucketPolicyResources(t *testing.T) {
+	// constructing policy statement without invalidPrefixActions (check bucket-policy-parser.go).
+	setValidPrefixActions := func(statements []policyStatement) []policyStatement {
+		statements[0].Actions = []string{"s3:DeleteObject", "s3:PutObject"}
+		return statements
+	}
+	// contructing policy statement with recursive resources.
+	// should result in ErrMalformedPolicy
+	setRecurseResource := func(statements []policyStatement) []policyStatement {
+		statements[0].Resources = []string{"arn:aws:s3:::minio-bucket/Asia/*", "arn:aws:s3:::minio-bucket/Asia/India/*"}
+		return statements
+	}
+
+	// List of BucketPolicy used for tests.
+	bucketAccessPolicies := []BucketPolicy{
+		// BucketPolicy - 0.
+		// Contains valid read only policy statement.
+		{Version: "1.0", Statements: setReadOnlyStatement("minio-bucket", "")},
+		// BucketPolicy - 1.
+		// Contains valid read-write only policy statement.
+		{Version: "1.0", Statements: setReadWriteStatement("minio-bucket", "Asia/")},
+		// BucketPolicy - 2.
+		// Contains valid write only policy statement.
+		{Version: "1.0", Statements: setWriteOnlyStatement("minio-bucket", "Asia/India/")},
+		// BucketPolicy - 3.
+		// Contains invalidPrefixActions.
+		// Since resourcePrefix is not to the bucket-name, it return ErrMalformedPolicy.
+		{Version: "1.0", Statements: setReadOnlyStatement("minio-bucket-fail", "Asia/India/")},
+		// BucketPolicy - 4.
+		// constructing policy statement without invalidPrefixActions (check bucket-policy-parser.go).
+		// but bucket part of the resource is not equal to the bucket name.
+		// this results in return of ErrMalformedPolicy.
+		{Version: "1.0", Statements: setValidPrefixActions(setWriteOnlyStatement("minio-bucket-fail", "Asia/India/"))},
+		// BucketPolicy - 5.
+		// constructing policy statement without invalidPrefixActions (check bucket-policy-parser.go).
+		// contructing policy statement with recursive resources.
+		// should result in ErrMalformedPolicy
+		{Version: "1.0", Statements: setRecurseResource(setValidPrefixActions(setWriteOnlyStatement("minio-bucket", "")))},
+	}
+
+	testCases := []struct {
+		inputPolicy BucketPolicy
+		// expected results.
+		apiErrCode APIErrorCode
+		// Flag indicating whether the test should pass.
+		shouldPass bool
+	}{
+		// Test case - 1.
+		{bucketAccessPolicies[0], ErrNone, true},
+		// Test case - 2.
+		{bucketAccessPolicies[1], ErrNone, true},
+		// Test case - 3.
+		{bucketAccessPolicies[2], ErrNone, true},
+		// Test case - 4.
+		// contains invalidPrefixActions (check bucket-policy-parser.go).
+		// Resource prefix will not be equal to the bucket name in this case.
+		{bucketAccessPolicies[3], ErrMalformedPolicy, false},
+		// Test case - 5.
+		// actions contain invalidPrefixActions (check bucket-policy-parser.go).
+		// Resource prefix bucket part is not equal to the bucket name in this case.
+		{bucketAccessPolicies[4], ErrMalformedPolicy, false},
+		// Test case - 6.
+		// contructing policy statement with recursive resources.
+		// should result in ErrMalformedPolicy.
