diff -Nru cryptsetup-2.5.0/autogen.sh cryptsetup-2.6.1/autogen.sh --- cryptsetup-2.5.0/autogen.sh 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/autogen.sh 2023-02-09 16:12:17.000000000 +0000 @@ -74,7 +74,7 @@ libtoolize --force --copy aclocal -I m4 $AL_OPTS autoheader $AH_OPTS -automake --add-missing --copy --gnu $AM_OPTS +automake --force-missing --add-missing --copy --gnu $AM_OPTS autoconf $AC_OPTS echo diff -Nru cryptsetup-2.5.0/configure.ac cryptsetup-2.6.1/configure.ac --- cryptsetup-2.5.0/configure.ac 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/configure.ac 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ AC_PREREQ([2.67]) -AC_INIT([cryptsetup],[2.5.0]) +AC_INIT([cryptsetup],[2.6.1]) dnl library version from ..[-] LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) -LIBCRYPTSETUP_VERSION_INFO=20:0:8 +LIBCRYPTSETUP_VERSION_INFO=21:0:9 AM_SILENT_RULES([yes]) AC_CONFIG_SRCDIR(src/cryptsetup.c) @@ -28,6 +28,7 @@ AC_PROG_CC AM_PROG_CC_C_O AC_PROG_CPP +AC_PROG_CXX AC_PROG_INSTALL AC_PROG_MAKE_SET AC_PROG_MKDIR_P @@ -150,6 +151,7 @@ AC_SUBST(DL_LIBS, $LIBS) LIBS=$saved_LIBS fi +AM_CONDITIONAL(EXTERNAL_TOKENS, test "x$enable_external_tokens" = "xyes") AC_ARG_ENABLE([ssh-token], AS_HELP_STRING([--disable-ssh-token], [disable LUKS2 ssh-token]), @@ -214,6 +216,17 @@ fi dnl ========================================================================== +dnl fuzzers, it requires own static library compilation later +AC_ARG_ENABLE([fuzz-targets], + AS_HELP_STRING([--enable-fuzz-targets], [enable building fuzz targets])) +AM_CONDITIONAL(ENABLE_FUZZ_TARGETS, test "x$enable_fuzz_targets" = "xyes") + +if test "x$enable_fuzz_targets" = "xyes"; then + AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link],, + AC_MSG_ERROR([Required compiler options not supported; use clang.]), [-Werror]) +fi + +dnl ========================================================================== dnl passwdqc library (cryptsetup CLI only) AC_ARG_ENABLE([passwdqc], AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@], @@ -617,6 +630,22 @@ AC_SUBST([LIBCRYPTSETUP_VERSION]) AC_SUBST([LIBCRYPTSETUP_VERSION_INFO]) +dnl Set Requires.private for libcryptsetup.pc +dnl pwquality is used only by tools +PKGMODULES="uuid devmapper json-c" +case $with_crypto_backend in + gcrypt) PKGMODULES+=" libgcrypt" ;; + openssl) PKGMODULES+=" openssl" ;; + nss) PKGMODULES+=" nss" ;; + nettle) PKGMODULES+=" nettle" ;; +esac +if test "x$enable_libargon2" = "xyes"; then + PKGMODULES+=" libargon2" +fi +if test "x$enable_blkid" = "xyes"; then + PKGMODULES+=" blkid" +fi +AC_SUBST([PKGMODULES]) dnl ========================================================================== AC_ARG_ENABLE([dev-random], AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)])) @@ -739,5 +768,6 @@ po/Makefile.in scripts/cryptsetup.conf tests/Makefile +tests/fuzz/Makefile ]) AC_OUTPUT diff -Nru cryptsetup-2.5.0/debian/changelog cryptsetup-2.6.1/debian/changelog --- cryptsetup-2.5.0/debian/changelog 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/changelog 2023-02-13 02:57:18.000000000 +0000 @@ -1,3 +1,83 @@ +cryptsetup (2:2.6.1-1ubuntu1) lunar; urgency=low + + * Merge with Debian unstable (LP: #2004423). Remaining changes: + - debian/control: + + Recommend plymouth. + + Depend on busybox-initramfs instead of busybox | busybox-static. + + Move cryptsetup-initramfs back to cryptsetup's Recommends. + + Do not build cryptsetup-suspend binary package on i386. + - Fix cryptroot-unlock for busybox compatibility. + - Fix warning and error when running on ZFS on root + - d/functions: Return an empty devno for ZFS devices as they don't have + major:minor device numbers. + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message + when devices don't have a devno. + - debian/patches/decrease_memlock_ulimit.patch + Fixed FTBFS due to a restricted build environment + - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) + + debian/tests/utils/mock.pm: return from consume() function if select() + times out or fails + + debian/tests/utils/cryptroot-common: fix apt source and kernel package + names for Ubuntu + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu + cryptroot-sysvinit package test + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add + workaround for LP1831747 by adding a e2fsprogs dependency + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and + allow blowfish test use 64Mb of provisioned space (drop --size) + + debian/tests/control: disable cryptdisks test + + -- Vladimir Petko Mon, 13 Feb 2023 15:57:18 +1300 + +cryptsetup (2:2.6.1-1) unstable; urgency=medium + + * New upstream bugfix release. + * d/README.Debian: Explicitly set cswap1's device type to 'plain'. + (Closes: #1025136) + * d/control: Update standards version to 4.6.2, no changes needed. + * d/clean: Add some gitignore(5)'d files. (Closes: #1026838) + * cryptgnupg-sc hook: Look terminfo file in /usr/share/terminfo in adition + to /lib/terminfo, see #1028202. (Closes: 1028234) + * d/copyright: Bump copyright years. + + -- Guilhem Moulin Fri, 10 Feb 2023 00:50:42 +0100 + +cryptsetup (2:2.6.0-2) unstable; urgency=low + + * libcryptsetup-dev: Add 'Depends: libargon2-dev, libblkid-dev, + libdevmapper-dev, libjson-c-dev, libssl-dev, uuid-dev' to account for + libcryptsetup.pc's Requires.private. Closes: #1025054. + + -- Guilhem Moulin Tue, 29 Nov 2022 15:42:25 +0100 + +cryptsetup (2:2.6.0-1) unstable; urgency=low + + * New upstream release 2.6.0. + + -- Guilhem Moulin Tue, 29 Nov 2022 01:20:38 +0100 + +cryptsetup (2:2.6.0~rc0-1) experimental; urgency=medium + + * New upstream release candidate 2.6.0, introducing support for handling + macOS FileVault2 devices (FVAULT2). The new version of FileVault based on + the APFS filesystem used in recent macOS versions is currently not + supported: only the (legacy) FileVault2 format based on Core Storage and + HFS+ filesystem (introduced in MacOS X 10.7 Lion) is supported. Moreover + header formatting and changes are not supported; cryptsetup never changes + the metadata on the device. + Closes: #923513. + * Update d/copyright for 2:2.6.0~rc0-1. + * Ship cryptsetup-fvault2Dump(8) and cryptsetup-fvault2Open(8) to + cryptsetup-bin binary package. + * Update d/libcryptsetup12.symbols for 2:2.6.0~rc0-1. + * Add 'fvault2' flag to crypttab(5) to force detection of Apple's FileVault2 + volumes. + * d/rules: Add new target execute_before_dh_auto_test so blhc ignores + compilations of tests/*.c. + * d/u/metadata: Set 'Security-Contact' upstream metadata field. + + -- Guilhem Moulin Sat, 19 Nov 2022 17:30:40 +0100 + cryptsetup (2:2.5.0-6ubuntu3) lunar; urgency=medium * Fix cryptroot-lvm autopkgtest on Ubuntu. (LP: #1983522) @@ -5347,4 +5427,3 @@ * "integrated LUKS" support (very messy hack) -- Michael Gebetsroither Thu, 10 Feb 2005 18:16:21 +0100 - diff -Nru cryptsetup-2.5.0/debian/clean cryptsetup-2.6.1/debian/clean --- cryptsetup-2.5.0/debian/clean 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/clean 2023-02-10 04:43:25.000000000 +0000 @@ -3,3 +3,8 @@ debian/doc/variables.xml debian/scripts/passdev debian/scripts/suspend/cryptsetup-suspend +# `make clean` doesn't remove all gitignore(5)'d files, instead +# .gitlab/ci/debian.yml runs `git clean -xdf` +man/*.8 +po/*.gmo +po/stamp-po diff -Nru cryptsetup-2.5.0/debian/control cryptsetup-2.6.1/debian/control --- cryptsetup-2.5.0/debian/control 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/control 2023-02-10 04:43:25.000000000 +0000 @@ -32,7 +32,7 @@ uuid-dev, xsltproc , xxd -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Homepage: https://gitlab.com/cryptsetup/cryptsetup Vcs-Browser: https://salsa.debian.org/cryptsetup-team/cryptsetup Vcs-Git: https://salsa.debian.org/cryptsetup-team/cryptsetup.git -b debian/latest @@ -161,7 +161,16 @@ Section: libdevel Architecture: linux-any Multi-Arch: same -Depends: libcryptsetup12 (= ${binary:Version}), ${misc:Depends} +# XXX [#1025065] ideal we would have "Depends: libcryptsetup12 +# (= ${binary:Version}), ${misc:Depends}, ${pkgconf:Depends}" +Depends: libargon2-dev, + libblkid-dev, + libcryptsetup12 (= ${binary:Version}), + libdevmapper-dev, + libjson-c-dev, + libssl-dev, + uuid-dev, + ${misc:Depends} Description: disk encryption support - development files Cryptsetup provides an interface for configuring encryption on block devices (such as /home or swap partitions), using the Linux kernel diff -Nru cryptsetup-2.5.0/debian/copyright cryptsetup-2.6.1/debian/copyright --- cryptsetup-2.5.0/debian/copyright 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/copyright 2023-02-10 04:43:25.000000000 +0000 @@ -6,8 +6,8 @@ Files: * Copyright: © 2004 Christophe Saout © 2004-2008 Clemens Fruhwirth - © 2008-2022 Red Hat, Inc. - © 2008-2022 Milan Broz + © 2008-2023 Red Hat, Inc. + © 2008-2023 Milan Broz License: GPL-2+ with OpenSSL exception Files: debian/* @@ -15,7 +15,7 @@ © 2005-2006 Michael Gebetsroither © 2006-2008 David Härdeman © 2005-2015 Jonas Meurer - © 2016-2022 Guilhem Moulin + © 2016-2023 Guilhem Moulin License: GPL-2+ Files: debian/scripts/suspend/cryptsetup-suspend.c @@ -61,47 +61,56 @@ License: GPL-3+ Files: docs/examples/* tests/all-symbols-test.c -Copyright: © 2011-2022 Red Hat, Inc. +Copyright: © 2011-2023 Red Hat, Inc. License: LGPL-2.1+ Files: lib/bitlk/* -Copyright: © 2019-2022 Red Hat, Inc. - © 2019-2022 Milan Broz - © 2019-2022 Vojtech Trefny +Copyright: © 2019-2023 Red Hat, Inc. + © 2019-2023 Milan Broz + © 2019-2023 Vojtech Trefny License: LGPL-2.1+ Files: tokens/ssh/* -Copyright: © 2016-2022 Milan Broz - © 2020-2022 Vojtech Trefny +Copyright: © 2016-2023 Milan Broz + © 2020-2023 Vojtech Trefny License: LGPL-2.1+ Files: tokens/ssh/cryptsetup-ssh.c -Copyright: © 2016-2022 Milan Broz - © 2021-2022 Vojtech Trefny +Copyright: © 2016-2023 Milan Broz + © 2021-2023 Vojtech Trefny License: GPL-2+ Files: lib/crypto_backend/* lib/integrity/* lib/loopaes/* lib/tcrypt/* lib/verity/* -Copyright: © 2009-2022 Red Hat, Inc. - © 2010-2022 Milan Broz +Copyright: © 2009-2023 Red Hat, Inc. + © 2010-2023 Milan Broz License: LGPL-2.1+ Files: lib/crypto_backend/base64.c Copyright: © 2010 Lennart Poettering - © 2021-2022 Milan Broz + © 2021-2023 Milan Broz License: LGPL-2.1+ Files: lib/crypto_backend/utf8.c Copyright: © 2010 Lennart Poettering - © 2021-2022 Vojtech Trefny + © 2021-2023 Vojtech Trefny © 1999 Tom Tromey © 2000 Red Hat, Inc. License: GPL-2+ Files: lib/crypto_backend/crypto_openssl.c -Copyright: © 2009-2022 Red Hat, Inc. - © 2010-2022 Milan Broz +Copyright: © 2009-2023 Red Hat, Inc. + © 2010-2023 Milan Broz License: LGPL-2.1+ with OpenSSL exception +Files: lib/fvault2/fvault2.c lib/fvault2/fvault2.h +Copyright: © 2021-2022 Pavel Tobias +License: LGPL-2.1+ with OpenSSL exception + +Files: lib/keyslot_context.c lib/keyslot_context.h +Copyright: © 2022-2023 Red Hat, Inc. + © 2022-2023 Ondrej Kozina +License: GPL-2+ + Files: lib/crypto_backend/argon2/* Copyright: © 2015 Daniel Dinu © 2015 Dmitry Khovratovich diff -Nru cryptsetup-2.5.0/debian/cryptsetup-bin.manpages cryptsetup-2.6.1/debian/cryptsetup-bin.manpages --- cryptsetup-2.5.0/debian/cryptsetup-bin.manpages 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/cryptsetup-bin.manpages 2023-02-10 04:43:25.000000000 +0000 @@ -11,6 +11,8 @@ usr/share/man/man8/cryptsetup-convert.8 usr/share/man/man8/cryptsetup-create.8 usr/share/man/man8/cryptsetup-erase.8 +usr/share/man/man8/cryptsetup-fvault2Dump.8 +usr/share/man/man8/cryptsetup-fvault2Open.8 usr/share/man/man8/cryptsetup-isLuks.8 usr/share/man/man8/cryptsetup-loopaesOpen.8 usr/share/man/man8/cryptsetup-luksAddKey.8 diff -Nru cryptsetup-2.5.0/debian/doc/crypttab.xml cryptsetup-2.6.1/debian/doc/crypttab.xml --- cryptsetup-2.5.0/debian/doc/crypttab.xml 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/doc/crypttab.xml 2023-02-10 04:43:26.000000000 +0000 @@ -81,8 +81,9 @@ The fourth field, options, is an optional comma-separated list of options and/or flags describing the device type (luks, - tcrypt, bitlk, or plain - which is also the default) and cryptsetup options associated with the encryption process. + tcrypt, bitlk, fvault2, + or plain which is also the default) and cryptsetup options + associated with the encryption process. The supported options are described below. For plain dm-crypt devices the cipher, hash and size options are required. @@ -296,6 +297,19 @@ + + + fvault2 + + + Force Apple's FileVault2 mode. + Only the (legacy) FileVault2 format based on Core Storage and HFS+ + filesystem (introduced in MacOS X 10.7 Lion) is currently supported; + the new version of FileVault based on the APFS filesystem used in + recent macOS versions is not supported. + + + tcrypt diff -Nru cryptsetup-2.5.0/debian/functions cryptsetup-2.6.1/debian/functions --- cryptsetup-2.5.0/debian/functions 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/functions 2023-02-10 04:43:25.000000000 +0000 @@ -68,6 +68,7 @@ CRYPTTAB_OPTION_tcrypt \ CRYPTTAB_OPTION_veracrypt \ CRYPTTAB_OPTION_bitlk \ + CRYPTTAB_OPTION_fvault2 \ CRYPTTAB_OPTION_swap \ CRYPTTAB_OPTION_tmp \ CRYPTTAB_OPTION_check \ @@ -241,6 +242,7 @@ veracrypt) ;; tcrypthidden) ;; bitlk) ;; + fvault2) ;; same-cpu-crypt) ;; submit-from-crypt-cpus) ;; no-read-workqueue) ;; @@ -311,6 +313,8 @@ t="plain" elif [ "${CRYPTTAB_OPTION_bitlk-}" = "yes" ]; then t="bitlk" + elif [ "${CRYPTTAB_OPTION_fvault2-}" = "yes" ]; then + t="fvault2" elif [ -n "${CRYPTTAB_OPTION_header+x}" ]; then # detached headers are only supported for LUKS devices if [ -e "$CRYPTTAB_OPTION_header" ] && /sbin/cryptsetup isLuks -- "$CRYPTTAB_OPTION_header"; then diff -Nru cryptsetup-2.5.0/debian/initramfs/hooks/cryptgnupg-sc cryptsetup-2.6.1/debian/initramfs/hooks/cryptgnupg-sc --- cryptsetup-2.5.0/debian/initramfs/hooks/cryptgnupg-sc 2020-11-09 20:20:13.000000000 +0000 +++ cryptsetup-2.6.1/debian/initramfs/hooks/cryptgnupg-sc 2023-02-10 04:43:26.000000000 +0000 @@ -72,6 +72,16 @@ copy_exec "$pinentry" ln -s "$pinentry" "$DESTDIR/usr/bin/pinentry" fi -[ -f "$DESTDIR/lib/terminfo/l/linux" ] || copy_file terminfo /lib/terminfo/l/linux || RV=$? + +# #1028202: ncurses-base: move terminfo files from /lib/terminfo to +# /usr/share/terminfo +for d in "/usr/share/terminfo" "/lib/terminfo"; do + if [ -f "$d/l/linux" ]; then + if [ ! -f "$DESTDIR$d/l/linux" ]; then + copy_file terminfo "$d/l/linux" || RV=$? + fi + break + fi +done exit $RV diff -Nru cryptsetup-2.5.0/debian/libcryptsetup12.symbols cryptsetup-2.6.1/debian/libcryptsetup12.symbols --- cryptsetup-2.5.0/debian/libcryptsetup12.symbols 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/libcryptsetup12.symbols 2023-02-10 04:43:25.000000000 +0000 @@ -3,6 +3,7 @@ CRYPTSETUP_2.0@CRYPTSETUP_2.0 2:2.0 CRYPTSETUP_2.4@CRYPTSETUP_2.4 2:2.4 CRYPTSETUP_2.5@CRYPTSETUP_2.5 2:2.5 + CRYPTSETUP_2.6@CRYPTSETUP_2.6 2:2.6 crypt_activate_by_keyfile@CRYPTSETUP_2.0 2:1.4 crypt_activate_by_keyfile_offset@CRYPTSETUP_2.0 2:1.4.3 crypt_activate_by_keyring@CRYPTSETUP_2.0 2:2.0 @@ -59,10 +60,19 @@ crypt_keyslot_add_by_key@CRYPTSETUP_2.0 2:2.0 crypt_keyslot_add_by_keyfile@CRYPTSETUP_2.0 2:1.4 crypt_keyslot_add_by_keyfile_offset@CRYPTSETUP_2.0 2:1.4.3 + crypt_keyslot_add_by_keyslot_context@CRYPTSETUP_2.6 2:2.6 crypt_keyslot_add_by_passphrase@CRYPTSETUP_2.0 2:1.4 crypt_keyslot_add_by_volume_key@CRYPTSETUP_2.0 2:1.4 crypt_keyslot_area@CRYPTSETUP_2.0 2:1.6 crypt_keyslot_change_by_passphrase@CRYPTSETUP_2.0 2:1.6 + crypt_keyslot_context_free@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_get_error@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_get_type@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_init_by_keyfile@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_init_by_passphrase@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_init_by_token@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_init_by_volume_key@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_set_pin@CRYPTSETUP_2.6 2:2.6 crypt_keyslot_destroy@CRYPTSETUP_2.0 2:1.4 crypt_keyslot_get_encryption@CRYPTSETUP_2.0 2:2.1 crypt_keyslot_get_key_size@CRYPTSETUP_2.0 2:2.0.3 @@ -123,6 +133,7 @@ crypt_token_status@CRYPTSETUP_2.0 2:2.0 crypt_token_unassign_keyslot@CRYPTSETUP_2.0 2:2.0 crypt_volume_key_get@CRYPTSETUP_2.0 2:1.4 + crypt_volume_key_get_by_keyslot_context@CRYPTSETUP_2.6 2:2.6 crypt_volume_key_keyring@CRYPTSETUP_2.0 2:2.0 crypt_volume_key_verify@CRYPTSETUP_2.0 2:1.4 crypt_wipe@CRYPTSETUP_2.0 2:2.0 diff -Nru cryptsetup-2.5.0/debian/patches/decrease_memlock_ulimit.patch cryptsetup-2.6.1/debian/patches/decrease_memlock_ulimit.patch --- cryptsetup-2.5.0/debian/patches/decrease_memlock_ulimit.patch 2021-12-01 02:11:55.000000000 +0000 +++ cryptsetup-2.6.1/debian/patches/decrease_memlock_ulimit.patch 2023-02-13 02:57:18.000000000 +0000 @@ -8,13 +8,11 @@ Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473 Last-Update: 2020-09-09 -Index: cryptsetup-2.3.3/tests/compat-test -=================================================================== ---- cryptsetup-2.3.3.orig/tests/compat-test -+++ cryptsetup-2.3.3/tests/compat-test -@@ -45,6 +45,10 @@ TEST_UUID="12345678-1234-1234-1234-12345 +--- a/tests/compat-test ++++ b/tests/compat-test +@@ -47,6 +47,10 @@ LOOPDEV=$(losetup -f 2>/dev/null) - [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) + FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) +# Circumvent test failure due to Bionic builder; we need to decrease +# the memlock limit here to mimic Xenial builder (see LP #1891473). @@ -23,11 +21,9 @@ function remove_mapping() { [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1 -Index: cryptsetup-2.3.3/tests/luks2-validation-test -=================================================================== ---- cryptsetup-2.3.3.orig/tests/luks2-validation-test -+++ cryptsetup-2.3.3/tests/luks2-validation-test -@@ -21,6 +21,10 @@ FAILS=0 +--- a/tests/luks2-validation-test ++++ b/tests/luks2-validation-test +@@ -21,6 +21,10 @@ [ -z "$srcdir" ] && srcdir="." @@ -38,11 +34,9 @@ function remove_mapping() { rm -rf $IMG $TST_IMGS >/dev/null 2>&1 -Index: cryptsetup-2.3.3/tests/tcrypt-compat-test -=================================================================== ---- cryptsetup-2.3.3.orig/tests/tcrypt-compat-test -+++ cryptsetup-2.3.3/tests/tcrypt-compat-test -@@ -13,6 +13,10 @@ PIM=1234 +--- a/tests/tcrypt-compat-test ++++ b/tests/tcrypt-compat-test +@@ -16,6 +16,10 @@ [ -z "$srcdir" ] && srcdir="." diff -Nru cryptsetup-2.5.0/debian/README.Debian cryptsetup-2.6.1/debian/README.Debian --- cryptsetup-2.5.0/debian/README.Debian 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/README.Debian 2023-02-10 04:43:25.000000000 +0000 @@ -63,7 +63,7 @@ sure to place the source device (here `/dev/sde9`) with your swap devices: # - cswap1 /dev/sde9 /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=sha1 + cswap1 /dev/sde9 /dev/urandom plain,cipher=aes-xts-plain64,size=256,swap Now you need to change the swap devices in `/etc/fstab` to the encrypted swap device names (`/dev/mapper/cswap1` in this example). diff -Nru cryptsetup-2.5.0/debian/rules cryptsetup-2.6.1/debian/rules --- cryptsetup-2.5.0/debian/rules 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/rules 2023-02-10 04:43:25.000000000 +0000 @@ -55,6 +55,10 @@ # generate gettext po files (for luksformat) $(MAKE) -C debian/scripts/po all luksformat.pot +execute_before_dh_auto_test: + # tests/fake_token_path.so is built without global $(CFLAGS) + @echo "blhc: ignore-line-regexp: gcc\\s.