+		{bucketAccessPolicies[5], ErrMalformedPolicy, false},
+	}
+	for i, testCase := range testCases {
+		apiErrCode := checkBucketPolicyResources("minio-bucket", testCase.inputPolicy)
+		if apiErrCode != ErrNone && testCase.shouldPass {
+			t.Errorf("Test %d: Expected to pass, but failed with Errocode %v", i+1, apiErrCode)
+		}
+		if apiErrCode == ErrNone && !testCase.shouldPass {
+			t.Errorf("Test %d: Expected to fail with ErrCode %v, but passed instead", i+1, testCase.apiErrCode)
+		}
+		// Failed as expected, but does it fail for the expected reason.
+		if apiErrCode != ErrNone && !testCase.shouldPass {
+			if testCase.apiErrCode != apiErrCode {
+				t.Errorf("Test %d: Expected to fail with error code %v, but instead failed with error code %v", i+1, testCase.apiErrCode, apiErrCode)
+			}
+		}
+	}
+}
+
+// Tests validate parsing of BucketAccessPolicy.
+func TestParseBucketPolicy(t *testing.T) {
+	// set Unsupported Actions.
+	setUnsupportedActions := func(statements []policyStatement) []policyStatement {
+		// "s3:DeleteEverything"" is an Unsupported Action.
+		statements[0].Actions = []string{"s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:DeleteEverything"}
+		return statements
+	}
+	// set unsupported Effect.
+	setUnsupportedEffect := func(statements []policyStatement) []policyStatement {
+		// Effect "Don't allow" is Unsupported.
+		statements[0].Effect = "DontAllow"
+		return statements
+	}
+	// set unsupported principals.
+	setUnsupportedPrincipals := func(statements []policyStatement) []policyStatement {
+		// "User1111"" is an Unsupported Principal.
+		statements[0].Principal.AWS = []string{"*", "User1111"}
+		return statements
+	}
+	// set unsupported Resources.
+	setUnsupportedResources := func(statements []policyStatement) []policyStatement {
+		// "s3:DeleteEverything"" is an Unsupported Action.
+		statements[0].Resources = []string{"my-resource"}
+		return statements
+	}
+	// List of BucketPolicy used for test cases.
+	bucketAccesPolicies := []BucketPolicy{
+		// BucketPolicy - 0.
+		// BucketPolicy statement empty.
+		{Version: "1.0"},
+		// BucketPolicy - 1.
+		// BucketPolicy version empty.
+		{Version: "", Statements: []policyStatement{}},
+		// BucketPolicy - 2.
+		// Readonly BucketPolicy.
+		{Version: "1.0", Statements: setReadOnlyStatement("minio-bucket", "")},
+		// BucketPolicy - 3.
+		// Read-Write bucket policy.
+		{Version: "1.0", Statements: setReadWriteStatement("minio-bucket", "Asia/")},
+		// BucketPolicy - 4.
+		// Write only bucket policy.
+		{Version: "1.0", Statements: setWriteOnlyStatement("minio-bucket", "Asia/India/")},
+		// BucketPolicy - 5.
+		// BucketPolicy statement contains unsupported action.
+		{Version: "1.0", Statements: setUnsupportedActions(setReadOnlyStatement("minio-bucket", ""))},
+		// BucketPolicy - 6.
+		// BucketPolicy statement contains unsupported Effect.
+		{Version: "1.0", Statements: setUnsupportedEffect(setReadWriteStatement("minio-bucket", "Asia/"))},
+		// BucketPolicy - 7.
+		// BucketPolicy statement contains unsupported Principal.
+		{Version: "1.0", Statements: setUnsupportedPrincipals(setWriteOnlyStatement("minio-bucket", "Asia/India/"))},
+		// BucketPolicy - 8.
+		// BucketPolicy statement contains unsupported Resource.
+		{Version: "1.0", Statements: setUnsupportedResources(setWriteOnlyStatement("minio-bucket", "Asia/India/"))},
+	}
+
+	testCases := []struct {
+		inputPolicy BucketPolicy
+		// expected results.
+		expectedPolicy BucketPolicy
+		err            error
+		// Flag indicating whether the test should pass.
+		shouldPass bool
+	}{
+		// Test case - 1.
+		// BucketPolicy statement empty.
+		{bucketAccesPolicies[0], BucketPolicy{}, errors.New("Policy statement cannot be empty."), false},
+		// Test case - 2.
+		// BucketPolicy version empty.
+		{bucketAccesPolicies[1], BucketPolicy{}, errors.New("Policy version cannot be empty."), false},
+		// Test case - 3.
+		// Readonly BucketPolicy.
+		{bucketAccesPolicies[2], bucketAccesPolicies[2], nil, true},
+		// Test case - 4.
+		// Read-Write bucket policy.
+		{bucketAccesPolicies[3], bucketAccesPolicies[3], nil, true},
+		// Test case - 5.
+		// Write only bucket policy.
+		{bucketAccesPolicies[4], bucketAccesPolicies[4], nil, true},
+		// Test case - 6.
+		// BucketPolicy statement contains unsupported action.
+		{bucketAccesPolicies[5], bucketAccesPolicies[5], fmt.Errorf("Unsupported action found: ‘s3:DeleteEverything’, please validate your policy document."), false},
+		// Test case - 7.
+		// BucketPolicy statement contains unsupported Effect.
+		{bucketAccesPolicies[6], bucketAccesPolicies[6], fmt.Errorf("Unsupported Effect found: ‘DontAllow’, please validate your policy document."), false},
+		// Test case - 8.
+		// BucketPolicy statement contains unsupported Principal.
+		{bucketAccesPolicies[7], bucketAccesPolicies[7], fmt.Errorf("Unsupported principal style found: ‘User1111’, please validate your policy document."), false},
+		// Test case - 9.
+		// BucketPolicy statement contains unsupported Resource.
+		{bucketAccesPolicies[8], bucketAccesPolicies[8], fmt.Errorf("Unsupported resource style found: ‘my-resource’, please validate your policy document."), false},
+	}
+	for i, testCase := range testCases {
+		inputPolicyBytes, e := json.Marshal(testCase.inputPolicy)
+		if e != nil {
+			t.Fatalf("Test %d: Couldn't Marshal bucket policy", i+1)
+		}
+
+		actualAccessPolicy, err := parseBucketPolicy(inputPolicyBytes)
+		if err != nil && testCase.shouldPass {
+			t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
+		}
+		if err == nil && !testCase.shouldPass {
+			t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
+		}
+		// Failed as expected, but does it fail for the expected reason.
+		if err != nil && !testCase.shouldPass {
+			if err.Error() != testCase.err.Error() {
+				t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
+			}
+		}
+		// Test passes as expected, but the output values are verified for correctness here.
+		if err == nil && testCase.shouldPass {
+			if !reflect.DeepEqual(testCase.expectedPolicy, actualAccessPolicy) {
+				t.Errorf("Test %d: The expected statements from resource statement generator doesn't match the actual statements", i+1)
+			}
+		}
+	}
+}