*\\s\\.\\./tests/[0-9A-Za-z_-]+\\.c\\s.*" + execute_after_dh_auto_install: # install gettext po files (for luksformat) $(MAKE) -C debian/scripts/po DESTDIR=$(CURDIR)/debian/cryptsetup-bin install diff -Nru cryptsetup-2.5.0/debian/upstream/metadata cryptsetup-2.6.1/debian/upstream/metadata --- cryptsetup-2.5.0/debian/upstream/metadata 2022-12-02 02:53:42.000000000 +0000 +++ cryptsetup-2.6.1/debian/upstream/metadata 2023-02-10 04:43:26.000000000 +0000 @@ -1,5 +1,6 @@ -Bug-Database: https://gitlab.com/cryptsetup/cryptsetup/issues -Bug-Submit: https://gitlab.com/cryptsetup/cryptsetup/issues/new +Bug-Database: https://gitlab.com/cryptsetup/cryptsetup/-/issues +Bug-Submit: https://gitlab.com/cryptsetup/cryptsetup/-/issues/new Repository: https://gitlab.com/cryptsetup/cryptsetup.git Repository-Browse: https://gitlab.com/cryptsetup/cryptsetup FAQ: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions +Security-Contact: https://gitlab.com/cryptsetup/cryptsetup/-/blob/HEAD/SECURITY.md diff -Nru cryptsetup-2.5.0/docs/examples/crypt_log_usage.c cryptsetup-2.6.1/docs/examples/crypt_log_usage.c --- cryptsetup-2.5.0/docs/examples/crypt_log_usage.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/docs/examples/crypt_log_usage.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * libcryptsetup API log example * - * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/docs/examples/crypt_luks_usage.c cryptsetup-2.6.1/docs/examples/crypt_luks_usage.c --- cryptsetup-2.5.0/docs/examples/crypt_luks_usage.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/docs/examples/crypt_luks_usage.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * libcryptsetup API - using LUKS device example * - * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/docs/v2.6.0-ReleaseNotes cryptsetup-2.6.1/docs/v2.6.0-ReleaseNotes --- cryptsetup-2.5.0/docs/v2.6.0-ReleaseNotes 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/docs/v2.6.0-ReleaseNotes 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,236 @@ +Cryptsetup 2.6.0 Release Notes +============================== +Stable release with new features and bug fixes. + +Changes since version 2.5.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Introduce support for handling macOS FileVault2 devices (FVAULT2). + + Cryptsetup now supports the mapping of FileVault2 full-disk encryption + by Apple for the macOS operating system using a native Linux kernel. + You can open an existing USB FileVault portable device and (with + the hfsplus filesystem driver) access the native data read/write. + + Cryptsetup supports only (legacy) FileVault2 based on Core Storage + and HFS+ filesystem (introduced in MacOS X 10.7 Lion). + It does NOT support the new version of FileVault based on the APFS + filesystem used in recent macOS versions. + + Header formatting and changes are not supported; cryptsetup never + changes the metadata on the device. + + FVAULT2 extension requires kernel userspace crypto API and kernel + driver for HFS+ (hfsplus) filesystem (available on most systems today). + + Example of using FileVault2 formatted USB device: + + A typical encrypted device contains three partitions; the FileVault + encrypted partition is here sda2: + + $ lsblk -o NAME,FSTYPE,LABEL /dev/sda + NAME FSTYPE LABEL + sda + |-sda1 vfat EFI + |-sda2 + `-sda3 hfsplus Boot OS X + + Note: blkid does not recognize FileVault2 format yet. + + To dump metadata information about the device, you can use + the fvault2Dump command: + + $ cryptsetup fvault2Dump /dev/sda2 + Header information for FVAULT2 device /dev/sda2. + Physical volume UUID: 6f353c05-daae-4e76-a0ee-6a9569a22d81 + Family UUID: f82cceb0-a788-4815-945a-53d57fcd55a8 + Logical volume offset: 67108864 [bytes] + Logical volume size: 3288334336 [bytes] + Cipher: aes + Cipher mode: xts-plain64 + PBKDF2 iterations: 97962 + PBKDF2 salt: 173a4ec7447662ec79ca7a47df6c2a01 + + To activate the device, use open --type fvault2 option: + + $ cryptsetup open --type fvault2 /dev/sda2 test + Enter passphrase for /dev/sda2: ... + + And check the status of the active device: + + $ cryptsetup status test + /dev/mapper/test is active. + type: FVAULT2 + cipher: aes-xts-plain64 + keysize: 256 bits + key location: dm-crypt + device: /dev/sda2 + sector size: 512 + offset: 131072 sectors + size: 6422528 sectors + mode: read/write + + Now, if the kernel contains hfsplus filesystem driver, you can mount + decrypted content: + + $ mount /dev/mapper/test /mnt/test + + For more info about implementation, please refer to the master thesis + by Pavel Tobias, which was the source for this extension. + https://is.muni.cz/th/p0aok/?lang=en + +* libcryptsetup: no longer use global memory locking through mlockall() + + For many years, libcryptsetup locked all memory (including dependent + library address space) to prevent swapping sensitive content outside + of RAM. + + This strategy no longer works as the locking of basic libraries exceeds + the memory locking limit if running as a non-root user. + + Libcryptsetup now locks only memory ranges containing sensitive + material (keys) through crypt_safe_alloc() calls. + + This change solves many reported mysterious problems of unexpected + failures. If the initial lock was still under the limit and succeeded, + some following memory allocation could fail later as it exceeded + the locking limit. If the initial locking fails, memory locking + was quietly ignored completely. + + The whole crypt_memory_lock() API call is deprecated; it no longer + calls memlockall(). + +* libcryptsetup: process priority is increased only for key derivation + (PBKDF) calls. + + Increasing priority was tight to memory locking and works only if + running under superuser. + Only PBKDF calls and benchmarking now increase the process priority. + +* Add new LUKS keyslot context handling functions and API. + + In practice, the luksAddKey action does two operations. + It unlocks the existing device volume key and stores the unlocked + volume key in a new keyslot. + Previously the options were limited to key files and passphrases. + + Newly available methods (keyslot contexts) are passphrase, keyfile, + key (binary representation), and LUKS2 token. + + To unlock a keyslot user may: + - provide existing passphrase via interactive prompt (default method) + - use --key-file option to provide a file with a valid passphrase + - provide volume key directly via --volume-key-file + - unlock keyslot via all available LUKS2 tokens by --token-only + - unlock keyslot via specific token with --token-id + - unlock keyslot via specific token type by --token-type + + To provide the passphrase for a new keyslot, a user may: + - provide existing passphrase via interactive prompt (default method) + - use --new-keyfile to read the passphrase from the file + - use --new-token-id to select LUKS2 token to get passphrase + for new keyslot. The new keyslot is assigned to the selected token + id if the operation is successful. + +* The volume key may now be extracted using a passphrase, keyfile, or + token. For LUKS devices, it also returns the volume key after + a successful crypt_format call. + +* Fix --disable-luks2-reencryption configuration option. + +* cryptsetup: Print a better error message and warning if the format + produces an image without space available for data. + + Activation now fails early with a more descriptive message. + +* Print error if anti-forensic LUKS2 hash setting is not available. + If the specified hash was not available, activation quietly failed. + +* Fix internal crypt segment compare routine if the user + specified cipher in kernel format (capi: prefix). + +* cryptsetup: Add token unassign action. + + This action allows removing token binding on specific keyslot. + +* veritysetup: add support for --use-tasklets option. + + This option sets try_verify_in_tasklet kernel dm-verity option + (available since Linux kernel 6.0) to allow some performance + improvement on specific systems. + +* Provide pkgconfig Require.private settings. + + While we do not completely provide static build on udev systems, + it helps produce statically linked binaries in certain situations. + +* Always update automake library files if autogen.sh is run. + + For several releases, we distributed older automake scripts by mistake. + +* reencryption: Fix user defined moved segment size in LUKS2 decryption. + + The --hotzone-size argument was ignored in cases where the actual data + size was less than the original LUKS2 data offset. + +* Delegate FIPS mode detection to configured crypto backend. + System FIPS mode check no longer depends on /etc/system-fips file. + +* tests: externally provided systemd plugin is now optionally compiled + from systemd git and tested with cryptsetup + +* tests: initial integration to OSS-fuzz project with basic crypt_load() + test for LUKS2 and JSON mutated fuzzing. + + For more info, see README in tests/fuzz directory. + +* Update documentation, including FAQ and man pages. + +Libcryptsetup API extensions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +The libcryptsetup API is backward compatible with existing symbols. + +New symbols: + crypt_keyslot_context_init_by_passphrase + crypt_keyslot_context_init_by_keyfile + crypt_keyslot_context_init_by_token + crypt_keyslot_context_init_by_volume_key + crypt_keyslot_context_get_error + crypt_keyslot_context_set_pin + crypt_keyslot_context_get_type + crypt_keyslot_context_free + crypt_keyslot_add_by_keyslot_context + crypt_volume_key_get_by_keyslot_context + +New defines: + CRYPT_FVAULT2 "FVAULT2" (FileVault2 compatible mode) + +Keyslot context types: + CRYPT_KC_TYPE_PASSPHRASE + CRYPT_KC_TYPE_KEYFILE + CRYPT_KC_TYPE_TOKEN + CRYPT_KC_TYPE_KEY + + CRYPT_ACTIVATE_TASKLETS (dm-verity: use tasklets activation flag) + +WARNING! +~~~~~~~~ +The next version of cryptsetup will change the encryption mode and key +derivation option for the PLAIN format. + +This change will cause backward incompatibility. +For this reason, the user will have to specify the exact parameters +for cipher, key size, and key derivation parameters for plain format. + +The default encryption mode will be AES-XTS with 512bit key (AES-256). +The CBC mode is no longer considered the best default, as it allows easy +bit-flipped ciphertext modification attacks and performance problems. + +For the passphrase hashing in plain mode, the encryption key is directly +derived through iterative hashing from a user-provided passphrase +(except a keyfile that is not hashed). + +The default hash is RIPEMD160, which is no longer the best default +option. The exact change will be yet discussed but should include +the possibility of using a password-based key derivation function +instead of iterative hashing. diff -Nru cryptsetup-2.5.0/docs/v2.6.1-ReleaseNotes cryptsetup-2.6.1/docs/v2.6.1-ReleaseNotes --- cryptsetup-2.5.0/docs/v2.6.1-ReleaseNotes 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/docs/v2.6.1-ReleaseNotes 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,50 @@ +Cryptsetup 2.6.1 Release Notes +============================== +Stable bug-fix release with minor extensions. + +All users of cryptsetup 2.6.0 should upgrade to this version. + +Changes since version 2.6.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* bitlk: Fixes for BitLocker-compatible on-disk metadata parser + (found by new cryptsetup OSS-Fuzz fuzzers). + - Fix a possible memory leak if the metadata contains more than + one description field. + - Harden parsing of metadata entries for key and description entries. + - Fix broken metadata parsing that can cause a crash or out of memory. + +* Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend. + OpenSSL2 uses a signed integer for PBKDF2 iteration count. + As cryptsetup uses an unsigned value, this can lead to overflow and + a decrease in the actual iteration count. + This situation can happen only if the user specifies + --pbkdf-force-iterations option. + OpenSSL3 (and other supported crypto backends) are not affected. + +* Fix compilation for new ISO C standards (gcc with -std=c11 and higher). + +* fvault2: Fix compilation with very old uuid.h. + +* verity: Fix possible hash offset setting overflow. + +* bitlk: Fix use of startup BEK key on big-endian platforms. + +* Fix compilation with latest musl library. + Recent musl no longer implements lseek64() in some configurations. + Use lseek() as 64-bit offset is mandatory for cryptsetup. + +* Do not initiate encryption (reencryption command) when the header and + data devices are the same. + If data device reduction is not requsted, this leads to data corruption + since LUKS metadata was written over the data device. + +* Fix possible memory leak if crypt_load() fails. + +* Always use passphrases with a minimal 8 chars length for benchmarking. + Some enterprise distributions decided to set an unconditional check + for PBKDF2 password length when running in FIPS mode. + This questionable change led to unexpected failures during LUKS format + and keyslot operations, where short passwords were used for + benchmarking PBKDF2 speed. + PBKDF2 benchmark calculations should not be affected by this change. diff -Nru cryptsetup-2.5.0/FAQ.md cryptsetup-2.6.1/FAQ.md --- cryptsetup-2.5.0/FAQ.md 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/FAQ.md 2023-02-09 16:12:17.000000000 +0000 @@ -2506,6 +2506,31 @@ individually created (and hence has its own volume key). In this case, changing the default passphrase will make it secure again. + * **6.16 How to convert the printed volume key to a raw one?** + A volume key printed via something like: +``` + cryptsetup --dump-volume-key luksDump /dev/ >volume-key +``` +(i.e. without using `--volume-key-file`), which gives something like: +``` +LUKS header information for /dev/ +Cipher name: aes +Cipher mode: xts-plain64 +Payload offset: 32768 +UUID: 6e914442-e8b5-4eb5-98c4-5bf0cf17ecad +MK bits: 512 +MK dump: e0 3f 15 c2 0f e5 80 ab 35 b4 10 03 ae 30 b9 5d + 4c 0d 28 9e 1b 0f e3 b0 50 57 ef d4 4d 53 a0 12 + b7 4e 43 a1 20 7e c5 02 1f f1 f5 08 04 3c f5 20 + a6 0b 23 f6 7b 53 55 aa 22 d8 aa 02 e0 2f d5 04 +``` +can be converted to the raw volume key for example via: +``` + sed -E -n '/^MK dump:\t/,/^[^\t]/{0,/^MK dump:\t/s/^MK dump://; /^([^\t].*)?$/q; s/\t+//p;};' volume-key | xxd -r -p +``` + + + # 7. Interoperability with other Disk Encryption Tools diff -Nru cryptsetup-2.5.0/.github/workflows/cibuild-setup-ubuntu.sh cryptsetup-2.6.1/.github/workflows/cibuild-setup-ubuntu.sh --- cryptsetup-2.5.0/.github/workflows/cibuild-setup-ubuntu.sh 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.github/workflows/cibuild-setup-ubuntu.sh 2023-02-09 16:12:17.000000000 +0000 @@ -4,7 +4,7 @@ PACKAGES=( git make autoconf automake autopoint pkg-config libtool libtool-bin - gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol1-dev + gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass asciidoctor diff -Nru cryptsetup-2.5.0/.gitignore cryptsetup-2.6.1/.gitignore --- cryptsetup-2.5.0/.gitignore 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitignore 2023-02-09 16:12:17.000000000 +0000 @@ -58,3 +58,4 @@ tests/vectors-test tests/test-symbols-list.h tests/all-symbols-test +tests/fuzz/LUKS2.pb* diff -Nru cryptsetup-2.5.0/.gitlab/ci/alpinelinux.yml cryptsetup-2.6.1/.gitlab/ci/alpinelinux.yml --- cryptsetup-2.5.0/.gitlab/ci/alpinelinux.yml 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/alpinelinux.yml 2023-02-09 16:12:17.000000000 +0000 @@ -23,11 +23,11 @@ variables: RUN_SSH_PLUGIN_TEST: "0" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs @@ -44,6 +44,8 @@ variables: RUN_SSH_PLUGIN_TEST: "0" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" diff -Nru cryptsetup-2.5.0/.gitlab/ci/centos.yml cryptsetup-2.6.1/.gitlab/ci/centos.yml --- cryptsetup-2.5.0/.gitlab/ci/centos.yml 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/centos.yml 2023-02-09 16:12:17.000000000 +0000 @@ -27,6 +27,8 @@ variables: RUN_SSH_PLUGIN_TEST: "1" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ @@ -46,6 +48,8 @@ variables: RUN_SSH_PLUGIN_TEST: "1" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" diff -Nru cryptsetup-2.5.0/.gitlab/ci/cibuild-setup-ubuntu.sh cryptsetup-2.6.1/.gitlab/ci/cibuild-setup-ubuntu.sh --- cryptsetup-2.5.0/.gitlab/ci/cibuild-setup-ubuntu.sh 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/cibuild-setup-ubuntu.sh 2023-02-09 16:12:17.000000000 +0000 @@ -4,7 +4,7 @@ PACKAGES=( git make autoconf automake autopoint pkg-config libtool libtool-bin - gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol1-dev + gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass asciidoctor diff -Nru cryptsetup-2.5.0/.gitlab/ci/cifuzz.yml cryptsetup-2.6.1/.gitlab/ci/cifuzz.yml --- cryptsetup-2.5.0/.gitlab/ci/cifuzz.yml 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/cifuzz.yml 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,46 @@ +cifuzz: + variables: + OSS_FUZZ_PROJECT_NAME: cryptsetup + CFL_PLATFORM: gitlab + CIFUZZ_DEBUG: "True" + FUZZ_SECONDS: 300 # 5 minutes per fuzzer + ARCHITECTURE: "x86_64" + DRY_RUN: "False" + LOW_DISK_SPACE: "True" + BAD_BUILD_CHECK: "True" + LANGUAGE: "c" + DOCKER_HOST: "tcp://docker:2375" + DOCKER_IN_DOCKER: "true" + DOCKER_DRIVER: overlay2 + DOCKER_TLS_CERTDIR: "" + image: + name: gcr.io/oss-fuzz-base/cifuzz-base + entrypoint: [""] + services: + - docker:dind + + stage: test + parallel: + matrix: + - SANITIZER: [address, undefined, memory] + rules: + # Default code change. + # - if: $CI_PIPELINE_SOURCE == "merge_request_event" + # variables: + # MODE: "code-change" + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $BUILD_AND_RUN_FUZZERS != null + before_script: + # Get gitlab's container id. + - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset` + script: + # Will build and run the fuzzers. + # We use a hack to override CI_JOB_ID, because otherwise a bad path is used + # in GitLab CI environment + - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py" + artifacts: + # Upload artifacts when a crash makes the job fail. + when: always + paths: + - artifacts/ diff -Nru cryptsetup-2.5.0/.gitlab/ci/compilation-various-disables.yml cryptsetup-2.6.1/.gitlab/ci/compilation-various-disables.yml --- cryptsetup-2.5.0/.gitlab/ci/compilation-various-disables.yml 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/compilation-various-disables.yml 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,21 @@ +test-gcc-disable-compiles: + extends: + - .gitlab-shared-gcc + parallel: + matrix: + - DISABLE_FLAGS: [ + "--disable-keyring", + "--disable-external-tokens --disable-ssh-token", + "--disable-luks2-reencryption", + "--disable-cryptsetup --disable-veritysetup --disable-integritysetup", + "--disable-kernel_crypto", + "--disable-selinux", + "--disable-udev", + "--disable-internal-argon2", + "--disable-blkid" + ] + script: + - export CFLAGS="-Wall -Werror" + - ./configure $DISABLE_FLAGS + - make -j + - make -j check-programs diff -Nru cryptsetup-2.5.0/.gitlab/ci/debian.yml cryptsetup-2.6.1/.gitlab/ci/debian.yml --- cryptsetup-2.5.0/.gitlab/ci/debian.yml 