bucket-policy.go

@@ -0,0 +1,151 @@
+/*
+ * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/minio/minio/pkg/probe"
+)
+
+// getBucketsConfigPath - get buckets path.
+func getBucketsConfigPath() (string, *probe.Error) {
+	configPath, err := getConfigPath()
+	if err != nil {
+		return "", err.Trace()
+	}
+	return filepath.Join(configPath, "buckets"), nil
+}
+
+// createBucketsConfigPath - create buckets directory.
+func createBucketsConfigPath() *probe.Error {
+	bucketsConfigPath, err := getBucketsConfigPath()
+	if err != nil {
+		return err
+	}
+	if e := os.MkdirAll(bucketsConfigPath, 0700); e != nil {
+		return probe.NewError(e)
+	}
+	return nil
+}
+
+// getBucketConfigPath - get bucket config path.
+func getBucketConfigPath(bucket string) (string, *probe.Error) {
+	bucketsConfigPath, err := getBucketsConfigPath()
+	if err != nil {
+		return "", err.Trace()
+	}
+	return filepath.Join(bucketsConfigPath, bucket), nil
+}
+
+// createBucketConfigPath - create bucket config directory.
+func createBucketConfigPath(bucket string) *probe.Error {
+	bucketConfigPath, err := getBucketConfigPath(bucket)
+	if err != nil {
+		return err
+	}
+	if e := os.MkdirAll(bucketConfigPath, 0700); e != nil {
+		return probe.NewError(e)
+	}
+	return nil
+}
+
+// readBucketPolicy - read bucket policy.
+func readBucketPolicy(bucket string) ([]byte, *probe.Error) {
+	// Verify bucket is valid.
+	if !IsValidBucketName(bucket) {
+		return nil, probe.NewError(BucketNameInvalid{Bucket: bucket})
+	}
+
+	bucketConfigPath, err := getBucketConfigPath(bucket)
+	if err != nil {
+		return nil, err.Trace()
+	}
+
+	// Get policy file.
+	bucketPolicyFile := filepath.Join(bucketConfigPath, "access-policy.json")
+	if _, e := os.Stat(bucketPolicyFile); e != nil {
+		if os.IsNotExist(e) {
+			return nil, probe.NewError(BucketPolicyNotFound{Bucket: bucket})
+		}
+		return nil, probe.NewError(e)
+	}
+
+	accessPolicyBytes, e := ioutil.ReadFile(bucketPolicyFile)
+	if e != nil {
+		return nil, probe.NewError(e)
+	}
+	return accessPolicyBytes, nil
+}
+
+// removeBucketPolicy - remove bucket policy.
+func removeBucketPolicy(bucket string) *probe.Error {
+	// Verify bucket is valid.
+	if !IsValidBucketName(bucket) {
+		return probe.NewError(BucketNameInvalid{Bucket: bucket})
+	}
+
+	bucketConfigPath, err := getBucketConfigPath(bucket)
+	if err != nil {
+		return err.Trace(bucket)
+	}
+
+	// Get policy file.
+	bucketPolicyFile := filepath.Join(bucketConfigPath, "access-policy.json")
+	if _, e := os.Stat(bucketPolicyFile); e != nil {
+		if os.IsNotExist(e) {
+			return probe.NewError(BucketPolicyNotFound{Bucket: bucket})
+		}
+		return probe.NewError(e)
+	}
+	return nil
+}
+
+// writeBucketPolicy - save bucket policy.
+func writeBucketPolicy(bucket string, accessPolicyBytes []byte) *probe.Error {
+	// Verify if bucket path legal
+	if !IsValidBucketName(bucket) {
+		return probe.NewError(BucketNameInvalid{Bucket: bucket})
+	}
+
+	// Create bucket config path.
+	if err := createBucketConfigPath(bucket); err != nil {
+		return err.Trace()
+	}
+
+	bucketConfigPath, err := getBucketConfigPath(bucket)
+	if err != nil {
+		return err.Trace()
+	}
+
+	// Get policy file.
+	bucketPolicyFile := filepath.Join(bucketConfigPath, "access-policy.json")
+	if _, e := os.Stat(bucketPolicyFile); e != nil {
+		if !os.IsNotExist(e) {
+			return probe.NewError(e)
+		}
+	}
+
+	// Write bucket policy.
+	if e := ioutil.WriteFile(bucketPolicyFile, accessPolicyBytes, 0600); e != nil {
+		return probe.NewError(e)
+	}
+
+	return nil
+}

build-constants.go

@@ -0,0 +1,28 @@
+/*
+ * Minio Cloud Storage, (C) 2015 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+var (
+	// minioVersion - version time.RFC3339.
+	minioVersion = "DEVELOPMENT.GOGET"
+	// minioReleaseTag - release tag in TAG.%Y-%m-%dT%H-%M-%SZ.
+	minioReleaseTag = "DEVELOPMENT.GOGET"
+	// minioCommitID - latest commit id.
+	minioCommitID = "DEVELOPMENT.GOGET"
+	// minioShortCommitID - first 12 characters from mcCommitID
+	minioShortCommitID = minioCommitID[:12]
+)

buildscripts/build.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+_init() {
+    # Save release LDFLAGS
+    LDFLAGS=$(go run buildscripts/gen-ldflags.go)
+
+    # Extract release tag
+    release_tag=$(echo $LDFLAGS | awk {'print $4'} | cut -f2 -d=)
+
+    # Verify release tag.
+    if [ -z "$release_tag" ]; then
+        echo "Release tag cannot be empty. Please check return value of \`go run buildscripts/gen-ldflags.go\`"
+        exit 1;
+    fi
+
+    # Extract release string.
+    release_str=$(echo $MINIO_RELEASE | tr '[:upper:]' '[:lower:]')
+
+    # Verify release string.
+    if [ -z "$release_str" ]; then
+        echo "Release string cannot be empty. Please set \`MINIO_RELEASE\` env variable."
+        exit 1;
+    fi
+
+    # List of supported architectures
+    SUPPORTED_OSARCH='linux/386 linux/amd64 linux/arm windows/386 windows/amd64 darwin/amd64 freebsd/amd64'
+
+    ## System binaries
+    CP=`which cp`
+    SHASUM=`which shasum`
+    SED=`which sed`
+}
+
+go_build() {
+    local osarch=$1
+    os=$(echo $osarch | cut -f1 -d'/')
+    arch=$(echo $osarch | cut -f2 -d'/')
+    package=$(go list -f '{{.ImportPath}}')
+    echo -n "-->"
+    printf "%15s:%s\n" "${osarch}" "${package}"
+
+    # Release binary name
+    release_bin="$release_str/$os-$arch/$(basename $package).$release_tag"
+    # Release binary downloadable name
+    release_real_bin="$release_str/$os-$arch/$(basename $package)"
+    # Release shasum name
+    release_shasum="$release_str/$os-$arch/$(basename $package).shasum"
+
+    # Go build to build the binary.
+    GOOS=$os GOARCH=$arch go build --ldflags "${LDFLAGS}" -o $release_bin
+
+    # Create copy
+    if [ $os == "windows" ]; then
+        $CP -p $release_bin ${release_real_bin}.exe
+    else
+        $CP -p $release_bin $release_real_bin
+    fi
+
+    # Calculate shasum
+    shasum_str=$(${SHASUM} ${release_bin})
+    echo ${shasum_str} | $SED "s/$release_str\/$os-$arch\///g" > $release_shasum
+}
+
+main() {
+    # Build releases.
+    echo "Executing $release_str builds for OS: ${SUPPORTED_OSARCH}"
+    echo  "Choose an OS Arch from the below"
+    for osarch in ${SUPPORTED_OSARCH}; do
+        echo ${osarch}
+    done
+
+    read -p "If you want to build for all, Just press Enter: " chosen_osarch
+    if [ "$chosen_osarch" = "" ]; then
+        for each_osarch in ${SUPPORTED_OSARCH}; do
+            go_build ${each_osarch}
+        done
+    else
+        go_build ${chosen_osarch}
+    fi
+
+}
+
+# Run main.
+_init && main

buildscripts/checkdeps.sh

@@ -1,143 +1,221 @@
 #!/usr/bin/env bash
 #
+# Minio Cloud Storage, (C) 2015 Minio, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 
 _init() {
 
-	shopt -s extglob
+    shopt -s extglob
 
-	## Minimum required versions for build dependencies
-	GIT_VERSION="1.0"
-	GO_VERSION="1.16"
-	OSX_VERSION="10.8"
-	KNAME=$(uname -s)
-	ARCH=$(uname -m)
-	case "${KNAME}" in
-	SunOS)
-		ARCH=$(isainfo -k)
-		;;
-	esac
+    ## Minimum required versions for build dependencies
+    GIT_VERSION="1.0"
+    GO_VERSION="1.6"
+    OSX_VERSION="10.8"
+    UNAME=$(uname -sm)
+
+    ## Check all dependencies are present
+    MISSING=""
 }
 