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/debian.yml 2023-02-09 16:12:17.000000000 +0000 @@ -3,12 +3,15 @@ - .dump_kernel_log before_script: - > - sudo apt-get -y install -y -qq git gcc make - autoconf automake autopoint pkg-config libtool libtool-bin gettext - libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol1-dev - libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev - libpwquality-dev sharutils dmsetup jq xxd expect keyutils - netcat passwd openssh-client sshpass asciidoctor + [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] || + sudo apt-get -y install -y -qq swtpm meson ninja-build python3-jinja2 + gperf libcap-dev tpm2-tss-engine-dev libmount-dev swtpm-tools + - > + sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint + pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev + libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev + tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect + keyutils netcat passwd openssh-client sshpass asciidoctor - sudo apt-get -y build-dep cryptsetup - sudo -E git clean -xdf - ./autogen.sh @@ -19,7 +22,7 @@ - .debian-prep tags: - libvirt - - debian10 + - debian11 stage: test interruptible: true variables: @@ -38,7 +41,7 @@ - .debian-prep tags: - libvirt - - debian10 + - debian11 stage: test interruptible: true variables: diff -Nru cryptsetup-2.5.0/.gitlab/ci/fedora.yml cryptsetup-2.6.1/.gitlab/ci/fedora.yml --- cryptsetup-2.5.0/.gitlab/ci/fedora.yml 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/fedora.yml 2023-02-09 16:12:17.000000000 +0000 @@ -3,7 +3,12 @@ - .dump_kernel_log before_script: - > - sudo dnf -y -q install + [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] || + sudo dnf -y -q install + swtpm meson ninja-build python3-jinja2 gperf libcap-devel tpm2-tss-devel + libmount-devel swtpm-tools + - > + sudo dnf -y -q install autoconf automake device-mapper-devel gcc gettext-devel json-c-devel libargon2-devel libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool libuuid-devel make popt-devel diff -Nru cryptsetup-2.5.0/.gitlab/ci/rhel.yml cryptsetup-2.6.1/.gitlab/ci/rhel.yml --- cryptsetup-2.5.0/.gitlab/ci/rhel.yml 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/rhel.yml 2023-02-09 16:12:17.000000000 +0000 @@ -27,6 +27,8 @@ variables: RUN_SSH_PLUGIN_TEST: "1" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ @@ -46,6 +48,8 @@ variables: RUN_SSH_PLUGIN_TEST: "1" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ @@ -67,10 +71,13 @@ variables: RUN_SSH_PLUGIN_TEST: "1" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: + - fips-mode-setup --check || exit 1 - make -j - make -j -C tests check-programs - sudo -E make check @@ -87,10 +94,13 @@ variables: RUN_SSH_PLUGIN_TEST: "1" rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: + - fips-mode-setup --check || exit 1 - make -j - make -j -C tests check-programs - sudo -E make check diff -Nru cryptsetup-2.5.0/.gitlab/ci/ubuntu-32bit.yml cryptsetup-2.6.1/.gitlab/ci/ubuntu-32bit.yml --- cryptsetup-2.5.0/.gitlab/ci/ubuntu-32bit.yml 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab/ci/ubuntu-32bit.yml 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,41 @@ +test-mergerq-job-ubuntu-32bit: + extends: + - .debian-prep + tags: + - libvirt + - ubuntu-bionic-32bit + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-main-commit-job-ubuntu-32bit: + extends: + - .debian-prep + tags: + - libvirt + - ubuntu-bionic-32bit + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check diff -Nru cryptsetup-2.5.0/.gitlab-ci.yml cryptsetup-2.6.1/.gitlab-ci.yml --- cryptsetup-2.5.0/.gitlab-ci.yml 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/.gitlab-ci.yml 2023-02-09 16:12:17.000000000 +0000 @@ -15,6 +15,9 @@ - local: .gitlab/ci/annocheck.yml - local: .gitlab/ci/csmock.yml - local: .gitlab/ci/gitlab-shared-docker.yml + - local: .gitlab/ci/compilation-various-disables.yml - local: .gitlab/ci/compilation-gcc.gitlab-ci.yml - local: .gitlab/ci/compilation-clang.gitlab-ci.yml - local: .gitlab/ci/alpinelinux.yml + - local: .gitlab/ci/ubuntu-32bit.yml + - local: .gitlab/ci/cifuzz.yml diff -Nru cryptsetup-2.5.0/lib/bitlk/bitlk.c cryptsetup-2.6.1/lib/bitlk/bitlk.c --- cryptsetup-2.5.0/lib/bitlk/bitlk.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/bitlk/bitlk.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * BITLK (BitLocker-compatible) volume handling * - * Copyright (C) 2019-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2019-2022 Milan Broz - * Copyright (C) 2019-2022 Vojtech Trefny + * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2019-2023 Milan Broz + * Copyright (C) 2019-2023 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -255,13 +255,16 @@ (*vmk)->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE || (*vmk)->protection == BITLK_PROTECTION_STARTUP_KEY; - while (end - start > 2) { + while ((end - start) >= (ssize_t)(sizeof(key_entry_size) + sizeof(key_entry_type) + sizeof(key_entry_value))) { /* size of this entry */ memcpy(&key_entry_size, data + start, sizeof(key_entry_size)); key_entry_size = le16_to_cpu(key_entry_size); if (key_entry_size == 0) break; + if (key_entry_size > (end - start)) + return -EINVAL; + /* type and value of this entry */ memcpy(&key_entry_type, data + start + sizeof(key_entry_size), sizeof(key_entry_type)); memcpy(&key_entry_value, @@ -280,20 +283,24 @@ } /* stretch key with salt, skip 4 B (encryption method of the stretch key) */ - if (key_entry_value == BITLK_ENTRY_VALUE_STRETCH_KEY) + if (key_entry_value == BITLK_ENTRY_VALUE_STRETCH_KEY) { + if ((end - start) < (BITLK_ENTRY_HEADER_LEN + BITLK_SALT_SIZE + 4)) + return -EINVAL; memcpy((*vmk)->salt, data + start + BITLK_ENTRY_HEADER_LEN + 4, - sizeof((*vmk)->salt)); + BITLK_SALT_SIZE); /* AES-CCM encrypted key */ - else if (key_entry_value == BITLK_ENTRY_VALUE_ENCRYPTED_KEY) { + } else if (key_entry_value == BITLK_ENTRY_VALUE_ENCRYPTED_KEY) { + if (key_entry_size < (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE)) + return -EINVAL; /* nonce */ memcpy((*vmk)->nonce, data + start + BITLK_ENTRY_HEADER_LEN, - sizeof((*vmk)->nonce)); + BITLK_NONCE_SIZE); /* MAC tag */ memcpy((*vmk)->mac_tag, data + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE, - sizeof((*vmk)->mac_tag)); + BITLK_VMK_MAC_TAG_SIZE); /* AES-CCM encrypted key */ key_size = key_entry_size - (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE); key = (const char *) data + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE; @@ -318,6 +325,8 @@ } else if (key_entry_value == BITLK_ENTRY_VALUE_RECOVERY_TIME) { ; } else if (key_entry_value == BITLK_ENTRY_VALUE_STRING) { + if (key_entry_size < BITLK_ENTRY_HEADER_LEN) + return -EINVAL; string = malloc((key_entry_size - BITLK_ENTRY_HEADER_LEN) * 2 + 1); if (!string) return -ENOMEM; @@ -405,6 +414,7 @@ struct bitlk_fve_metadata fve = {}; struct bitlk_entry_vmk entry_vmk = {}; uint8_t *fve_entries = NULL; + size_t fve_entries_size = 0; uint32_t fve_metadata_size = 0; int fve_offset = 0; char guid_buf[UUID_STR_LEN] = {0}; @@ -413,7 +423,6 @@ int i = 0; int r = 0; int start = 0; - int end = 0; size_t key_size = 0; const char *key = NULL; char *description = NULL; @@ -514,7 +523,6 @@ params->volume_size = le64_to_cpu(fve.volume_size); params->metadata_version = le16_to_cpu(fve.fve_version); - fve_metadata_size = le32_to_cpu(fve.metadata_size); switch (le16_to_cpu(fve.encryption)) { /* AES-CBC with Elephant difuser */ @@ -569,40 +577,56 @@ params->creation_time = filetime_to_unixtime(le64_to_cpu(fve.creation_time)); + fve_metadata_size = le32_to_cpu(fve.metadata_size); + if (fve_metadata_size < (BITLK_FVE_METADATA_HEADER_LEN + sizeof(entry_size) + sizeof(entry_type)) || + fve_metadata_size > BITLK_FVE_METADATA_SIZE) { + r = -EINVAL; + goto out; + } + fve_entries_size = fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN; + /* read and parse all FVE metadata entries */ - fve_entries = malloc(fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN); + fve_entries = malloc(fve_entries_size); if (!fve_entries) { r = -ENOMEM; goto out; } - memset(fve_entries, 0, (fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN)); + memset(fve_entries, 0, fve_entries_size); - log_dbg(cd, "Reading BITLK FVE metadata entries of size %" PRIu32 " on device %s, offset %" PRIu64 ".", - fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN, device_path(device), - params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN); + log_dbg(cd, "Reading BITLK FVE metadata entries of size %zu on device %s, offset %" PRIu64 ".", + fve_entries_size, device_path(device), params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN); if (read_lseek_blockwise(devfd, device_block_size(cd, device), - device_alignment(device), fve_entries, fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN, - params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN) != (ssize_t)(fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN)) { + device_alignment(device), fve_entries, fve_entries_size, + params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN) != (ssize_t)fve_entries_size) { log_err(cd, _("Failed to read BITLK metadata entries from %s."), device_path(device)); r = -EINVAL; goto out; } - end = fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN; - while (end - start > 2) { + while ((fve_entries_size - start) >= (sizeof(entry_size) + sizeof(entry_type))) { + /* size of this entry */ memcpy(&entry_size, fve_entries + start, sizeof(entry_size)); entry_size = le16_to_cpu(entry_size); if (entry_size == 0) break; + if (entry_size > (fve_entries_size - start)) { + r = -EINVAL; + goto out; + } + /* type of this entry */ memcpy(&entry_type, fve_entries + start + sizeof(entry_size), sizeof(entry_type)); entry_type = le16_to_cpu(entry_type); /* VMK */ if (entry_type == BITLK_ENTRY_TYPE_VMK) { + if (entry_size < (BITLK_ENTRY_HEADER_LEN + sizeof(entry_vmk))) { + r = -EINVAL; + goto out; + } /* skip first four variables in the entry (entry size, type, value and version) */ memcpy(&entry_vmk, fve_entries + start + BITLK_ENTRY_HEADER_LEN, @@ -639,7 +663,11 @@ vmk_p = vmk; vmk = vmk->next; /* FVEK */ - } else if (entry_type == BITLK_ENTRY_TYPE_FVEK) { + } else if (entry_type == BITLK_ENTRY_TYPE_FVEK && !params->fvek) { + if (entry_size < (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE)) { + r = -EINVAL; + goto out; + } params->fvek = malloc(sizeof(struct bitlk_fvek)); if (!params->fvek) { r = -ENOMEM; @@ -647,11 +675,11 @@ } memcpy(params->fvek->nonce, fve_entries + start + BITLK_ENTRY_HEADER_LEN, - sizeof(params->fvek->nonce)); + BITLK_NONCE_SIZE); /* MAC tag */ memcpy(params->fvek->mac_tag, fve_entries + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE, - sizeof(params->fvek->mac_tag)); + BITLK_VMK_MAC_TAG_SIZE); /* AES-CCM encrypted key */ key_size = entry_size - (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE); key = (const char *) fve_entries + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE; @@ -663,19 +691,29 @@ /* volume header info (location and size) */ } else if (entry_type == BITLK_ENTRY_TYPE_VOLUME_HEADER) { struct bitlk_entry_header_block entry_header; + if ((fve_entries_size - start) < (BITLK_ENTRY_HEADER_LEN + sizeof(entry_header))) { + r = -EINVAL; + goto out; + } memcpy(&entry_header, fve_entries + start + BITLK_ENTRY_HEADER_LEN, sizeof(entry_header)); params->volume_header_offset = le64_to_cpu(entry_header.offset); params->volume_header_size = le64_to_cpu(entry_header.size); /* volume description (utf-16 string) */ - } else if (entry_type == BITLK_ENTRY_TYPE_DESCRIPTION) { - description = malloc((entry_size - BITLK_ENTRY_HEADER_LEN - BITLK_ENTRY_HEADER_LEN) * 2 + 1); - if (!description) - return -ENOMEM; + } else if (entry_type == BITLK_ENTRY_TYPE_DESCRIPTION && !params->description) { + if (entry_size < BITLK_ENTRY_HEADER_LEN) { + r = -EINVAL; + goto out; + } + description = malloc((entry_size - BITLK_ENTRY_HEADER_LEN) * 2 + 1); + if (!description) { + r = -ENOMEM; + goto out; + } r = crypt_utf16_to_utf8(&description, CONST_CAST(char16_t *)(fve_entries + start + BITLK_ENTRY_HEADER_LEN), entry_size - BITLK_ENTRY_HEADER_LEN); - if (r < 0 || !description) { + if (r < 0) { free(description); BITLK_bitlk_vmk_free(vmk); log_err(cd, _("Failed to convert BITLK volume description")); @@ -773,13 +811,13 @@ - each part is a number dividable by 11 */ if (passwordLen != BITLK_RECOVERY_KEY_LEN) { - if (passwordLen == BITLK_RECOVERY_KEY_LEN + 1 && password[passwordLen - 1] == '\n') { - /* looks like a recovery key with an extra newline, possibly from a key file */ - passwordLen--; - log_dbg(cd, "Possible extra EOL stripped from the recovery key."); - } else - return 0; - } + if (passwordLen == BITLK_RECOVERY_KEY_LEN + 1 && password[passwordLen - 1] == '\n') { + /* looks like a recovery key with an extra newline, possibly from a key file */ + passwordLen--; + log_dbg(cd, "Possible extra EOL stripped from the recovery key."); + } else + return 0; + } for (i = BITLK_RECOVERY_PART_LEN; i < passwordLen; i += BITLK_RECOVERY_PART_LEN + 1) { if (password[i] != '-') @@ -822,13 +860,16 @@ struct bitlk_guid guid; char guid_buf[UUID_STR_LEN] = {0}; - while (end - start > 2) { + while ((end - start) >= (ssize_t)(sizeof(key_entry_size) + sizeof(key_entry_type) + sizeof(key_entry_value))) { /* size of this entry */ memcpy(&key_entry_size, data + start, sizeof(key_entry_size)); key_entry_size = le16_to_cpu(key_entry_size); if (key_entry_size == 0) break; + if (key_entry_size > (end - start)) + return -EINVAL; + /* type and value of this entry */ memcpy(&key_entry_type, data + start + sizeof(key_entry_size), sizeof(key_entry_type)); memcpy(&key_entry_value, @@ -843,6 +884,8 @@ } if (key_entry_value == BITLK_ENTRY_VALUE_KEY) { + if (key_entry_size < (BITLK_ENTRY_HEADER_LEN + 4)) + return -EINVAL; key_size = key_entry_size - (BITLK_ENTRY_HEADER_LEN + 4); key = (const char *) data + start + BITLK_ENTRY_HEADER_LEN + 4; *vk = crypt_alloc_volume_key(key_size, key); @@ -854,6 +897,8 @@ ; /* GUID of the BitLocker device we are trying to open with this key */ else if (key_entry_value == BITLK_ENTRY_VALUE_GUID) { + if ((end - start) < (ssize_t)(BITLK_ENTRY_HEADER_LEN + sizeof(struct bitlk_guid))) + return -EINVAL; memcpy(&guid, data + start + BITLK_ENTRY_HEADER_LEN, sizeof(struct bitlk_guid)); guid_to_string(&guid, guid_buf); if (strcmp(guid_buf, params->guid) != 0) { @@ -887,7 +932,7 @@ uint16_t key_entry_type = 0; uint16_t key_entry_value = 0; - if (passwordLen < BITLK_BEK_FILE_HEADER_LEN) + if (passwordLen < (BITLK_BEK_FILE_HEADER_LEN + sizeof(key_entry_size) + sizeof(key_entry_type) + sizeof(key_entry_value))) return -EPERM; memcpy(&bek_header, password, BITLK_BEK_FILE_HEADER_LEN); @@ -899,13 +944,14 @@ else return -EPERM; - if (bek_header.metadata_version != 1) { - log_err(cd, _("Unsupported BEK metadata version %" PRIu32), bek_header.metadata_version); + if (le32_to_cpu(bek_header.metadata_version) != 1) { + log_err(cd, _("Unsupported BEK metadata version %" PRIu32), le32_to_cpu(bek_header.metadata_version)); return -ENOTSUP; } - if (bek_header.metadata_size != passwordLen) { - log_err(cd, _("Unexpected BEK metadata size %" PRIu32 " does not match BEK file length"), bek_header.metadata_size); + if (le32_to_cpu(bek_header.metadata_size) != passwordLen) { + log_err(cd, _("Unexpected BEK metadata size %" PRIu32 " does not match BEK file length"), + le32_to_cpu(bek_header.metadata_size)); return -EINVAL; } diff -Nru cryptsetup-2.5.0/lib/bitlk/bitlk.h cryptsetup-2.6.1/lib/bitlk/bitlk.h --- cryptsetup-2.5.0/lib/bitlk/bitlk.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/bitlk/bitlk.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * BITLK (BitLocker-compatible) header definition * - * Copyright (C) 2019-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2019-2022 Milan Broz - * Copyright (C) 2019-2022 Vojtech Trefny + * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2019-2023 Milan Broz + * Copyright (C) 2019-2023 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/argon2_generic.c cryptsetup-2.6.1/lib/crypto_backend/argon2_generic.c --- cryptsetup-2.5.0/lib/crypto_backend/argon2_generic.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/argon2_generic.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Argon2 PBKDF2 library wrapper * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Milan Broz + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/base64.c cryptsetup-2.6.1/lib/crypto_backend/base64.c --- cryptsetup-2.5.0/lib/crypto_backend/base64.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/base64.c 2023-02-09 16:12:17.000000000 +0000 @@ -4,7 +4,7 @@ * Copyright (C) 2010 Lennart Poettering * * cryptsetup related changes - * Copyright (C) 2021-2022 Milan Broz + * Copyright (C) 2021-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -24,7 +24,6 @@ #include #include #include -#include #include "crypto_backend.h" diff -Nru cryptsetup-2.5.0/lib/crypto_backend/cipher_check.c cryptsetup-2.6.1/lib/crypto_backend/cipher_check.c --- cryptsetup-2.5.0/lib/crypto_backend/cipher_check.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/cipher_check.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Cipher performance check * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2022 Milan Broz + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/cipher_generic.c cryptsetup-2.6.1/lib/crypto_backend/cipher_generic.c --- cryptsetup-2.5.0/lib/crypto_backend/cipher_generic.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/cipher_generic.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Linux kernel cipher generic utilities * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2022 Milan Broz + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crc32.c cryptsetup-2.6.1/lib/crypto_backend/crc32.c --- cryptsetup-2.5.0/lib/crypto_backend/crc32.