-## FIXME:
-## In OSX, 'readlink -f' option does not exist, hence
-## we have our own readlink -f behavior here.
-## Once OSX has the option, below function is good enough.
-##
-## readlink() {
-##     return /bin/readlink -f "$1"
-## }
-##
 readlink() {
-	TARGET_FILE=$1
+    TARGET_FILE=$1
 
-	cd $(dirname $TARGET_FILE)
-	TARGET_FILE=$(basename $TARGET_FILE)
+    cd `dirname $TARGET_FILE`
+    TARGET_FILE=`basename $TARGET_FILE`
 
-	# Iterate down a (possible) chain of symlinks
-	while [ -L "$TARGET_FILE" ]; do
-		TARGET_FILE=$(env readlink $TARGET_FILE)
-		cd $(dirname $TARGET_FILE)
-		TARGET_FILE=$(basename $TARGET_FILE)
-	done
+    # Iterate down a (possible) chain of symlinks
+    while [ -L "$TARGET_FILE" ]
+    do
+        TARGET_FILE=$(env readlink $TARGET_FILE)
+        cd `dirname $TARGET_FILE`
+        TARGET_FILE=`basename $TARGET_FILE`
+    done
 
-	# Compute the canonicalized name by finding the physical path
-	# for the directory we're in and appending the target file.
-	PHYS_DIR=$(pwd -P)
-	RESULT=$PHYS_DIR/$TARGET_FILE
-	echo $RESULT
+    # Compute the canonicalized name by finding the physical path
+    # for the directory we're in and appending the target file.
+    PHYS_DIR=`pwd -P`
+    RESULT=$PHYS_DIR/$TARGET_FILE
+    echo $RESULT
 }
 
-## FIXME:
-## In OSX, 'sort -V' option does not exist, hence
-## we have our own version compare function.
-## Once OSX has the option, below function is good enough.
-##
-## check_minimum_version() {
-##     versions=($(echo -e "$1\n$2" | sort -V))
-##     return [ "$1" == "${versions[0]}" ]
-## }
-##
-check_minimum_version() {
-	IFS='.' read -r -a varray1 <<<"$1"
-	IFS='.' read -r -a varray2 <<<"$2"
+###
+#
+# Takes two arguments
+# arg1: version number in `x.x.x` format
+# arg2: version number in `x.x.x` format
+#
+# example: check_version "$version1" "$version2"
+#
+# returns:
+# 0 - Installed version is equal to required
+# 1 - Installed version is greater than required
+# 2 - Installed version is lesser than required
+# 3 - If args have length zero
+#
+####
+check_version() {
+    ## validate args
+    [[ -z "$1" ]] && return 3
+    [[ -z "$2" ]] && return 3
 
-	for i in "${!varray1[@]}"; do
-		if [[ ${varray1[i]} -lt ${varray2[i]} ]]; then
-			return 0
-		elif [[ ${varray1[i]} -gt ${varray2[i]} ]]; then
-			return 1
-		fi
-	done
+    if [[ $1 == $2 ]]; then
+        return 0
+    fi
 
-	return 0
+    local IFS=.
+    local i ver1=($1) ver2=($2)
+    # fill empty fields in ver1 with zeros
+    for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)); do
+        ver1[i]=0
+    done
+    for ((i=0; i<${#ver1[@]}; i++)); do
+        if [[ -z ${ver2[i]} ]]; then
+            # fill empty fields in ver2 with zeros
+            ver2[i]=0
+        fi
+        if ((10#${ver1[i]} > 10#${ver2[i]})); then
+
+            return 1
+        fi
+        if ((10#${ver1[i]} < 10#${ver2[i]})); then
+            ## Installed version is lesser than required - Bad condition
+            return 2
+        fi
+    done
+    return 0
 }
 
-assert_is_supported_arch() {
-	case "${ARCH}" in
-	x86_64 | amd64 | aarch64 | ppc64le | arm* | s390x | loong64 | loongarch64 | riscv64)
-		return
-		;;
-	*)
-		echo "Arch '${ARCH}' is not supported. Supported Arch: [x86_64, amd64, aarch64, ppc64le, arm*, s390x, loong64, loongarch64, riscv64]"
-		exit 1
-		;;
-	esac
+check_golang_env() {
+    echo ${GOROOT:?} 2>&1 >/dev/null
+    if [ $? -eq 1 ]; then
+        echo "ERROR"
+        echo "GOROOT environment variable missing, please refer to Go installation document"
+        echo "https://github.com/minio/minio/blob/master/INSTALLGO.md#install-go-13"
+        exit 1
+    fi
+
+    echo ${GOPATH:?} 2>&1 >/dev/null
+    if [ $? -eq 1 ]; then
+        echo "ERROR"
+        echo "GOPATH environment variable missing, please refer to Go installation document"
+        echo "https://github.com/minio/minio/blob/master/INSTALLGO.md#install-go-13"
+        exit 1
+    fi
+
+    local go_binary_path=$(which go)
+
+    if [ -z "${go_binary_path}" ] ; then
+        echo "Cannot find go binary in your PATH configuration, please refer to Go installation document"
+        echo "https://github.com/minio/minio/blob/master/INSTALLGO.md#install-go-13"
+        exit -1
+    fi
+
+    local new_go_binary_path=${go_binary_path}
+    if [ -h "${go_binary_path}" ]; then
+        new_go_binary_path=$(readlink ${go_binary_path})
+    fi
+
+    if [[ !"$(dirname ${new_go_binary_path})" =~ *"${GOROOT%%*(/)}"* ]] ; then
+        echo "The go binary found in your PATH configuration does not belong to the Go installation pointed by your GOROOT environment," \
+            "please refer to Go installation document"
+        echo "https://github.com/minio/minio/blob/master/INSTALLGO.md#install-go-13"
+        exit -1
+    fi
 }
 
-assert_is_supported_os() {
-	case "${KNAME}" in
-	Linux | FreeBSD | OpenBSD | NetBSD | DragonFly | SunOS)
-		return
-		;;
-	Darwin)
-		osx_host_version=$(env sw_vers -productVersion)
-		if ! check_minimum_version "${OSX_VERSION}" "${osx_host_version}"; then
-			echo "OSX version '${osx_host_version}' is not supported. Minimum supported version: ${OSX_VERSION}"
-			exit 1
-		fi
-		return
-		;;
-	*)
-		echo "OS '${KNAME}' is not supported. Supported OS: [Linux, FreeBSD, OpenBSD, NetBSD, Darwin, DragonFly]"
-		exit 1
-		;;
-	esac
+is_supported_os() {
+    case ${UNAME%% *} in
+        "Linux")
+            os="linux"
+            ;;
+        "FreeBSD")
+            os="freebsd"
+            ;;
+        "Darwin")
+            osx_host_version=$(env sw_vers -productVersion)
+            check_version "${osx_host_version}" "${OSX_VERSION}"
+            [[ $? -ge 2 ]] && die "Minimum OSX version supported is ${OSX_VERSION}"
+            ;;
+        "*")
+            echo "Exiting.. unsupported operating system found"
+            exit 1;
+    esac
 }
 