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crc32.c 2023-02-09 16:12:17.000000000 +0000 @@ -97,12 +97,71 @@ 0x2d02ef8dL }; +static const uint32_t crc32c_tab[] = { + 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L, 0xC79A971FL, + 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL, 0x8AD958CFL, 0x78B2DBCCL, + 0x6BE22838L, 0x9989AB3BL, 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, + 0x5E133C24L, 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL, + 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L, 0x9A879FA0L, + 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L, 0x5D1D08BFL, 0xAF768BBCL, + 0xBC267848L, 0x4E4DFB4BL, 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, + 0x33ED7D2AL, 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L, + 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L, 0x6DFE410EL, + 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL, 0x30E349B1L, 0xC288CAB2L, + 0xD1D83946L, 0x23B3BA45L, 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, + 0xE4292D5AL, 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL, + 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L, 0x417B1DBCL, + 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L, 0x86E18AA3L, 0x748A09A0L, + 0x67DAFA54L, 0x95B17957L, 0xCBA24573L, 0x39C9C670L, 0x2A993584L, + 0xD8F2B687L, 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L, + 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L, 0x96BF4DCCL, + 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L, 0xDBFC821CL, 0x2997011FL, + 0x3AC7F2EBL, 0xC8AC71E8L, 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, + 0x0F36E6F7L, 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L, + 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L, 0xEB1FCBADL, + 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L, 0x2C855CB2L, 0xDEEEDFB1L, + 0xCDBE2C45L, 0x3FD5AF46L, 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, + 0x62C8A7F9L, 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L, + 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L, 0x3CDB9BDDL, + 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L, 0x82F63B78L, 0x709DB87BL, + 0x63CD4B8FL, 0x91A6C88CL, 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, + 0x563C5F93L, 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L, + 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL, 0x92A8FC17L, + 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L, 0x55326B08L, 0xA759E80BL, + 0xB4091BFFL, 0x466298FCL, 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, + 0x0B21572CL, 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L, + 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L, 0x65D122B9L, + 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL, 0x2892ED69L, 0xDAF96E6AL, + 0xC9A99D9EL, 0x3BC21E9DL, 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, + 0xFC588982L, 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL, + 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L, 0x38CC2A06L, + 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L, 0xFF56BD19L, 0x0D3D3E1AL, + 0x1E6DCDEEL, 0xEC064EEDL, 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, + 0xD0DDD530L, 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL, + 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL, 0x8ECEE914L, + 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L, 0xD3D3E1ABL, 0x21B862A8L, + 0x32E8915CL, 0xC083125FL, 0x144976B4L, 0xE622F5B7L, 0xF5720643L, + 0x07198540L, 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L, + 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL, 0xE330A81AL, + 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL, 0x24AA3F05L, 0xD6C1BC06L, + 0xC5914FF2L, 0x37FACCF1L, 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, + 0x7AB90321L, 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL, + 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L, 0x34F4F86AL, + 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL, 0x79B737BAL, 0x8BDCB4B9L, + 0x988C474DL, 0x6AE7C44EL, 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, + 0xAD7D5351L +}; + /* * This a generic crc32() function, it takes seed as an argument, * and does __not__ xor at the end. Then individual users can do * whatever they need. */ -uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len) +static uint32_t compute_crc32( + const uint32_t *crc32_tab, + uint32_t seed, + const unsigned char *buf, + size_t len) { uint32_t crc = seed; const unsigned char *p = buf; @@ -112,3 +171,13 @@ return crc; } + +uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len) +{ + return compute_crc32(crc32_tab, seed, buf, len); +} + +uint32_t crypt_crc32c(uint32_t seed, const unsigned char *buf, size_t len) +{ + return compute_crc32(crc32c_tab, seed, buf, len); +} diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_backend.h cryptsetup-2.6.1/lib/crypto_backend/crypto_backend.h --- cryptsetup-2.5.0/lib/crypto_backend/crypto_backend.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_backend.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * crypto backend implementation * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2022 Milan Broz + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -21,6 +21,7 @@ #ifndef _CRYPTO_BACKEND_H #define _CRYPTO_BACKEND_H +#include #include #include #include @@ -40,7 +41,8 @@ int crypt_backend_init(bool fips); void crypt_backend_destroy(void); -#define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */ +#define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */ +#define CRYPT_BACKEND_PBKDF2_INT (1 << 1) /* Iteration in PBKDF2 is signed int and can overflow */ uint32_t crypt_backend_flags(void); const char *crypt_backend_version(void); @@ -88,6 +90,7 @@ /* CRC32 */ uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len); +uint32_t crypt_crc32c(uint32_t seed, const unsigned char *buf, size_t len); /* Base64 */ int crypt_base64_encode(char **out, size_t *out_length, const char *in, size_t in_length); @@ -152,4 +155,7 @@ /* Memcmp helper (memcmp in constant time) */ int crypt_backend_memeq(const void *m1, const void *m2, size_t n); +/* crypto backend running in FIPS mode */ +bool crypt_fips_mode(void); + #endif /* _CRYPTO_BACKEND_H */ diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_backend_internal.h cryptsetup-2.6.1/lib/crypto_backend/crypto_backend_internal.h --- cryptsetup-2.5.0/lib/crypto_backend/crypto_backend_internal.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_backend_internal.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * crypto backend implementation * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2022 Milan Broz + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_cipher_kernel.c cryptsetup-2.6.1/lib/crypto_backend/crypto_cipher_kernel.c --- cryptsetup-2.5.0/lib/crypto_backend/crypto_cipher_kernel.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_cipher_kernel.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Linux kernel userspace API crypto backend implementation (skcipher) * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_gcrypt.c cryptsetup-2.6.1/lib/crypto_backend/crypto_gcrypt.c --- cryptsetup-2.5.0/lib/crypto_backend/crypto_gcrypt.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_gcrypt.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * GCRYPT crypto backend implementation * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2022 Milan Broz + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -22,7 +22,6 @@ #include #include #include -#include #include #include "crypto_backend_internal.h" @@ -555,3 +554,20 @@ { return crypt_internal_memeq(m1, m2, n); } + +#if !ENABLE_FIPS +bool crypt_fips_mode(void) { return false; } +#else +bool crypt_fips_mode(void) +{ + static bool fips_mode = false, fips_checked = false; + + if (fips_checked) + return fips_mode; + + fips_mode = gcry_fips_mode_active(); + fips_checked = true; + + return fips_mode; +} +#endif /* ENABLE FIPS */ diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_kernel.c cryptsetup-2.6.1/lib/crypto_backend/crypto_kernel.c --- cryptsetup-2.5.0/lib/crypto_backend/crypto_kernel.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_kernel.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Linux kernel userspace API crypto backend implementation * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2022 Milan Broz + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -421,3 +421,8 @@ { return crypt_internal_memeq(m1, m2, n); } + +bool crypt_fips_mode(void) +{ + return false; +} diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_nettle.c cryptsetup-2.6.1/lib/crypto_backend/crypto_nettle.c --- cryptsetup-2.5.0/lib/crypto_backend/crypto_nettle.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_nettle.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Nettle crypto backend implementation * - * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2022 Milan Broz + * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -453,3 +453,8 @@ /* The logic is inverse to memcmp... */ return !memeql_sec(m1, m2, n); } + +bool crypt_fips_mode(void) +{ + return false; +} diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_nss.c cryptsetup-2.6.1/lib/crypto_backend/crypto_nss.c --- cryptsetup-2.5.0/lib/crypto_backend/crypto_nss.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_nss.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * NSS crypto backend implementation * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2022 Milan Broz + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -400,3 +400,8 @@ { return NSS_SecureMemcmp(m1, m2, n); } + +bool crypt_fips_mode(void) +{ + return false; +} diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_openssl.c cryptsetup-2.6.1/lib/crypto_backend/crypto_openssl.c --- cryptsetup-2.5.0/lib/crypto_backend/crypto_openssl.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_openssl.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * OPENSSL crypto backend implementation * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2022 Milan Broz + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -30,6 +30,7 @@ #include #include +#include #include #include #include @@ -231,7 +232,11 @@ uint32_t crypt_backend_flags(void) { +#if OPENSSL_VERSION_MAJOR >= 3 return 0; +#else + return CRYPT_BACKEND_PBKDF2_INT; +#endif } const char *crypt_backend_version(void) @@ -574,6 +579,10 @@ if (!hash_id) return -EINVAL; + /* OpenSSL2 has iteration as signed int, avoid overflow */ + if (iterations > INT_MAX) + return -EINVAL; + r = PKCS5_PBKDF2_HMAC(password, (int)password_length, (const unsigned char *)salt, (int)salt_length, iterations, hash_id, (int)key_length, (unsigned char*) key); #endif @@ -812,3 +821,29 @@ { return CRYPTO_memcmp(m1, m2, n); } + +#if !ENABLE_FIPS +bool crypt_fips_mode(void) { return false; } +#else +static bool openssl_fips_mode(void) +{ +#if OPENSSL_VERSION_MAJOR >= 3 + return EVP_default_properties_is_fips_enabled(NULL); +#else + return FIPS_mode(); +#endif +} + +bool crypt_fips_mode(void) +{ + static bool fips_mode = false, fips_checked = false; + + if (fips_checked) + return fips_mode; + + fips_mode = openssl_fips_mode(); + fips_checked = true; + + return fips_mode; +} +#endif /* ENABLE FIPS */ diff -Nru cryptsetup-2.5.0/lib/crypto_backend/crypto_storage.c cryptsetup-2.6.1/lib/crypto_backend/crypto_storage.c --- cryptsetup-2.5.0/lib/crypto_backend/crypto_storage.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/crypto_storage.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * Generic wrapper for storage encryption modes and Initial Vectors * (reimplementation of some functions from Linux dm-crypt kernel) * - * Copyright (C) 2014-2022 Milan Broz + * Copyright (C) 2014-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/pbkdf2_generic.c cryptsetup-2.6.1/lib/crypto_backend/pbkdf2_generic.c --- cryptsetup-2.5.0/lib/crypto_backend/pbkdf2_generic.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/pbkdf2_generic.c 2023-02-09 16:12:17.000000000 +0000 @@ -4,8 +4,8 @@ * Copyright (C) 2004 Free Software Foundation * * cryptsetup related changes - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/crypto_backend/pbkdf_check.c cryptsetup-2.6.1/lib/crypto_backend/pbkdf_check.c --- cryptsetup-2.5.0/lib/crypto_backend/pbkdf_check.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/pbkdf_check.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * PBKDF performance check - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * Copyright (C) 2016-2020 Ondrej Mosnacek * * This file is free software; you can redistribute it and/or diff -Nru cryptsetup-2.5.0/lib/crypto_backend/utf8.c cryptsetup-2.6.1/lib/crypto_backend/utf8.c --- cryptsetup-2.5.0/lib/crypto_backend/utf8.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypto_backend/utf8.c 2023-02-09 16:12:17.000000000 +0000 @@ -4,7 +4,7 @@ * Copyright (C) 2010 Lennart Poettering * * cryptsetup related changes - * Copyright (C) 2021-2022 Vojtech Trefny + * Copyright (C) 2021-2023 Vojtech Trefny * Parts of the original systemd implementation are based on the GLIB utf8 * validation functions. @@ -28,7 +28,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#include #include #include diff -Nru cryptsetup-2.5.0/lib/crypt_plain.c cryptsetup-2.6.1/lib/crypt_plain.c --- cryptsetup-2.5.0/lib/crypt_plain.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/crypt_plain.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,8 +2,8 @@ * cryptsetup plain device helper functions * * Copyright (C) 2004 Jana Saout - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2022 Milan Broz + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/fvault2/fvault2.c cryptsetup-2.6.1/lib/fvault2/fvault2.c --- cryptsetup-2.5.0/lib/fvault2/fvault2.c 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/lib/fvault2/fvault2.c 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,1057 @@ +/* + * FVAULT2 (FileVault2-compatible) volume handling + * + * Copyright (C) 2021-2022 Pavel Tobias + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include + +#include "internal.h" +#include "fvault2.h" + +/* Core Storage signature/magic; "CS" big-endian */ +#define FVAULT2_CORE_STORAGE_MAGIC 0x4353 + +/* size of the physical volume header in bytes */ +#define FVAULT2_VOL_HEADER_SIZE 512 + +/* size of a single metadata block in bytes */ +#define FVAULT2_MD_BLOCK_SIZE 8192 + +/* maximal offset to read metadata block */ +#define FVAULT2_MAX_OFF 1024*1024*1024 + +/* encrypted metadata parsing progress flags (see _read_encrypted_metadata) */ +#define FVAULT2_ENC_MD_PARSED_0x0019 0b001 +#define FVAULT2_ENC_MD_PARSED_0x001A 0b010 +#define FVAULT2_ENC_MD_PARSED_0x0305 0b100 +#define FVAULT2_ENC_MD_PARSED_NONE 0b000 +#define FVAULT2_ENC_MD_PARSED_ALL 0b111 + +/* sizes of decoded PassphraseWrappedKEKStruct and KEKWrappedVolumeKeyStruct */ +#define FVAULT2_PWK_SIZE 284 +#define FVAULT2_KWVK_SIZE 256 + +/* size of an AES-128 key */ +#define FVAULT2_AES_KEY_SIZE 16 + +/* size of the volume key and the encrypted metadata decryption key */ +#define FVAULT2_XTS_KEY_SIZE (FVAULT2_AES_KEY_SIZE * 2) + +/* size of an XTS tweak value */ +#define FVAULT2_XTS_TWEAK_SIZE 16 + +/* size of a binary representation of a UUID */ +#define FVAULT2_UUID_BIN_SIZE 16 + +struct crc32_checksum { + uint32_t value; + uint32_t seed; +} __attribute__((packed)); + +struct volume_header { + struct crc32_checksum checksum; + uint16_t version; + uint16_t block_type; + uint8_t unknown1[52]; + uint64_t ph_vol_size; + uint8_t unknown2[16]; + uint16_t magic; + uint32_t checksum_algo; + uint8_t unknown3[2]; + uint32_t block_size; + uint32_t metadata_size; + uint64_t disklbl_blkoff; + uint64_t other_md_blkoffs[3]; + uint8_t unknown4[32]; + uint32_t key_data_size; + uint32_t cipher; + uint8_t key_data[FVAULT2_AES_KEY_SIZE]; + uint8_t unknown5[112]; + uint8_t ph_vol_uuid[FVAULT2_UUID_BIN_SIZE]; + uint8_t unknown6[192]; +} __attribute__((packed)); + +struct volume_groups_descriptor { + uint8_t unknown1[8]; + uint64_t enc_md_blocks_n; + uint8_t unknown2[16]; + uint64_t enc_md_blkoff; +} __attribute__((packed)); + +struct metadata_block_header { + struct crc32_checksum checksum; + uint16_t version; + uint16_t block_type; + uint8_t unknown1[20]; + uint64_t block_num; + uint8_t unknown2[8]; + uint32_t block_size; + uint8_t unknown3[12]; +} __attribute__((packed)); + +struct metadata_block_0x0011 { + struct metadata_block_header header; + uint32_t md_size; + uint8_t unknown1[4]; + struct crc32_checksum checksum; + uint8_t unknown2[140]; + uint32_t vol_gr_des_off; +} __attribute__((packed)); + +struct metadata_block_0x0019 { + struct metadata_block_header header; + uint8_t unknown1[40]; + uint32_t xml_comp_size; + uint32_t xml_uncomp_size; + uint32_t xml_off; + uint32_t xml_size; +} __attribute__((packed)); + +struct metadata_block_0x001a { + struct metadata_block_header header; + uint8_t unknown1[64]; + uint32_t xml_off; + uint32_t xml_size; +} __attribute__((packed)); + +struct metadata_block_0x0305 { + struct metadata_block_header header; + uint32_t entries_n; + uint8_t unknown1[36]; + uint32_t log_vol_blkoff; +} __attribute__((packed)); + +struct passphrase_wrapped_kek { + uint32_t pbkdf2_salt_type; + uint32_t pbkdf2_salt_size; + uint8_t pbkdf2_salt[FVAULT2_PBKDF2_SALT_SIZE]; + uint32_t wrapped_kek_type; + uint32_t wrapped_kek_size; + uint8_t wrapped_kek[FVAULT2_WRAPPED_KEY_SIZE]; + uint8_t unknown1[112]; + uint32_t pbkdf2_iters; +} __attribute__((packed)); + +struct kek_wrapped_volume_key { + uint32_t wrapped_vk_type; + uint32_t wrapped_vk_size; + uint8_t wrapped_vk[FVAULT2_WRAPPED_KEY_SIZE]; +} __attribute__((packed)); + +/** + * Test whether all bytes of a chunk of memory are equal to a constant value. + * @param[in] value the value all bytes should be equal to + * @param[in] data the tested chunk of memory + * @param[in] data_size byte-size of the chunk of memory + */ +static bool _filled_with( + uint8_t value, + const void *data, + size_t data_size) +{ + const uint8_t *data_bytes = data; + size_t i; + + for (i = 0; i < data_size; i++) + if (data_bytes[i] != value) + return false; + + return true; +} + +/** + * Assert the validity of the CRC checksum of a chunk of memory. + * @param[in] data a chunk of memory starting with a crc32_checksum struct + * @param[in] data_size the size of the chunk of memory in bytes + */ +static int _check_crc( + const void *data, + size_t data_size) +{ + const size_t crc_size = sizeof(struct crc32_checksum); + uint32_t seed; + uint32_t value; + + assert(data_size >= crc_size); + + value = le32_to_cpu(((const struct crc32_checksum *)data)->value); + seed = le32_to_cpu(((const struct crc32_checksum *)data)->seed); + if (seed != 0xffffffff) + return -EINVAL; + + if (crypt_crc32c(seed, (const uint8_t *)data + crc_size, + data_size - crc_size) != value) + return -EINVAL; + + return 0; +} + +/** + * Unwrap an AES-wrapped key. + * @param[in] kek the KEK with which the key has been wrapped + * @param[in] kek_size the size of the KEK in bytes + * @param[in] key_wrapped the wrapped key + * @param[in] key_wrapped_size the size of the wrapped key in bytes + * @param[out] key_buf key an output buffer for the unwrapped key + * @param[in] key_buf_size the size of the output buffer in bytes + */ +static int _unwrap_key( + const void *kek, + size_t kek_size, + const void *key_wrapped, + size_t key_wrapped_size, + void *key_buf, + size_t key_buf_size) +{ + /* Algorithm and notation taken from NIST Special Publication 800-38F: + https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf + + This implementation supports only 128-bit KEKs and wrapped keys. */ + + int r = 0; + struct crypt_cipher *cipher = NULL; + void *cipher_in = NULL; + void *cipher_out = NULL; + uint64_t a; + uint64_t r2; + uint64_t r3; + uint64_t t; + uint64_t r2_prev; + + assert(kek_size == 16 && key_wrapped_size == 24 && key_buf_size == 16); + + r = crypt_cipher_init(&cipher, "aes", "ecb", kek, kek_size); + if (r < 0) + goto out; + + cipher_in = malloc(16); + if (cipher_in == NULL) { + r = -ENOMEM; + goto out; + } + + cipher_out = malloc(16); + if (cipher_out == NULL) { + r = -ENOMEM; + goto out; + } + + /* CHAPTER 6.1, ALGORITHM 2: W^-1(C) */ + + /* initialize variables */ + a = ((const uint64_t *)key_wrapped)[0]; /* A = C_1 (see step 1c) */ + r2 = ((const uint64_t *)key_wrapped)[1]; /* R_1 = C_2 (see step 1d) */ + r3 = ((const uint64_t *)key_wrapped)[2]; /* R_2 = C_3 (see step 1d) */ + + /* calculate intermediate values for each t = s, ..., 1 (see step 2), + where s = 6 * (n - 1) (see step 1a) */ + for (t = 6 * (3 - 1); t > 0; t--) { + /* store current R2 for later assignment (see step 2c) */ + r2_prev = r2; + + /* prepare input for CIPH^{-1}_K (see steps 2a, 2b) */ + ((uint64_t *)cipher_in)[0] = a ^ cpu_to_be64(t); + ((uint64_t *)cipher_in)[1] = r3; + + /* A||R2 = CIPH^{-1}_K(...) (see steps 2a, 2b) */ + r = crypt_cipher_decrypt(cipher, cipher_in, cipher_out, 16, NULL, 0); + if (r < 0) + goto out; + a = ((uint64_t *)cipher_out)[0]; + r2 = ((uint64_t *)cipher_out)[1]; + + /* assign previous R2 (see step 2c) */ + r3 = r2_prev; + } + + /* note that A||R_1||R_2 holds the result S (see step 3) */ + + /* CHAPTER 6.2, ALGORITHM 4: KW-AD(C) */ + + /* check whether MSB_{64}(S) (= A) matches ICV1 (see step 3) */ + if (a != 0xA6A6A6A6A6A6A6A6) { + r = -EPERM; + goto out; + } + + /* return LSB_{128}(S) (= R_1||R_2) (see step 4) */ + ((uint64_t *)key_buf)[0] = r2; + ((uint64_t *)key_buf)[1] = r3; +out: + free(cipher_in); + free(cipher_out); + if (cipher != NULL) + crypt_cipher_destroy(cipher); + return r; +} + +/** + * Search XML plist data for a property and return its value. + * @param[in] xml a 0-terminated string containing the XML plist data + * @param[in] prop_key a 0-terminated string with the seeked property's key + * @param[in] prop_type a 0-terminated string with the seeked property's type + * @param[out] value a 0-terminated string with the found property's value + */ +static int _search_xml( + const char *xml, + const char *prop_key, + const char *prop_type, + char **value) +{ + int r = 0; + char *pattern = NULL; + bool regex_ready = false; + regex_t regex; + regmatch_t match[2]; + const char *value_start; + size_t value_len; + + if (asprintf(&pattern, "%s<%s[^>]*>([^<]+)", + prop_key, prop_type, prop_type) < 0) { + r = -ENOMEM; + goto out; + } + + if (regcomp(®ex, pattern, REG_EXTENDED) != 0) { + r = -EINVAL; + goto out; + } + + regex_ready = true; + + if (regexec(®ex, xml, 2, match, 0) != 0) { + r = -EINVAL; + goto out; + } + + value_start = xml + match[1].rm_so; + value_len = match[1].rm_eo - match[1].rm_so; + + *value = calloc(value_len + 1, 1); + if (*value == NULL) { + r = -ENOMEM; + goto out; + } + + memcpy(*value, value_start, value_len); +out: + free(pattern); + if (regex_ready) + regfree(®ex); + return r; +} + +/** + * Extract relevant info from a metadata block of type 0x0019. + * @param[in] md_block the pre-read and decrypted metadata block + * @param[out] pbkdf2_iters number of PBKDF2 iterations + * @param[out] pbkdf2_salt PBKDF2 salt (intermt. key derivation from passphrase) + * @param[out] wrapped_kek KEK AES-wrapped with passphrase-derived key + * @param[out] wrapped_vk volume key AES-wrapped with KEK + */ +static int _parse_metadata_block_0x0019( + const struct metadata_block_0x0019 *md_block, + uint32_t *pbkdf2_iters, + uint8_t *pbkdf2_salt, + uint8_t *wrapped_kek, + uint8_t *wrapped_vk) +{ + int r = 0; + char *xml = NULL; + char *pwk_base64 = NULL; + char *kwvk_base64 = NULL; + struct passphrase_wrapped_kek *pwk = NULL; + struct kek_wrapped_volume_key *kwvk = NULL; + size_t decoded_size; + uint32_t xml_off = le32_to_cpu(md_block->xml_off); + uint32_t xml_size = le32_to_cpu(md_block->xml_size); + + if (xml_off + xml_size > FVAULT2_MD_BLOCK_SIZE) + return -EINVAL; + + xml = strndup((const char *)md_block + xml_off, xml_size); + if (xml == NULL) + return -ENOMEM; + + r = _search_xml(xml, "PassphraseWrappedKEKStruct", "data", &pwk_base64); + if (r < 0) + goto out; + r = crypt_base64_decode((char **)&pwk, &decoded_size, pwk_base64, strlen(pwk_base64)); + if (r < 0) + goto out; + if (decoded_size != FVAULT2_PWK_SIZE) { + r = -EINVAL; + goto out; + } + + r = _search_xml(xml, "KEKWrappedVolumeKeyStruct", "data", &kwvk_base64); + if (r < 0) + goto out; + r = crypt_base64_decode((char **)&kwvk, &decoded_size, kwvk_base64, strlen(kwvk_base64)); + if (r < 0) + goto out; + if (decoded_size != FVAULT2_KWVK_SIZE) { + r = -EINVAL; + goto out; + } + + *pbkdf2_iters = le32_to_cpu(pwk->pbkdf2_iters); + memcpy(pbkdf2_salt, pwk->pbkdf2_salt, FVAULT2_PBKDF2_SALT_SIZE); + memcpy(wrapped_kek, pwk->wrapped_kek, FVAULT2_WRAPPED_KEY_SIZE); + memcpy(wrapped_vk, kwvk->wrapped_vk, FVAULT2_WRAPPED_KEY_SIZE); +out: + free(xml); + free(pwk_base64); + free(kwvk_base64); + free(pwk); + free(kwvk); + return r; +} + +/** + * Validate a UUID string and reformat it to match system defaults. + * @param[in] uuid_in the original UUID string + * @param[out] uuid_out the reformatted UUID string + */ +static int _reformat_uuid( + const char *uuid_in, + char *uuid_out) +{ + uint8_t uuid_bin[FVAULT2_UUID_LEN]; + int r; + + r = uuid_parse(uuid_in, uuid_bin); + if (r < 0) + return -EINVAL; + + uuid_unparse(uuid_bin, uuid_out); + return 0; +} + +/** + * Extract relevant info from a metadata block of type 0x001A. + * @param[in] md_block the pre-read and decrypted metadata block + * @param[out] log_vol_size encrypted logical volume size in bytes + * @param[out] family_uuid logical volume family UUID + */ +static int _parse_metadata_block_0x001a( + const struct metadata_block_0x001a *md_block, + uint64_t *log_vol_size, + char *family_uuid) +{ + int r = 0; + char *xml = NULL; + char *log_vol_size_str = NULL; + char *family_uuid_str = NULL; + uint32_t xml_off = le32_to_cpu(md_block->xml_off); + uint32_t xml_size = le32_to_cpu(md_block->xml_size); + + if (xml_off + xml_size > FVAULT2_MD_BLOCK_SIZE) + return -EINVAL; + + xml = strndup((const char *)md_block + xml_off, xml_size); + if (xml == NULL) + return -ENOMEM; + + r = _search_xml(xml, "com.apple.corestorage.lv.size", "integer", &log_vol_size_str); + if (r < 0) + goto out; + *log_vol_size = strtoull(log_vol_size_str, NULL, 16); + if (*log_vol_size == 0 || *log_vol_size == ULLONG_MAX) { + r = -EINVAL; + goto out; + } + + r = _search_xml(xml, "com.apple.corestorage.lv.familyUUID", "string", &family_uuid_str); + if (r < 0) + goto out; + r = _reformat_uuid(family_uuid_str, family_uuid); + if (r < 0) + goto out; +out: + free(xml); + free(log_vol_size_str); + free(family_uuid_str); + return r; +} + +/** + * Extract relevant info from a metadata block of type 0x0305. + * @param[in] md_block the pre-read and decrypted metadata block + * @param[out] log_vol_blkoff block-offset of the encrypted logical volume + */ +static int _parse_metadata_block_0x0305( + const struct metadata_block_0x0305 *md_block, + uint32_t *log_vol_blkoff) +{ + *log_vol_blkoff = le32_to_cpu(md_block->log_vol_blkoff); + return 0; +} + +/** + * Extract relevant info from the physical volume header. + * @param[in] devfd opened device file descriptor + * @param[in] cd crypt_device passed into FVAULT2_read_metadata + * @param[out] block_size used to compute byte-offsets from block-offsets + * @param[out] disklbl_blkoff block-offset of the disk label block + * @param[out] ph_vol_uuid physical volume UUID + * @param[out] enc_md_key AES-XTS key used to decrypt the encrypted metadata + */ +static int _read_volume_header( + int devfd, + struct crypt_device *cd, + uint64_t *block_size, + uint64_t *disklbl_blkoff, + char *ph_vol_uuid, + struct volume_key **enc_md_key) +{ + int r = 0; + struct device *dev = crypt_metadata_device(cd); + struct volume_header *vol_header = NULL; + + assert(sizeof(*vol_header) == FVAULT2_VOL_HEADER_SIZE); + + vol_header = malloc(FVAULT2_VOL_HEADER_SIZE); + if (vol_header == NULL) { + r = -ENOMEM; + goto out; + } + + log_dbg(cd, "Reading FVAULT2 volume header of size %u bytes.", FVAULT2_VOL_HEADER_SIZE); + if (read_blockwise(devfd, device_block_size(cd, dev), + device_alignment(dev), vol_header, + FVAULT2_VOL_HEADER_SIZE) != FVAULT2_VOL_HEADER_SIZE) { + log_err(cd, _("Could not read %u bytes of volume header."), FVAULT2_VOL_HEADER_SIZE); + r = -EIO; + goto out; + } + + r = _check_crc(vol_header, FVAULT2_VOL_HEADER_SIZE); + if (r < 0) { + log_dbg(cd, "CRC mismatch."); + goto out; + } + + if (le16_to_cpu(vol_header->version) != 1) { + log_err(cd, _("Unsupported FVAULT2 version %" PRIu16 "."), + le16_to_cpu(vol_header->version)); + r = -EINVAL; + goto out; + } + + if (be16_to_cpu(vol_header->magic) != FVAULT2_CORE_STORAGE_MAGIC) { + log_dbg(cd, "Invalid Core Storage magic bytes."); + r = -EINVAL; + goto out; + } + + if (le32_to_cpu(vol_header->key_data_size) != FVAULT2_AES_KEY_SIZE) { + log_dbg(cd, "Unsupported AES key size: %" PRIu32 " bytes.", + le32_to_cpu(vol_header->key_data_size)); + r = -EINVAL; + goto out; + } + + *enc_md_key = crypt_alloc_volume_key(FVAULT2_XTS_KEY_SIZE, NULL); + if (*enc_md_key == NULL) { + r = -ENOMEM; + goto out; + } + + *block_size = le32_to_cpu(vol_header->block_size); + *disklbl_blkoff = le64_to_cpu(vol_header->disklbl_blkoff); + uuid_unparse(vol_header->ph_vol_uuid, ph_vol_uuid); + memcpy((*enc_md_key)->key, vol_header->key_data, FVAULT2_AES_KEY_SIZE); + memcpy((*enc_md_key)->key + FVAULT2_AES_KEY_SIZE, + vol_header->ph_vol_uuid, FVAULT2_AES_KEY_SIZE); +out: + free(vol_header); + return r; +} + +/** + * Extract info from the disk label block and the volume groups descriptor. + * @param[in] devfd opened device file descriptor + * @param[in] cd crypt_device passed into FVAULT2_read_metadata + * @param[in] block_size used to compute byte-offsets from block-offsets + * @param[in] disklbl_blkoff block-offset of the disk label block + * @param[out] enc_md_blkoff block-offset of the encrypted metadata + * @param[out] enc_md_blocks_n total count of encrypted metadata blocks + */ +static int _read_disklabel( + int devfd, + struct crypt_device *cd, + uint64_t block_size, + uint64_t disklbl_blkoff, + uint64_t *enc_md_blkoff, + uint64_t *enc_md_blocks_n) +{ + int r = 0; + uint64_t off; + ssize_t size; + void *md_block = NULL; + struct metadata_block_0x0011 *md_block_11; + struct volume_groups_descriptor *vol_gr_des = NULL; + struct device *dev = crypt_metadata_device(cd); + + md_block = malloc(FVAULT2_MD_BLOCK_SIZE); + if (md_block == NULL) { + r = -ENOMEM; + goto out; + } + + if (uint64_mult_overflow(&off, disklbl_blkoff, block_size) || + off > FVAULT2_MAX_OFF) { + log_dbg(cd, "Device offset overflow."); + r = -EINVAL; + goto out; + } + size = FVAULT2_MD_BLOCK_SIZE; + log_dbg(cd, "Reading FVAULT2 disk label header of size %zu bytes.", size); + if (read_lseek_blockwise(devfd, device_block_size(cd, dev), + device_alignment(dev), md_block, size, off) != size) { + r = -EIO; + goto out; + } + + r = _check_crc(md_block, FVAULT2_MD_BLOCK_SIZE); + if (r < 0) { + log_dbg(cd, "CRC mismatch."); + goto out; + } + + vol_gr_des = malloc(sizeof(*vol_gr_des)); + if (vol_gr_des == NULL) { + r = -ENOMEM; + goto out; + } + + md_block_11 = md_block; + off += le32_to_cpu(md_block_11->vol_gr_des_off); + if (off > FVAULT2_MAX_OFF) { + log_dbg(cd, "Device offset overflow."); + r = -EINVAL; + goto out; + } + size = sizeof(struct volume_groups_descriptor); + log_dbg(cd, "Reading FVAULT2 volume groups descriptor of size %zu bytes.", size); + if (read_lseek_blockwise(devfd, device_block_size(cd, dev), + device_alignment(dev), vol_gr_des, size, off) != size) { + r = -EIO; + goto out; + } + + *enc_md_blkoff = le64_to_cpu(vol_gr_des->enc_md_blkoff); + *enc_md_blocks_n = le64_to_cpu(vol_gr_des->enc_md_blocks_n); +out: + free(md_block); + free(vol_gr_des); + return r; +} + +/** + * Extract info from relevant encrypted metadata blocks. + * @param[in] devfd opened device file descriptor + * @param[in] cd crypt_device passed into FVAULT2_read_metadata + * @param[in] block_size used to compute byte-offsets from block-offsets + * @param[in] start_blkoff block-offset of the start of the encrypted metadata + * @param[in] blocks_n total count of encrypted metadata blocks + * @param[in] key AES-XTS key for decryption + * @param[out] params decryption parameters struct to fill + */ +static int _read_encrypted_metadata( + int devfd, + struct crypt_device *cd, + uint64_t block_size, + uint64_t start_blkoff, + uint64_t blocks_n, + const struct volume_key *key, + struct fvault2_params *params) +{ + int r = 0; + int status = FVAULT2_ENC_MD_PARSED_NONE; + struct device *dev = crypt_metadata_device(cd); + struct crypt_cipher *cipher = NULL; + void *tweak; + void *md_block_enc = NULL; + void *md_block = NULL; + struct metadata_block_header *md_block_header; + uint32_t log_vol_blkoff; + uint64_t i, start_off; + off_t off; + unsigned int block_type; + + tweak = calloc(FVAULT2_XTS_TWEAK_SIZE, 1); + if (tweak == NULL) { + r = -ENOMEM; + goto out; + } + + md_block_enc = malloc(FVAULT2_MD_BLOCK_SIZE); + if (md_block_enc == NULL) { + r = -ENOMEM; + goto out; + } + + md_block = malloc(FVAULT2_MD_BLOCK_SIZE); + if (md_block == NULL) { + r = -ENOMEM; + goto out; + } + + r = crypt_cipher_init(&cipher, "aes", "xts", key->key, FVAULT2_XTS_KEY_SIZE); + if (r < 0) + goto out; + + if (uint64_mult_overflow(&start_off, start_blkoff, block_size) || + start_off > FVAULT2_MAX_OFF) { + log_dbg(cd, "Device offset overflow."); + r = -EINVAL; + goto out; + } + + log_dbg(cd, "Reading FVAULT2 encrypted metadata blocks."); + for (i = 0; i < blocks_n; i++) { + off = start_off + i * FVAULT2_MD_BLOCK_SIZE; + if (off > FVAULT2_MAX_OFF) { + log_dbg(cd, "Device offset overflow."); + r = -EINVAL; + goto out; + } + if (read_lseek_blockwise(devfd, device_block_size(cd, dev), + device_alignment(dev), md_block_enc, + FVAULT2_MD_BLOCK_SIZE, off) + != FVAULT2_MD_BLOCK_SIZE) { + r = -EIO; + goto out; + } + + if (_filled_with(0, md_block_enc, FVAULT2_MD_BLOCK_SIZE)) + break; + + *(uint64_t *)tweak = cpu_to_le64(i); + r = crypt_cipher_decrypt(cipher, md_block_enc, md_block, + FVAULT2_MD_BLOCK_SIZE, tweak, FVAULT2_XTS_TWEAK_SIZE); + if (r < 0) + goto out; + + r = _check_crc(md_block, FVAULT2_MD_BLOCK_SIZE); + if (r < 0) { + log_dbg(cd, "CRC mismatch."); + goto out; + } + + md_block_header = md_block; + block_type = le16_to_cpu(md_block_header->block_type); + switch (block_type) { + case 0x0019: + log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x0019.", i); + r = _parse_metadata_block_0x0019(md_block, + ¶ms->pbkdf2_iters, + (uint8_t *)params->pbkdf2_salt, + (uint8_t *)params->wrapped_kek, + (uint8_t *)params->wrapped_vk); + if (r < 0) + goto out; + status |= FVAULT2_ENC_MD_PARSED_0x0019; + break; + + case 0x001A: + log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x001A.", i); + r = _parse_metadata_block_0x001a(md_block, + ¶ms->log_vol_size, + params->family_uuid); + if (r < 0) + goto out; + status |= FVAULT2_ENC_MD_PARSED_0x001A; + break; + + case 0x0305: + log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x0305.", i); + r = _parse_metadata_block_0x0305(md_block, + &log_vol_blkoff); + if (r < 0) + goto out; + if (uint64_mult_overflow(¶ms->log_vol_off, + log_vol_blkoff, block_size)) { + log_dbg(cd, "Device offset overflow."); + r = -EINVAL; + goto out; + } + status |= FVAULT2_ENC_MD_PARSED_0x0305; + break; + } + } + + if (status != FVAULT2_ENC_MD_PARSED_ALL) { + log_dbg(cd, "Necessary FVAULT2 metadata blocks not found."); + r = -EINVAL; + goto out; + } +out: + free(tweak); + free(md_block_enc); + free(md_block); + if (cipher != NULL) + crypt_cipher_destroy(cipher); + return r; +} + +/** + * Activate device. + * @param[in] cd crypt_device struct passed into FVAULT2_activate_by_* + * @param[in] name name of the mapped device + * @param[in] vol_key the pre-derived AES-XTS volume key + * @param[in] params logical volume decryption parameters + * @param[in] flags flags assigned to the crypt_dm_active_device struct + */ +static int _activate( + struct crypt_device *cd, + const char *name, + struct volume_key *vol_key, + const struct fvault2_params *params, + uint32_t flags) +{ + int r = 0; + char *cipher = NULL; + struct crypt_dm_active_device dm_dev = { + .flags = flags, + .size = params->log_vol_size / SECTOR_SIZE + }; + + r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, + crypt_get_data_offset(cd), &dm_dev.size, &dm_dev.flags); + if (r) + return r; + + if (asprintf(&cipher, "%s-%s", params->cipher, params->cipher_mode) < 0) + return -ENOMEM; + + r = dm_crypt_target_set(&dm_dev.segment, 0, dm_dev.size, + crypt_data_device(cd), vol_key, cipher, + crypt_get_iv_offset(cd), crypt_get_data_offset(cd), + crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd), + crypt_get_sector_size(cd)); + + if (!r) + r = dm_create_device(cd, name, CRYPT_FVAULT2, &dm_dev); + + dm_targets_free(cd, &dm_dev); + free(cipher); + return r; +} + +int FVAULT2_read_metadata( + struct crypt_device *cd, + struct fvault2_params *params) +{ + int r = 0; + int devfd; + uint64_t block_size; + uint64_t disklbl_blkoff; + uint64_t enc_md_blkoff; + uint64_t enc_md_blocks_n; + struct volume_key *enc_md_key = NULL; + struct device *device = crypt_metadata_device(cd); + + devfd = device_open(cd, device, O_RDONLY); + if (devfd < 0) { + log_err(cd, _("Cannot open device %s."), device_path(device)); + return -EIO; + } + + r = _read_volume_header(devfd, cd, &block_size, &disklbl_blkoff, + params->ph_vol_uuid, &enc_md_key); + if (r < 0) + goto out; + + r = _read_disklabel(devfd, cd, block_size, disklbl_blkoff, + &enc_md_blkoff, &enc_md_blocks_n); + if (r < 0) + goto out; + + r = _read_encrypted_metadata(devfd, cd, block_size, enc_md_blkoff, + enc_md_blocks_n, enc_md_key, params); + if (r < 0) + goto out; + + params->cipher = "aes"; + params->cipher_mode = "xts-plain64"; + params->key_size = FVAULT2_XTS_KEY_SIZE; +out: + crypt_free_volume_key(enc_md_key); + return r; +} + +int FVAULT2_get_volume_key( + struct crypt_device *cd, + const char *passphrase, + size_t passphrase_len, + const struct fvault2_params *params, + struct volume_key **vol_key) +{ + int r = 0; + uint8_t family_uuid_bin[FVAULT2_UUID_BIN_SIZE]; + struct volume_key *passphrase_key = NULL; + struct volume_key *kek = NULL; + struct crypt_hash *hash = NULL; + + *vol_key = NULL; + + if (uuid_parse(params->family_uuid, family_uuid_bin) < 0) { + log_dbg(cd, "Could not parse logical volume family UUID: %s.", + params->family_uuid); + r = -EINVAL; + goto out; + } + + passphrase_key = crypt_alloc_volume_key(FVAULT2_AES_KEY_SIZE, NULL); + if (passphrase_key == NULL) { + r = -ENOMEM; + goto out; + } + + r = crypt_pbkdf("pbkdf2", "sha256", passphrase, passphrase_len, + params->pbkdf2_salt, FVAULT2_PBKDF2_SALT_SIZE, passphrase_key->key, + FVAULT2_AES_KEY_SIZE, params->pbkdf2_iters, 0, 0); + if (r < 0) + goto out; + + kek = crypt_alloc_volume_key(FVAULT2_AES_KEY_SIZE, NULL); + if (kek == NULL) { + r = -ENOMEM; + goto out; + } + + r = _unwrap_key(passphrase_key->key, FVAULT2_AES_KEY_SIZE, params->wrapped_kek, + FVAULT2_WRAPPED_KEY_SIZE, kek->key, FVAULT2_AES_KEY_SIZE); + if (r < 0) + goto out; + + *vol_key = crypt_alloc_volume_key(FVAULT2_XTS_KEY_SIZE, NULL); + if (*vol_key == NULL) { + r = -ENOMEM; + goto out; + } + + r = _unwrap_key(kek->key, FVAULT2_AES_KEY_SIZE, params->wrapped_vk, + FVAULT2_WRAPPED_KEY_SIZE, (*vol_key)->key, FVAULT2_AES_KEY_SIZE); + if (r < 0) + goto out; + + r = crypt_hash_init(&hash, "sha256"); + if (r < 0) + goto out; + r = crypt_hash_write(hash, (*vol_key)->key, FVAULT2_AES_KEY_SIZE); + if (r < 0) + goto out; + r = crypt_hash_write(hash, (char *)family_uuid_bin, + FVAULT2_UUID_BIN_SIZE); + if (r < 0) + goto out; + r = crypt_hash_final(hash, (*vol_key)->key + FVAULT2_AES_KEY_SIZE, + FVAULT2_AES_KEY_SIZE); + if (r < 0) + goto out; +out: + crypt_free_volume_key(passphrase_key); + crypt_free_volume_key(kek); + if (r < 0) { + crypt_free_volume_key(*vol_key); + *vol_key = NULL; + } + if (hash != NULL) + crypt_hash_destroy(hash); + return r; +} + +int FVAULT2_dump( + struct crypt_device *cd, + struct device *device, + const struct fvault2_params *params) +{ + log_std(cd, "Header information for FVAULT2 device %s.