-assert_check_golang_env() {
-	if ! which go >/dev/null 2>&1; then
-		echo "Cannot find go binary in your PATH configuration, please refer to Go installation document at https://golang.org/doc/install"
-		exit 1
-	fi
-
-	installed_go_version=$(go version | sed 's/^.* go\([0-9.]*\).*$/\1/')
-	if ! check_minimum_version "${GO_VERSION}" "${installed_go_version}"; then
-		echo "Go runtime version '${installed_go_version}' is unsupported. Minimum supported version: ${GO_VERSION} to compile."
-		exit 1
-	fi
+is_supported_arch() {
+    local supported
+    case ${UNAME##* } in
+        "x86_64" | "amd64")
+            supported=1
+            ;;
+        "arm"*)
+            supported=1
+            ;;
+        *)
+            supported=0
+            ;;
+    esac
+    if [ $supported -eq 0 ]; then
+        echo "Invalid arch: ${UNAME} not supported, please use x86_64/amd64"
+        exit 1;
+    fi
 }
 
-assert_check_deps() {
-	# support unusual Git versions such as: 2.7.4 (Apple Git-66)
-	installed_git_version=$(git version | perl -ne '$_ =~ m/git version (.*?)( |$)/; print "$1\n";')
-	if ! check_minimum_version "${GIT_VERSION}" "${installed_git_version}"; then
-		echo "Git version '${installed_git_version}' is not supported. Minimum supported version: ${GIT_VERSION}"
-		exit 1
-	fi
+check_deps() {
+    check_version "$(env go version 2>/dev/null | sed 's/^.* go\([0-9.]*\).*$/\1/')" "${GO_VERSION}"
+    if [ $? -ge 2 ]; then
+        MISSING="${MISSING} golang(${GO_VERSION})"
+    fi
+
+    check_version "$(env git --version 2>/dev/null | sed -e 's/^.* \([0-9.\].*\).*$/\1/' -e 's/^\([0-9.\]*\).*/\1/g')" "${GIT_VERSION}"
+    if [ $? -ge 2 ]; then
+        MISSING="${MISSING} git"
+    fi
 }
 
 main() {
-	## Check for supported arch
-	assert_is_supported_arch
+    echo -n "Check for supported arch.. "
+    is_supported_arch
 
-	## Check for supported os
-	assert_is_supported_os
+    echo -n "Check for supported os.. "
+    is_supported_os
 
-	## Check for Go environment
-	assert_check_golang_env
+    echo -n "Checking if proper environment variables are set.. "
+    check_golang_env
 
-	## Check for dependencies
-	assert_check_deps
+    echo "Done"
+    echo "Using GOPATH=${GOPATH} and GOROOT=${GOROOT}"
+
+    echo -n "Checking dependencies for Minio.. "
+    check_deps
+
+    ## If dependencies are missing, warn the user and abort
+    if [ "x${MISSING}" != "x" ]; then
+        echo "ERROR"
+        echo
+        echo "The following build tools are missing:"
+        echo
+        echo "** ${MISSING} **"
+        echo
+        echo "Please install them "
+        echo "${MISSING}"
+        echo
+        echo "Follow https://github.com/minio/minio/blob/master/INSTALLGO.md for further instructions"
+        exit 1
+    fi
+    echo "Done"
 }
 
 _init && main "$@"

buildscripts/checkgopath.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+#
+# Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+_init() {
+
+    shopt -s extglob
+
+    PWD=$(pwd -P)
+    GOPATH=$(cd "$(go env GOPATH)" ; env pwd -P)
+}
+
+main() {
+    echo "Checking if project is at ${GOPATH}"
+    for minio in $(echo ${GOPATH} | tr ':' ' '); do
+        if [ ! -d ${minio}/src/github.com/minio/minio ]; then
+            echo "Project not found in ${minio}, please follow instructions provided at https://github.com/minio/minio/blob/master/CONTRIBUTING.md#setup-your-minio-github-repository" \
+                && exit 1
+        fi
+        if [ "x${minio}/src/github.com/minio/minio" != "x${PWD}" ]; then
+            echo "Build outside of ${minio}, two source checkouts found. Exiting." && exit 1
+        fi
+    done
+}
+
+_init && main
+