\n", device_path(device)); + + log_std(cd, "Physical volume UUID: \t%s\n", params->ph_vol_uuid); + log_std(cd, "Family UUID: \t%s\n", params->family_uuid); + + log_std(cd, "Logical volume offset:\t%" PRIu64 " [bytes]\n", params->log_vol_off); + + log_std(cd, "Logical volume size: \t%" PRIu64 " [bytes]\n", + params->log_vol_size); + + log_std(cd, "Cipher: \t%s\n", params->cipher); + log_std(cd, "Cipher mode: \t%s\n", params->cipher_mode); + + log_std(cd, "PBKDF2 iterations: \t%" PRIu32 "\n", params->pbkdf2_iters); + + log_std(cd, "PBKDF2 salt: \t"); + crypt_log_hex(cd, params->pbkdf2_salt, FVAULT2_PBKDF2_SALT_SIZE, " ", 0, NULL); + log_std(cd, "\n"); + + return 0; +} + +int FVAULT2_activate_by_passphrase( + struct crypt_device *cd, + const char *name, + const char *passphrase, + size_t passphrase_len, + const struct fvault2_params *params, + uint32_t flags) +{ + int r; + struct volume_key *vol_key = NULL; + + r = FVAULT2_get_volume_key(cd, passphrase, passphrase_len, params, &vol_key); + if (r < 0) + return r; + + if (name) + r = _activate(cd, name, vol_key, params, flags); + + crypt_free_volume_key(vol_key); + return r; +} + +int FVAULT2_activate_by_volume_key( + struct crypt_device *cd, + const char *name, + const char *key, + size_t key_size, + const struct fvault2_params *params, + uint32_t flags) +{ + int r = 0; + struct volume_key *vol_key = NULL; + + if (key_size != FVAULT2_XTS_KEY_SIZE) + return -EINVAL; + + vol_key = crypt_alloc_volume_key(FVAULT2_XTS_KEY_SIZE, key); + if (vol_key == NULL) + return -ENOMEM; + + r = _activate(cd, name, vol_key, params, flags); + + crypt_free_volume_key(vol_key); + return r; +} diff -Nru cryptsetup-2.5.0/lib/fvault2/fvault2.h cryptsetup-2.6.1/lib/fvault2/fvault2.h --- cryptsetup-2.5.0/lib/fvault2/fvault2.h 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/lib/fvault2/fvault2.h 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,80 @@ +/* + * FVAULT2 (FileVault2-compatible) volume handling + * + * Copyright (C) 2021-2022 Pavel Tobias + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRYPTSETUP_FVAULT2_H +#define _CRYPTSETUP_FVAULT2_H + +#include +#include + +#define FVAULT2_WRAPPED_KEY_SIZE 24 +#define FVAULT2_PBKDF2_SALT_SIZE 16 +#define FVAULT2_UUID_LEN 37 + +struct crypt_device; +struct volume_key; + +struct fvault2_params { + const char *cipher; + const char *cipher_mode; + uint16_t key_size; + uint32_t pbkdf2_iters; + char pbkdf2_salt[FVAULT2_PBKDF2_SALT_SIZE]; + char wrapped_kek[FVAULT2_WRAPPED_KEY_SIZE]; + char wrapped_vk[FVAULT2_WRAPPED_KEY_SIZE]; + char family_uuid[FVAULT2_UUID_LEN]; + char ph_vol_uuid[FVAULT2_UUID_LEN]; + uint64_t log_vol_off; + uint64_t log_vol_size; +}; + +int FVAULT2_read_metadata( + struct crypt_device *cd, + struct fvault2_params *params); + +int FVAULT2_get_volume_key( + struct crypt_device *cd, + const char *passphrase, + size_t passphrase_len, + const struct fvault2_params *params, + struct volume_key **vol_key); + +int FVAULT2_dump( + struct crypt_device *cd, + struct device *device, + const struct fvault2_params *params); + +int FVAULT2_activate_by_passphrase( + struct crypt_device *cd, + const char *name, + const char *passphrase, + size_t passphrase_len, + const struct fvault2_params *params, + uint32_t flags); + +int FVAULT2_activate_by_volume_key( + struct crypt_device *cd, + const char *name, + const char *key, + size_t key_size, + const struct fvault2_params *params, + uint32_t flags); + +#endif diff -Nru cryptsetup-2.5.0/lib/integrity/integrity.c cryptsetup-2.6.1/lib/integrity/integrity.c --- cryptsetup-2.5.0/lib/integrity/integrity.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/integrity/integrity.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * Integrity volume handling * - * Copyright (C) 2016-2022 Milan Broz + * Copyright (C) 2016-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/integrity/integrity.h cryptsetup-2.6.1/lib/integrity/integrity.h --- cryptsetup-2.5.0/lib/integrity/integrity.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/integrity/integrity.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * Integrity header definition * - * Copyright (C) 2016-2022 Milan Broz + * Copyright (C) 2016-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/internal.h cryptsetup-2.6.1/lib/internal.h --- cryptsetup-2.5.0/lib/internal.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/internal.h 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,6 +31,7 @@ #include #include #include +#include #include "nls.h" #include "bitops.h" @@ -38,7 +39,6 @@ #include "utils_crypt.h" #include "utils_loop.h" #include "utils_dm.h" -#include "utils_fips.h" #include "utils_keyring.h" #include "utils_io.h" #include "crypto_backend/crypto_backend.h" @@ -178,8 +178,7 @@ int crypt_get_debug_level(void); -int crypt_memlock_inc(struct crypt_device *ctx); -int crypt_memlock_dec(struct crypt_device *ctx); +void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise); int crypt_metadata_locking_enabled(void); diff -Nru cryptsetup-2.5.0/lib/keyslot_context.c cryptsetup-2.6.1/lib/keyslot_context.c --- cryptsetup-2.5.0/lib/keyslot_context.c 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/lib/keyslot_context.c 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,488 @@ +/* + * LUKS - Linux Unified Key Setup, keyslot unlock helpers + * + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2023 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include + +#include "luks1/luks.h" +#include "luks2/luks2.h" +#include "keyslot_context.h" + +static int get_luks2_key_by_passphrase(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + int segment, + struct volume_key **r_vk) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_PASSPHRASE); + assert(r_vk); + + r = LUKS2_keyslot_open(cd, keyslot, segment, kc->u.p.passphrase, kc->u.p.passphrase_size, r_vk); + if (r < 0) + kc->error = r; + + return r; +} + +static int get_luks1_volume_key_by_passphrase(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + struct volume_key **r_vk) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_PASSPHRASE); + assert(r_vk); + + r = LUKS_open_key_with_hdr(keyslot, kc->u.p.passphrase, kc->u.p.passphrase_size, + crypt_get_hdr(cd, CRYPT_LUKS1), r_vk, cd); + if (r < 0) + kc->error = r; + + return r; +} + +static int get_luks2_volume_key_by_passphrase(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + struct volume_key **r_vk) +{ + return get_luks2_key_by_passphrase(cd, kc, keyslot, CRYPT_DEFAULT_SEGMENT, r_vk); +} + +static int get_passphrase_by_passphrase(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + const char **r_passphrase, + size_t *r_passphrase_size) +{ + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_PASSPHRASE); + assert(r_passphrase); + assert(r_passphrase_size); + + *r_passphrase = kc->u.p.passphrase; + *r_passphrase_size = kc->u.p.passphrase_size; + + return 0; +} + +static int get_passphrase_by_keyfile(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + const char **r_passphrase, + size_t *r_passphrase_size) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_KEYFILE); + assert(r_passphrase); + assert(r_passphrase_size); + + if (!kc->i_passphrase) { + r = crypt_keyfile_device_read(cd, kc->u.kf.keyfile, + &kc->i_passphrase, &kc->i_passphrase_size, + kc->u.kf.keyfile_offset, kc->u.kf.keyfile_size, 0); + if (r < 0) { + kc->error = r; + return r; + } + } + + *r_passphrase = kc->i_passphrase; + *r_passphrase_size = kc->i_passphrase_size; + + return 0; +} + +static int get_luks2_key_by_keyfile(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + int segment, + struct volume_key **r_vk) +{ + int r; + const char *passphrase; + size_t passphrase_size; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_KEYFILE); + assert(r_vk); + + r = get_passphrase_by_keyfile(cd, kc, &passphrase, &passphrase_size); + if (r) + return r; + + r = LUKS2_keyslot_open(cd, keyslot, segment, passphrase, passphrase_size, r_vk); + if (r < 0) + kc->error = r; + + return r; +} + +static int get_luks2_volume_key_by_keyfile(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + struct volume_key **r_vk) +{ + return get_luks2_key_by_keyfile(cd, kc, keyslot, CRYPT_DEFAULT_SEGMENT, r_vk); +} + +static int get_luks1_volume_key_by_keyfile(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + struct volume_key **r_vk) +{ + int r; + const char *passphrase; + size_t passphrase_size; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_KEYFILE); + assert(r_vk); + + r = get_passphrase_by_keyfile(cd, kc, &passphrase, &passphrase_size); + if (r) + return r; + + r = LUKS_open_key_with_hdr(keyslot, passphrase, passphrase_size, + crypt_get_hdr(cd, CRYPT_LUKS1), r_vk, cd); + if (r < 0) + kc->error = r; + + return r; +} + +static int get_key_by_key(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot __attribute__((unused)), + int segment __attribute__((unused)), + struct volume_key **r_vk) +{ + assert(kc && kc->type == CRYPT_KC_TYPE_KEY); + assert(r_vk); + + if (!kc->u.k.volume_key) { + kc->error = -ENOENT; + return kc->error; + } + + *r_vk = crypt_alloc_volume_key(kc->u.k.volume_key_size, kc->u.k.volume_key); + if (!*r_vk) { + kc->error = -ENOMEM; + return kc->error; + } + + return 0; +} + +static int get_volume_key_by_key(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot __attribute__((unused)), + struct volume_key **r_vk) +{ + return get_key_by_key(cd, kc, -2 /* unused */, -2 /* unused */, r_vk); +} + +static int get_luks2_key_by_token(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot __attribute__((unused)), + int segment, + struct volume_key **r_vk) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_TOKEN); + assert(r_vk); + + r = LUKS2_token_unlock_key(cd, crypt_get_hdr(cd, CRYPT_LUKS2), kc->u.t.id, kc->u.t.type, + kc->u.t.pin, kc->u.t.pin_size, segment, kc->u.t.usrptr, r_vk); + if (r < 0) + kc->error = r; + + return r; +} + +static int get_luks2_volume_key_by_token(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot __attribute__((unused)), + struct volume_key **r_vk) +{ + return get_luks2_key_by_token(cd, kc, -2 /* unused */, CRYPT_DEFAULT_SEGMENT, r_vk); +} + +static int get_passphrase_by_token(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + const char **r_passphrase, + size_t *r_passphrase_size) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_TOKEN); + assert(r_passphrase); + assert(r_passphrase_size); + + if (!kc->i_passphrase) { + r = LUKS2_token_unlock_passphrase(cd, crypt_get_hdr(cd, CRYPT_LUKS2), kc->u.t.id, + kc->u.t.type, kc->u.t.pin, kc->u.t.pin_size, + kc->u.t.usrptr, &kc->i_passphrase, &kc->i_passphrase_size); + if (r < 0) { + kc->error = r; + return r; + } + kc->u.t.id = r; + } + + *r_passphrase = kc->i_passphrase; + *r_passphrase_size = kc->i_passphrase_size; + + return kc->u.t.id; +} + +static void unlock_method_init_internal(struct crypt_keyslot_context *kc) +{ + assert(kc); + + kc->error = 0; + kc->i_passphrase = NULL; + kc->i_passphrase_size = 0; +} + +void crypt_keyslot_unlock_by_key_init_internal(struct crypt_keyslot_context *kc, + const char *volume_key, + size_t volume_key_size) +{ + assert(kc); + + kc->type = CRYPT_KC_TYPE_KEY; + kc->u.k.volume_key = volume_key; + kc->u.k.volume_key_size = volume_key_size; + kc->get_luks2_key = get_key_by_key; + kc->get_luks2_volume_key = get_volume_key_by_key; + kc->get_luks1_volume_key = get_volume_key_by_key; + kc->get_passphrase = NULL; /* keyslot key context does not provide passphrase */ + unlock_method_init_internal(kc); +} + +void crypt_keyslot_unlock_by_passphrase_init_internal(struct crypt_keyslot_context *kc, + const char *passphrase, + size_t passphrase_size) +{ + assert(kc); + + kc->type = CRYPT_KC_TYPE_PASSPHRASE; + kc->u.p.passphrase = passphrase; + kc->u.p.passphrase_size = passphrase_size; + kc->get_luks2_key = get_luks2_key_by_passphrase; + kc->get_luks2_volume_key = get_luks2_volume_key_by_passphrase; + kc->get_luks1_volume_key = get_luks1_volume_key_by_passphrase; + kc->get_passphrase = get_passphrase_by_passphrase; + unlock_method_init_internal(kc); +} + +void crypt_keyslot_unlock_by_keyfile_init_internal(struct crypt_keyslot_context *kc, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset) +{ + assert(kc); + + kc->type = CRYPT_KC_TYPE_KEYFILE; + kc->u.kf.keyfile = keyfile; + kc->u.kf.keyfile_size = keyfile_size; + kc->u.kf.keyfile_offset = keyfile_offset; + kc->get_luks2_key = get_luks2_key_by_keyfile; + kc->get_luks2_volume_key = get_luks2_volume_key_by_keyfile; + kc->get_luks1_volume_key = get_luks1_volume_key_by_keyfile; + kc->get_passphrase = get_passphrase_by_keyfile; + unlock_method_init_internal(kc); +} + +void crypt_keyslot_unlock_by_token_init_internal(struct crypt_keyslot_context *kc, + int token, + const char *type, + const char *pin, + size_t pin_size, + void *usrptr) +{ + assert(kc); + + kc->type = CRYPT_KC_TYPE_TOKEN; + kc->u.t.id = token; + kc->u.t.type = type; + kc->u.t.pin = pin; + kc->u.t.pin_size = pin_size; + kc->u.t.usrptr = usrptr; + kc->get_luks2_key = get_luks2_key_by_token; + kc->get_luks2_volume_key = get_luks2_volume_key_by_token; + kc->get_luks1_volume_key = NULL; /* LUKS1 is not supported */ + kc->get_passphrase = get_passphrase_by_token; + unlock_method_init_internal(kc); +} + +void crypt_keyslot_context_destroy_internal(struct crypt_keyslot_context *kc) +{ + if (!kc) + return; + + crypt_safe_free(kc->i_passphrase); + kc->i_passphrase = NULL; + kc->i_passphrase_size = 0; +} + +void crypt_keyslot_context_free(struct crypt_keyslot_context *kc) +{ + crypt_keyslot_context_destroy_internal(kc); + free(kc); +} + +int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd, + const char *passphrase, + size_t passphrase_size, + struct crypt_keyslot_context **kc) +{ + struct crypt_keyslot_context *tmp; + + if (!kc || !passphrase) + return -EINVAL; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + crypt_keyslot_unlock_by_passphrase_init_internal(tmp, passphrase, passphrase_size); + + *kc = tmp; + + return 0; +} + +int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset, + struct crypt_keyslot_context **kc) +{ + struct crypt_keyslot_context *tmp; + + if (!kc || !keyfile) + return -EINVAL; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + crypt_keyslot_unlock_by_keyfile_init_internal(tmp, keyfile, keyfile_size, keyfile_offset); + + *kc = tmp; + + return 0; +} + +int crypt_keyslot_context_init_by_token(struct crypt_device *cd, + int token, + const char *type, + const char *pin, size_t pin_size, + void *usrptr, + struct crypt_keyslot_context **kc) +{ + struct crypt_keyslot_context *tmp; + + if (!kc || (token < 0 && token != CRYPT_ANY_TOKEN)) + return -EINVAL; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + crypt_keyslot_unlock_by_token_init_internal(tmp, token, type, pin, pin_size, usrptr); + + *kc = tmp; + + return 0; +} + +int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd, + const char *volume_key, + size_t volume_key_size, + struct crypt_keyslot_context **kc) +{ + struct crypt_keyslot_context *tmp; + + if (!kc) + return -EINVAL; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + crypt_keyslot_unlock_by_key_init_internal(tmp, volume_key, volume_key_size); + + *kc = tmp; + + return 0; +} + +int crypt_keyslot_context_get_error(struct crypt_keyslot_context *kc) +{ + return kc ? kc->error : -EINVAL; +} + +int crypt_keyslot_context_set_pin(struct crypt_device *cd, + const char *pin, size_t pin_size, + struct crypt_keyslot_context *kc) +{ + if (!kc || kc->type != CRYPT_KC_TYPE_TOKEN) + return -EINVAL; + + kc->u.t.pin = pin; + kc->u.t.pin_size = pin_size; + kc->error = 0; + + return 0; +} + +int crypt_keyslot_context_get_type(const struct crypt_keyslot_context *kc) +{ + return kc ? kc->type : -EINVAL; +} + +const char *keyslot_context_type_string(const struct crypt_keyslot_context *kc) +{ + assert(kc); + + switch (kc->type) { + case CRYPT_KC_TYPE_PASSPHRASE: + return "passphrase"; + case CRYPT_KC_TYPE_KEYFILE: + return "keyfile"; + case CRYPT_KC_TYPE_TOKEN: + return "token"; + case CRYPT_KC_TYPE_KEY: + return "key"; + default: + return ""; + } +} diff -Nru cryptsetup-2.5.0/lib/keyslot_context.h cryptsetup-2.6.1/lib/keyslot_context.h --- cryptsetup-2.5.0/lib/keyslot_context.h 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/lib/keyslot_context.h 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,111 @@ +/* + * LUKS - Linux Unified Key Setup, keyslot unlock helpers + * + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2023 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef KEYSLOT_CONTEXT_H +#define KEYSLOT_CONTEXT_H + +#include +#include + +#include "internal.h" + +typedef int (*keyslot_context_get_key) ( + struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + int segment, + struct volume_key **r_vk); + +typedef int (*keyslot_context_get_volume_key) ( + struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + struct volume_key **r_vk); + +typedef int (*keyslot_context_get_passphrase) ( + struct crypt_device *cd, + struct crypt_keyslot_context *kc, + const char **r_passphrase, + size_t *r_passphrase_size); + +/* crypt_keyslot_context */ +struct crypt_keyslot_context { + int type; + + union { + struct { + const char *passphrase; + size_t passphrase_size; + } p; + struct { + const char *keyfile; + uint64_t keyfile_offset; + size_t keyfile_size; + } kf; + struct { + int id; + const char *type; + const char *pin; + size_t pin_size; + void *usrptr; + } t; + struct { + const char *volume_key; + size_t volume_key_size; + } k; + } u; + + int error; + + char *i_passphrase; + size_t i_passphrase_size; + + keyslot_context_get_key get_luks2_key; + keyslot_context_get_volume_key get_luks1_volume_key; + keyslot_context_get_volume_key get_luks2_volume_key; + keyslot_context_get_passphrase get_passphrase; +}; + +void crypt_keyslot_context_destroy_internal(struct crypt_keyslot_context *method); + +void crypt_keyslot_unlock_by_key_init_internal(struct crypt_keyslot_context *kc, + const char *volume_key, + size_t volume_key_size); + +void crypt_keyslot_unlock_by_passphrase_init_internal(struct crypt_keyslot_context *kc, + const char *passphrase, + size_t passphrase_size); + +void crypt_keyslot_unlock_by_keyfile_init_internal(struct crypt_keyslot_context *kc, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset); + +void crypt_keyslot_unlock_by_token_init_internal(struct crypt_keyslot_context *kc, + int token, + const char *type, + const char *pin, + size_t pin_size, + void *usrptr); + +const char *keyslot_context_type_string(const struct crypt_keyslot_context *kc); + +#endif /* KEYSLOT_CONTEXT_H */ diff -Nru cryptsetup-2.5.0/lib/libcryptsetup.h cryptsetup-2.6.1/lib/libcryptsetup.h --- cryptsetup-2.5.0/lib/libcryptsetup.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/libcryptsetup.h 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -46,6 +46,7 @@ */ struct crypt_device; /* crypt device handle */ +struct crypt_keyslot_context; /** * Initialize crypt device handle and check if the provided device exists. @@ -344,6 +345,7 @@ /** * Helper to lock/unlock memory to avoid swap sensitive data to disk. + * \b Deprecated, only for backward compatibility. Memory with keys are locked automatically. * * @param cd crypt device handle, can be @e NULL * @param lock 0 to unlock otherwise lock memory @@ -353,7 +355,7 @@ * @note Only root can do this. * @note It locks/unlocks all process memory, not only crypt context. */ -int crypt_memory_lock(struct crypt_device *cd, int lock); +int crypt_memory_lock(struct crypt_device *cd, int lock) __attribute__((deprecated)); /** * Set global lock protection for on-disk metadata (file-based locking). @@ -427,6 +429,8 @@ #define CRYPT_INTEGRITY "INTEGRITY" /** BITLK (BitLocker-compatible mode) */ #define CRYPT_BITLK "BITLK" +/** FVAULT2 (FileVault2-compatible mode) */ +#define CRYPT_FVAULT2 "FVAULT2" /** LUKS any version */ #define CRYPT_LUKS NULL @@ -1107,6 +1111,187 @@ uint32_t flags); /** + * @defgroup crypt-keyslot-context Crypt keyslot context + * @addtogroup crypt-keyslot-context + * @{ + */ + +/** + * Release crypt keyslot context and used memory. + * + * @param kc crypt keyslot context + */ +void crypt_keyslot_context_free(struct crypt_keyslot_context *kc); + +/** + * Initialize keyslot context via passphrase. + * + * @param cd crypt device handle initialized to LUKS device context + * @param passphrase passphrase for a keyslot + * @param passphrase_size size of passphrase + * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_PASSPHRASE + * + * @return zero on success or negative errno otherwise. + */ +int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd, + const char *passphrase, + size_t passphrase_size, + struct crypt_keyslot_context **kc); + +/** + * Initialize keyslot context via key file path. + * + * @param cd crypt device handle initialized to LUKS device context + * + * @param keyfile key file with passphrase for a keyslot + * @param keyfile_size number of bytes to read from keyfile, @e 0 is unlimited + * @param keyfile_offset number of bytes to skip at start of keyfile + * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_KEYFILE + * + * @return zero on success or negative errno otherwise. + */ +int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset, + struct crypt_keyslot_context **kc); + +/** + * Initialize keyslot context via LUKS2 token. + * + * @param cd crypt device handle initialized to LUKS2 device context + * + * @param token token providing passphrase for a keyslot or CRYPT_ANY_TOKEN + * @param type restrict type of token, if @e NULL all types are allowed + * @param pin passphrase (or PIN) to unlock token (may be binary data) + * @param pin_size size of @e pin + * @param usrptr provided identification in callback + * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_TOKEN + * + * @return zero on success or negative errno otherwise. + */ +int crypt_keyslot_context_init_by_token(struct crypt_device *cd, + int token, + const char *type, + const char *pin, size_t pin_size, + void *usrptr, + struct crypt_keyslot_context **kc); + +/** + * Initialize keyslot context via key. + * + * @param cd crypt device handle initialized to LUKS device context + * + * @param volume_key provided volume key or @e NULL if used after crypt_format + * or with CRYPT_VOLUME_KEY_NO_SEGMENT flag + * @param volume_key_size size of volume_key + * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_KEY + * + * @return zero on success or negative errno otherwise. + */ +int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd, + const char *volume_key, + size_t volume_key_size, + struct crypt_keyslot_context **kc); + +/** + * Get error code per keyslot context from last failed call. + * + * @note If @link crypt_keyslot_add_by_keyslot_context @endlink passed with + * no negative return code. The return value of this function is undefined. + * + * @param kc keyslot context involved in failed @link crypt_keyslot_add_by_keyslot_context @endlink + * + * @return Negative errno if keyslot context caused a failure, zero otherwise. + */ +int crypt_keyslot_context_get_error(struct crypt_keyslot_context *kc); + +/** + * Set new pin to token based keyslot context. + * + * @note Use when @link crypt_keyslot_add_by_keyslot_context @endlink failed + * and token keyslot context returned -ENOANO error code via + * @link crypt_keyslot_context_get_error @endlink. + * + * @param cd crypt device handle initialized to LUKS2 device context + * @param pin passphrase (or PIN) to unlock token (may be binary data) + * @param pin_size size of @e pin + * @param kc LUKS2 keyslot context (only @link CRYPT_KC_TYPE_TOKEN @endlink is allowed) + * + * @return zero on success or negative errno otherwise + */ +int crypt_keyslot_context_set_pin(struct crypt_device *cd, + const char *pin, size_t pin_size, + struct crypt_keyslot_context *kc); + +/** + * @defgroup crypt-keyslot-context-types Crypt keyslot context + * @addtogroup crypt-keyslot-context-types + * @{ + */ +/** keyslot context initialized by passphrase (@link crypt_keyslot_context_init_by_passphrase @endlink) */ +#define CRYPT_KC_TYPE_PASSPHRASE INT16_C(1) +/** keyslot context initialized by keyfile (@link crypt_keyslot_context_init_by_keyfile @endlink) */ +#define CRYPT_KC_TYPE_KEYFILE INT16_C(2) +/** keyslot context initialized by token (@link crypt_keyslot_context_init_by_token @endlink) */ +#define CRYPT_KC_TYPE_TOKEN INT16_C(3) +/** keyslot context initialized by volume key or unbound key (@link crypt_keyslot_context_init_by_volume_key @endlink) */ +#define CRYPT_KC_TYPE_KEY INT16_C(4) +/** @} */ + +/** + * Get type identifier for crypt keyslot context. + * + * @param kc keyslot context + * + * @return crypt keyslot context type id (see @link crypt-keyslot-context-types @endlink) or negative errno otherwise. + */ +int crypt_keyslot_context_get_type(const struct crypt_keyslot_context *kc); +/** @} */ + +/** + * Add key slot by volume key provided by keyslot context (kc). New + * keyslot will be protected by passphrase provided by new keyslot context (new_kc). + * See @link crypt-keyslot-context @endlink for context initialization routines. + * + * @pre @e cd contains initialized and formatted LUKS device context. + * + * @param cd crypt device handle + * @param keyslot_existing existing keyslot or CRYPT_ANY_SLOT to get volume key from. + * @param kc keyslot context providing volume key. + * @param keyslot_new new keyslot or CRYPT_ANY_SLOT (first free number is used). + * @param new_kc keyslot context providing passphrase for new keyslot. + * @param flags key flags to set + * + * @return allocated key slot number or negative errno otherwise. + * + * @note new_kc can not be @e CRYPT_KC_TYPE_KEY type keyslot context. + * + * @note For kc parameter with type @e CRYPT_KC_TYPE_KEY the keyslot_existing + * parameter is ignored. + * + * @note in case there is no active LUKS keyslot to get existing volume key from, one of following must apply: + * @li @e cd must be device handle used in crypt_format() by current process (it holds reference to generated volume key) + * @li kc must be of @e CRYPT_KC_TYPE_KEY type with valid volume key. + * + * @note With CRYPT_VOLUME_KEY_NO_SEGMENT flag raised and kc of type @e CRYPT_KC_TYPE_KEY with @e volume_key set to @e NULL + * the new volume_key will be generated and stored in new keyslot. The keyslot will become unbound (unusable to + * dm-crypt device activation). + * + * @warning CRYPT_VOLUME_KEY_SET flag force updates volume key. It is @b not @b reencryption! + * By doing so you will most probably destroy your ciphertext data device. It's supposed + * to be used only in wrapped keys scheme for key refresh process where real (inner) volume + * key stays untouched. It may be involed on active @e keyslot which makes the (previously + * unbound) keyslot new regular keyslot. + */ +int crypt_keyslot_add_by_keyslot_context(struct crypt_device *cd, + int keyslot_existing, + struct crypt_keyslot_context *kc, + int keyslot_new, + struct crypt_keyslot_context *new_kc, + uint32_t flags); + +/** * Destroy (and disable) key slot. * * @pre @e cd contains initialized and formatted LUKS device context @@ -1182,6 +1367,8 @@ #define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (UINT32_C(1) << 25) /** dm-integrity: reset automatic recalculation */ #define CRYPT_ACTIVATE_RECALCULATE_RESET (UINT32_C(1) << 26) +/** dm-verity: try to use tasklets */ +#define CRYPT_ACTIVATE_TASKLETS (UINT32_C(1) << 27) /** * Active device runtime attributes @@ -1471,6 +1658,9 @@ * @note For TCRYPT cipher chain is the volume key concatenated * for all ciphers in chain. * @note For VERITY the volume key means root hash used for activation. + * @note For LUKS devices, if passphrase is @e NULL and volume key is cached in + * device context it returns the volume key generated in preceding + * @link crypt_format @endlink call. */ int crypt_volume_key_get(struct crypt_device *cd, int keyslot, @@ -1480,6 +1670,41 @@ size_t passphrase_size); /** + * Get volume key from crypt device by keyslot context. + * + * @param cd crypt device handle + * @param keyslot use this keyslot or @e CRYPT_ANY_SLOT + * @param volume_key buffer for volume key + * @param volume_key_size on input, size of buffer @e volume_key, + * on output size of @e volume_key + * @param kc keyslot context used to unlock volume key + * + * @return unlocked key slot number or negative errno otherwise. + * + * @note See @link crypt-keyslot-context-types @endlink for info on keyslot + * context initialization. + * @note For TCRYPT cipher chain is the volume key concatenated + * for all ciphers in chain (kc may be NULL). + * @note For VERITY the volume key means root hash used for activation + * (kc may be NULL). + * @note For LUKS devices, if kc is @e NULL and volume key is cached in + * device context it returns the volume key generated in preceding + * @link crypt_format @endlink call. + * @note @link CRYPT_KC_TYPE_TOKEN @endlink keyslot context is usable only with LUKS2 devices. + * @note @link CRYPT_KC_TYPE_KEY @endlink keyslot context can not be used. + * @note To get LUKS2 unbound key, keyslot parameter must not be @e CRYPT_ANY_SLOT. + * @note EPERM errno means provided keyslot context could not unlock any (or selected) + * keyslot. + * @note ENOENT errno means no LUKS keyslot is available to retrieve volume key from + * and there's no cached volume key in device handle. + */ +int crypt_volume_key_get_by_keyslot_context(struct crypt_device *cd, + int keyslot, + char *volume_key, + size_t *volume_key_size, + struct crypt_keyslot_context *kc); + +/** * Verify that provided volume key is valid for crypt device. * * @param cd crypt device handle diff -Nru cryptsetup-2.5.0/lib/libcryptsetup_macros.h cryptsetup-2.6.1/lib/libcryptsetup_macros.h --- cryptsetup-2.5.0/lib/libcryptsetup_macros.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/libcryptsetup_macros.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Definitions of common constant and generic macros of libcryptsetup * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/libcryptsetup.pc.in cryptsetup-2.6.1/lib/libcryptsetup.pc.in --- cryptsetup-2.5.0/lib/libcryptsetup.pc.in 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/libcryptsetup.pc.in 2023-02-09 16:12:17.000000000 +0000 @@ -8,3 +8,4 @@ Version: @LIBCRYPTSETUP_VERSION@ Cflags: -I${includedir} Libs: -L${libdir} -lcryptsetup +Requires.private: @PKGMODULES@ diff -Nru cryptsetup-2.5.0/lib/libcryptsetup.sym cryptsetup-2.6.1/lib/libcryptsetup.sym --- cryptsetup-2.5.0/lib/libcryptsetup.sym 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/libcryptsetup.sym 2023-02-09 16:12:17.000000000 +0000 @@ -151,3 +151,17 @@ crypt_get_subsystem; crypt_resume_by_token_pin; } CRYPTSETUP_2.4; + +CRYPTSETUP_2.6 { + global: + crypt_keyslot_context_free; + crypt_keyslot_context_init_by_passphrase; + crypt_keyslot_context_init_by_keyfile; + crypt_keyslot_context_init_by_token; + crypt_keyslot_context_init_by_volume_key; + crypt_keyslot_context_get_error; + crypt_keyslot_context_set_pin; + crypt_keyslot_context_get_type; + crypt_keyslot_add_by_keyslot_context; + crypt_volume_key_get_by_keyslot_context; +} CRYPTSETUP_2.5; diff -Nru cryptsetup-2.5.0/lib/libcryptsetup_symver.h cryptsetup-2.6.1/lib/libcryptsetup_symver.h --- cryptsetup-2.5.0/lib/libcryptsetup_symver.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/libcryptsetup_symver.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * Helpers for defining versioned symbols * - * Copyright (C) 2021-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2021-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -72,9 +72,9 @@ __attribute__((__symver__(#_public_sym _ver_str #_maj "." #_min))) #endif -#if !defined(_CRYPT_SYMVER) && defined(__GNUC__) +#if !defined(_CRYPT_SYMVER) && (defined(__GNUC__) || defined(__clang__)) # define _CRYPT_SYMVER(_local_sym, _public_sym, _ver_str, _maj, _min) \ - asm(".symver " #_local_sym "," #_public_sym _ver_str #_maj "." #_min); + __asm__(".symver " #_local_sym "," #_public_sym _ver_str #_maj "." #_min); #endif #define _CRYPT_FUNC(_public_sym, _prefix_str, _maj, _min, _ret, ...) \ diff -Nru cryptsetup-2.5.0/lib/libdevmapper.c cryptsetup-2.6.1/lib/libdevmapper.c --- cryptsetup-2.5.0/lib/libdevmapper.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/libdevmapper.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,7 +31,6 @@ #ifdef HAVE_SYS_SYSMACROS_H # include /* for major, minor */ #endif -#include #include "internal.h" #define DM_CRYPT_TARGET "crypt" @@ -205,6 +204,9 @@ if (_dm_satisfies_version(1, 7, 0, verity_maj, verity_min, verity_patch)) _dm_flags |= DM_VERITY_PANIC_CORRUPTION_SUPPORTED; + if (_dm_satisfies_version(1, 9, 0, verity_maj, verity_min, verity_patch)) + _dm_flags |= DM_VERITY_TASKLETS_SUPPORTED; + _dm_verity_checked = true; } @@ -473,27 +475,22 @@ return r; } -#define CLEN 64 /* 2*MAX_CIPHER_LEN */ -#define CLENS "63" /* for sscanf length + '\0' */ -#define CAPIL 144 /* should be enough to fit whole capi string */ -#define CAPIS "143" /* for sscanf of crypto API string + 16 + \0 */ - -static int cipher_c2dm(const char *org_c, const char *org_i, unsigned tag_size, +static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size, char *c_dm, int c_dm_size, char *i_dm, int i_dm_size) { int c_size = 0, i_size = 0, i; - char cipher[CLEN], mode[CLEN], iv[CLEN+1], tmp[CLEN]; - char capi[CAPIL]; + char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN+1], + tmp[MAX_CAPI_ONE_LEN], capi[MAX_CAPI_LEN]; if (!c_dm || !c_dm_size || !i_dm || !i_dm_size) return -EINVAL; - i = sscanf(org_c, "%" CLENS "[^-]-%" CLENS "s", cipher, tmp); + i = sscanf(org_c, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", cipher, tmp); if (i != 2) return -EINVAL; - i = sscanf(tmp, "%" CLENS "[^-]-%" CLENS "s", mode, iv); + i = sscanf(tmp, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", mode, iv); if (i == 1) { memset(iv, 0, sizeof(iv)); strncpy(iv, mode, sizeof(iv)-1); @@ -540,75 +537,6 @@ return 0; } -static int cipher_dm2c(char **org_c, char **org_i, const char *c_dm, const char *i_dm) -{ - char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN]; - char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1]; - size_t len; - int i; - - if (!c_dm) - return -EINVAL; - - /* legacy mode */ - if (strncmp(c_dm, "capi:", 4)) { - if (!(*org_c = strdup(c_dm))) - return -ENOMEM; - *org_i = NULL; - return 0; - } - - /* modes with capi: prefix */ - i = sscanf(c_dm, "capi:%" CAPIS "[^-]-%" CLENS "s", tmp, iv); - if (i != 2) - return -EINVAL; - - len = strlen(tmp); - if (len < 2) - return -EINVAL; - - if (tmp[len-1] == ')') - tmp[len-1] = '\0'; - - if (sscanf(tmp, "rfc4309(%" CAPIS "s", capi) == 1) { - if (!(*org_i = strdup("aead"))) - return -ENOMEM; - } else if (sscanf(tmp, "rfc7539(%" CAPIS "[^,],%" CLENS "s", capi, auth) == 2) { - if (!(*org_i = strdup(auth))) - return -ENOMEM; - } else if (sscanf(tmp, "authenc(%" CLENS "[^,],%" CAPIS "s", auth, capi) == 2) { - if (!(*org_i = strdup(auth))) - return -ENOMEM; - } else { - if (i_dm) { - if (!(*org_i = strdup(i_dm))) - return -ENOMEM; - } else - *org_i = NULL; - memset(capi, 0, sizeof(capi)); - strncpy(capi, tmp, sizeof(capi)-1); - } - - i = sscanf(capi, "%" CLENS "[^(](%" CLENS "[^)])", mode, cipher); - if (i == 2) - i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv); - else - i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv); - if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) { - free(*org_i); - *org_i = NULL; - return -EINVAL; - } - - if (!(*org_c = strdup(dmcrypt_tmp))) { - free(*org_i); - *org_i = NULL; - return -ENOMEM; - } - - return 0; -} - static char *_uf(char *buf, size_t buf_size, const char *s, unsigned u) { size_t r = snprintf(buf, buf_size, " %s:%u", s, u); @@ -626,7 +554,7 @@ if (!tgt) return NULL; - r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size, + r = cipher_dm2c(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size, cipher_dm, sizeof(cipher_dm), integrity_dm, sizeof(integrity_dm)); if (r < 0) return NULL; @@ -734,6 +662,8 @@ num_options++; if (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) num_options++; + if (flags & CRYPT_ACTIVATE_TASKLETS) + num_options++; max_fec_size = (tgt->u.verity.fec_device ? strlen(device_block_path(tgt->u.verity.fec_device)) : 0) + 256; fec_features = crypt_safe_alloc(max_fec_size); @@ -764,13 +694,14 @@ } else *verity_verify_args = '\0'; - if (num_options) { /* MAX length int32 + 18 + 22 + 20 + 19 + 19 */ - r = snprintf(features, sizeof(features), " %d%s%s%s%s%s", num_options, + if (num_options) { /* MAX length int32 + 18 + 22 + 20 + 19 + 19 + 22 */ + r = snprintf(features, sizeof(features), " %d%s%s%s%s%s%s", num_options, (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "", (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "", (flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION) ? " panic_on_corruption" : "", (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "", - (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? " check_at_most_once" : ""); + (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? " check_at_most_once" : "", + (flags & CRYPT_ACTIVATE_TASKLETS) ? " try_verify_in_tasklet" : ""); if (r < 0 || (size_t)r >= sizeof(features)) goto out; } else @@ -1705,6 +1636,12 @@ r = -EINVAL; } + if (dmd->flags & CRYPT_ACTIVATE_TASKLETS && + !(dmt_flags & DM_VERITY_TASKLETS_SUPPORTED)) { + log_err(cd, _("Requested dm-verity tasklets option is not supported.")); + r = -EINVAL; + } + if (dmd->flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION && !(dmt_flags & DM_VERITY_PANIC_CORRUPTION_SUPPORTED)) { log_err(cd, _("Requested dm-verity data corruption handling options are not supported.")); @@ -2054,9 +1991,7 @@ /* cipher */ if (get_flags & DM_ACTIVE_CRYPT_CIPHER) { - r = cipher_dm2c(CONST_CAST(char**)&cipher, - CONST_CAST(char**)&integrity, - rcipher, rintegrity); + r = crypt_capi_to_cipher(&cipher, &integrity, rcipher, rintegrity); if (r < 0) goto err; } @@ -2289,6 +2224,8 @@ *act_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS; else if (!strcasecmp(arg, "check_at_most_once")) *act_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE; + else if (!strcasecmp(arg, "try_verify_in_tasklet")) + *act_flags |= CRYPT_ACTIVATE_TASKLETS; else if (!strcasecmp(arg, "use_fec_from_device")) { str = strsep(¶ms, " "); str2 = crypt_lookup_dev(str); @@ -2842,7 +2779,8 @@ return r; } -static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_deps *deps, char **names, size_t names_offset, size_t names_length) +static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_deps *deps, + char **names, size_t names_offset, size_t names_length) { #if HAVE_DECL_DM_DEVICE_GET_NAME struct crypt_dm_active_device dmd; @@ -2888,7 +2826,8 @@ #endif } -int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix, char **names, size_t names_length) +int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix, + char **names, size_t names_length) { struct dm_task *dmt; struct dm_info dmi; diff -Nru cryptsetup-2.5.0/lib/loopaes/loopaes.c cryptsetup-2.6.1/lib/loopaes/loopaes.c --- cryptsetup-2.5.0/lib/loopaes/loopaes.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/loopaes/loopaes.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * loop-AES compatible volume handling * - * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2022 Milan Broz + * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/loopaes/loopaes.h cryptsetup-2.6.1/lib/loopaes/loopaes.h --- cryptsetup-2.5.0/lib/loopaes/loopaes.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/loopaes/loopaes.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * loop-AES compatible volume handling * - * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2022 Milan Broz + * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/luks1/af.c cryptsetup-2.6.1/lib/luks1/af.c --- cryptsetup-2.5.0/lib/luks1/af.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks1/af.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * AFsplitter - Anti forensic information splitter * * Copyright (C) 2004 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. * * AFsplitter diffuses information over a large stripe of data, * therefore supporting secure data destruction. diff -Nru cryptsetup-2.5.0/lib/luks1/af.h cryptsetup-2.6.1/lib/luks1/af.h --- cryptsetup-2.5.0/lib/luks1/af.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks1/af.h 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * AFsplitter - Anti forensic information splitter * * Copyright (C) 2004 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. * * AFsplitter diffuses information over a large stripe of data, * therefore supporting secure data destruction. diff -Nru cryptsetup-2.5.0/lib/luks1/keyencryption.c cryptsetup-2.6.1/lib/luks1/keyencryption.c --- cryptsetup-2.5.0/lib/luks1/keyencryption.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks1/keyencryption.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,8 +2,8 @@ * LUKS - Linux Unified Key Setup * * Copyright (C) 2004-2006 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks1/keymanage.c cryptsetup-2.6.1/lib/luks1/keymanage.c --- cryptsetup-2.5.0/lib/luks1/keymanage.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks1/keymanage.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,8 +2,8 @@ * LUKS - Linux Unified Key Setup * * Copyright (C) 2004-2006 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2013-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2013-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -28,8 +28,8 @@ #include #include #include -#include #include +#include #include "luks.h" #include "af.h" @@ -232,11 +232,12 @@ hdr_size = LUKS_device_sectors(&hdr) << SECTOR_SHIFT; buffer_size = size_round_up(hdr_size, crypt_getpagesize()); - buffer = crypt_safe_alloc(buffer_size); + buffer = malloc(buffer_size); if (!buffer || hdr_size < LUKS_ALIGN_KEYSLOTS || hdr_size > buffer_size) { r = -ENOMEM; goto out; } + memset(buffer, 0, buffer_size); log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).", sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS); @@ -280,7 +281,8 @@ r = 0; out: crypt_safe_memzero(&hdr, sizeof(hdr)); - crypt_safe_free(buffer); + crypt_safe_memzero(buffer, buffer_size); + free(buffer); return r; } @@ -308,7 +310,7 @@ goto out; } - buffer = crypt_safe_alloc(buffer_size); + buffer = malloc(buffer_size); if (!buffer) { r = -ENOMEM; goto out; @@ -379,7 +381,8 @@ r = LUKS_read_phdr(hdr, 1, 0, ctx); out: device_sync(ctx, device); - crypt_safe_free(buffer); + crypt_safe_memzero(buffer, buffer_size); + free(buffer); return r; } @@ -922,8 +925,12 @@ hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE, derived_key->key, hdr->keyBytes, hdr->keyblock[keyIndex].passwordIterations, 0, 0); - if (r < 0) + if (r < 0) { + if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) && + hdr->keyblock[keyIndex].passwordIterations > INT_MAX) + log_err(ctx, _("PBKDF2 iteration value overflow.")); goto out; + } /* * AF splitting, the volume key stored in vk->key is split to AfKey @@ -1227,6 +1234,10 @@ uint64_t offset, length; size_t wipe_block; + r = LUKS_check_device_size(ctx, hdr, 1); + if (r) + return r; + /* Wipe complete header, keyslots and padding areas with zeroes. */ offset = 0; length = (uint64_t)hdr->payloadOffset * SECTOR_SIZE; diff -Nru cryptsetup-2.5.0/lib/luks1/luks.h cryptsetup-2.6.1/lib/luks1/luks.h --- cryptsetup-2.5.0/lib/luks1/luks.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks1/luks.h 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * LUKS - Linux Unified Key Setup * * Copyright (C) 2004-2006 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_digest.c cryptsetup-2.6.1/lib/luks2/luks2_digest.c --- cryptsetup-2.5.0/lib/luks2/luks2_digest.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_digest.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, digest handling * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_digest_pbkdf2.c cryptsetup-2.6.1/lib/luks2/luks2_digest_pbkdf2.c --- cryptsetup-2.5.0/lib/luks2/luks2_digest_pbkdf2.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_digest_pbkdf2.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, PBKDF2 digest handler (LUKS1 compatible) * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_disk_metadata.c cryptsetup-2.6.1/lib/luks2/luks2_disk_metadata.c --- cryptsetup-2.5.0/lib/luks2/luks2_disk_metadata.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_disk_metadata.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,8 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include - #include "luks2_internal.h" /* diff -Nru cryptsetup-2.5.0/lib/luks2/luks2.h cryptsetup-2.6.1/lib/luks2/luks2.h --- cryptsetup-2.5.0/lib/luks2/luks2.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -121,6 +121,7 @@ uint8_t salt2[LUKS2_SALT_L]; char uuid[LUKS2_UUID_L]; void *jobj; + void *jobj_rollback; }; struct luks2_keyslot_params { @@ -167,6 +168,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair); int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr); int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr); +int LUKS2_hdr_rollback(struct crypt_device *cd, struct luks2_hdr *hdr); int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr); int LUKS2_hdr_dump_json(struct crypt_device *cd, struct luks2_hdr *hdr, const char **json); @@ -283,13 +285,13 @@ uint32_t flags, void *usrptr); -int LUKS2_token_unlock_volume_key(struct crypt_device *cd, +int LUKS2_token_unlock_key(struct crypt_device *cd, struct luks2_hdr *hdr, int token, const char *type, const char *pin, size_t pin_size, - uint32_t flags, + int segment, void *usrptr, struct volume_key **vk); @@ -300,6 +302,16 @@ int LUKS2_token_keyring_json(char *buffer, size_t buffer_size, const struct crypt_token_params_luks2_keyring *keyring_params); +int LUKS2_token_unlock_passphrase(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *type, + const char *pin, + size_t pin_size, + void *usrptr, + char **passphrase, + size_t *passphrase_size); + void crypt_token_unload_external_all(struct crypt_device *cd); /* diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_internal.h cryptsetup-2.6.1/lib/luks2/luks2_internal.h --- cryptsetup-2.5.0/lib/luks2/luks2_internal.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_internal.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -189,6 +189,8 @@ int keyring_validate(struct crypt_device *cd, const char *json); +void keyring_buffer_free(void *buffer, size_t buffer_size); + struct crypt_token_handler_v2 { const char *name; crypt_token_open_func open; diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_json_format.c cryptsetup-2.6.1/lib/luks2/luks2_json_format.c --- cryptsetup-2.5.0/lib/luks2/luks2_json_format.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_json_format.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, LUKS2 header format code * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,7 +21,6 @@ #include "luks2_internal.h" #include -#include struct area { uint64_t offset; @@ -363,6 +362,10 @@ wipe_block = 4096; } + r = device_check_size(cd, crypt_metadata_device(cd), length, 1); + if (r) + return r; + log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.", offset, length + offset); diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_json_metadata.c cryptsetup-2.6.1/lib/luks2/luks2_json_metadata.c --- cryptsetup-2.5.0/lib/luks2/luks2_json_metadata.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_json_metadata.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz - * Copyright (C) 2015-2022 Ondrej Kozina + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,7 +22,6 @@ #include "luks2_internal.h" #include "../integrity/integrity.h" -#include #include #include @@ -1110,6 +1109,33 @@ return 0; } +static bool hdr_json_free(json_object **jobj) +{ + assert(jobj); + + if (json_object_put(*jobj)) + *jobj = NULL; + + return (*jobj == NULL); +} + +static int hdr_update_copy_for_rollback(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + json_object **jobj_copy; + + assert(hdr); + assert(hdr->jobj); + + jobj_copy = (json_object **)&hdr->jobj_rollback; + + if (!hdr_json_free(jobj_copy)) { + log_dbg(cd, "LUKS2 rollback metadata copy still in use"); + return -EINVAL; + } + + return json_object_copy(hdr->jobj, jobj_copy) ? -ENOMEM : 0; +} + /* FIXME: should we expose do_recovery parameter explicitly? */ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair) { @@ -1141,6 +1167,9 @@ } else device_read_unlock(cd, crypt_metadata_device(cd)); + if (!r && (r = hdr_update_copy_for_rollback(cd, hdr))) + log_dbg(cd, "Failed to update rollback LUKS2 metadata."); + return r; } @@ -1153,18 +1182,50 @@ int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr) { + int r; + if (hdr_cleanup_and_validate(cd, hdr)) return -EINVAL; - return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), false); + r = LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), false); + + if (!r && (r = hdr_update_copy_for_rollback(cd, hdr))) + log_dbg(cd, "Failed to update rollback LUKS2 metadata."); + + return r; } int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr) { + int r; + if (hdr_cleanup_and_validate(cd, hdr)) return -EINVAL; - return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), true); + r = LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), true); + + if (!r && (r = hdr_update_copy_for_rollback(cd, hdr))) + log_dbg(cd, "Failed to update rollback LUKS2 metadata."); + + return r; +} + +int LUKS2_hdr_rollback(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + json_object **jobj_copy; + + assert(hdr->jobj_rollback); + + log_dbg(cd, "Rolling back in-memory LUKS2 json metadata."); + + jobj_copy = (json_object **)&hdr->jobj; + + if (!hdr_json_free(jobj_copy)) { + log_dbg(cd, "LUKS2 header still in use"); + return -EINVAL; + } + + return json_object_copy(hdr->jobj_rollback, jobj_copy) ? -ENOMEM : 0; } int LUKS2_hdr_uuid(struct crypt_device *cd, struct luks2_hdr *hdr, const char *uuid) @@ -1201,10 +1262,19 @@ void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr) { - if (json_object_put(hdr->jobj)) - hdr->jobj = NULL; - else if (hdr->jobj) + json_object **jobj; + + assert(hdr); + + jobj = (json_object **)&hdr->jobj; + + if (!hdr_json_free(jobj)) log_dbg(cd, "LUKS2 header still in use"); + + jobj = (json_object **)&hdr->jobj_rollback; + + if (!hdr_json_free(jobj)) + log_dbg(cd, "LUKS2 rollback metadata copy still in use"); } static uint64_t LUKS2_keyslots_size_jobj(json_object *jobj) @@ -1246,7 +1316,7 @@ hdr_size = LUKS2_hdr_and_areas_size(hdr); buffer_size = size_round_up(hdr_size, crypt_getpagesize()); - buffer = crypt_safe_alloc(buffer_size); + buffer = malloc(buffer_size); if (!buffer) return -ENOMEM; @@ -1257,23 +1327,22 @@ if (r) { log_err(cd, _("Failed to acquire read lock on device %s."), device_path(crypt_metadata_device(cd))); - crypt_safe_free(buffer); - return r; + goto out; } devfd = device_open_locked(cd, device, O_RDONLY); if (devfd < 0) { device_read_unlock(cd, device); log_err(cd, _("Device %s is not a valid LUKS device."), device_path(device)); - crypt_safe_free(buffer); - return devfd == -1 ? -EINVAL : devfd; + r = (devfd == -1) ? -EINVAL : devfd; + goto out; } if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device), buffer, hdr_size, 0) < hdr_size) { device_read_unlock(cd, device); - crypt_safe_free(buffer); - return -EIO; + r = -EIO; + goto out; } device_read_unlock(cd, device); @@ -1284,8 +1353,8 @@ log_err(cd, _("Requested header backup file %s already exists."), backup_file); else log_err(cd, _("Cannot create header backup file %s."), backup_file); - crypt_safe_free(buffer); - return -EINVAL; + r = -EINVAL; + goto out; } ret = write_buffer(fd, buffer, buffer_size); close(fd); @@ -1294,8 +1363,9 @@ r = -EIO; } else r = 0; - - crypt_safe_free(buffer); +out: + crypt_safe_memzero(buffer, buffer_size); + free(buffer); return r; } @@ -1306,8 +1376,7 @@ int r, fd, devfd = -1, diff_uuid = 0; ssize_t ret, buffer_size = 0; char *buffer = NULL, msg[1024]; - struct luks2_hdr hdr_file; - struct luks2_hdr tmp_hdr = {}; + struct luks2_hdr hdr_file = {}, tmp_hdr = {}; uint32_t reqs = 0; r = device_alloc(cd, &backup_device, backup_file); @@ -1340,7 +1409,7 @@ } buffer_size = LUKS2_hdr_and_areas_size(&hdr_file); - buffer = crypt_safe_alloc(buffer_size); + buffer = malloc(buffer_size); if (!buffer) { r = -ENOMEM; goto out; @@ -1440,10 +1509,9 @@ LUKS2_hdr_free(cd, &tmp_hdr); crypt_safe_memzero(&hdr_file, sizeof(hdr_file)); crypt_safe_memzero(&tmp_hdr, sizeof(tmp_hdr)); - crypt_safe_free(buffer); - + crypt_safe_memzero(buffer, buffer_size); + free(buffer); device_sync(cd, device); - return r; } diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_keyslot.c cryptsetup-2.6.1/lib/luks2/luks2_keyslot.c --- cryptsetup-2.5.0/lib/luks2/luks2_keyslot.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_keyslot.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, keyslot handling * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_keyslot_luks2.c cryptsetup-2.6.1/lib/luks2/luks2_keyslot_luks2.c --- cryptsetup-2.5.0/lib/luks2/luks2_keyslot_luks2.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_keyslot_luks2.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,6 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include #include "luks2_internal.h" /* FIXME: move keyslot encryption to crypto backend */ @@ -31,6 +32,7 @@ /* Serialize memory-hard keyslot access: optional workaround for parallel processing */ #define MIN_MEMORY_FOR_SERIALIZE_LOCK_KB 32*1024 /* 32MB */ +/* coverity[ -taint_source : arg-0 ] */ static int luks2_encrypt_to_storage(char *src, size_t srcLength, const char *cipher, const char *cipher_mode, struct volume_key *vk, unsigned int sector, @@ -263,6 +265,9 @@ pbkdf.parallel_threads); free(salt); if (r < 0) { + if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) && + pbkdf.iterations > INT_MAX) + log_err(cd, _("PBKDF2 iteration value overflow.")); crypt_free_volume_key(derived_key); return r; } @@ -275,7 +280,11 @@ return -ENOMEM; } - r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash); + r = crypt_hash_size(af_hash); + if (r < 0) + log_err(cd, _("Hash algorithm %s is not available."), af_hash); + else + r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash); if (r == 0) { log_dbg(cd, "Updating keyslot area [0x%04" PRIx64 "].", area_offset); @@ -379,8 +388,13 @@ derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd); } - if (r == 0) - r = AF_merge(AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash); + if (r == 0) { + r = crypt_hash_size(af_hash); + if (r < 0) + log_err(cd, _("Hash algorithm %s is not available."), af_hash); + else + r = AF_merge(AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash); + } out: free(salt); crypt_free_volume_key(derived_key); diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_keyslot_reenc.c cryptsetup-2.6.1/lib/luks2/luks2_keyslot_reenc.c --- cryptsetup-2.5.0/lib/luks2/luks2_keyslot_reenc.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_keyslot_reenc.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, reencryption keyslot handler * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_luks1_convert.c cryptsetup-2.6.1/lib/luks2/luks2_luks1_convert.c --- cryptsetup-2.5.0/lib/luks2/luks2_luks1_convert.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_luks1_convert.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Ondrej Kozina - * Copyright (C) 2015-2022 Milan Broz + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Ondrej Kozina + * Copyright (C) 2015-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_reencrypt.c cryptsetup-2.6.1/lib/luks2/luks2_reencrypt.c --- cryptsetup-2.5.0/lib/luks2/luks2_reencrypt.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_reencrypt.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, reencryption helpers * - * Copyright (C) 2015-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2022 Ondrej Kozina + * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,8 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include - #include "luks2_internal.h" #include "utils_device_locking.h" @@ -513,7 +511,8 @@ if (tmp < device_size) { fixed_length = device_size - tmp; - jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + data_shift_value(&rh->rp), rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); + jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + data_shift_value(&rh->rp), + rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); if (!jobj_old_seg) goto err; json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_old_seg); @@ -668,7 +667,8 @@ if (tmp < device_size) { fixed_length = device_size - tmp; - jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset + rh->length, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); + jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset + rh->length, + rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); if (!jobj_new_seg) goto err; json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_new_seg); @@ -846,6 +846,50 @@ crypt_unlock_internal(cd, rh->reenc_lock); free(rh); } + +int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct reenc_protection *rp, + int reencrypt_keyslot, + uint64_t *r_length) +{ +#if USE_LUKS2_REENCRYPTION + int r; + uint64_t dummy, area_length; + + assert(hdr); + assert(rp); + assert(r_length); + + if (rp->type <= REENC_PROTECTION_NONE) { + *r_length = LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH; + return 0; + } + + if (rp->type == REENC_PROTECTION_DATASHIFT) { + *r_length = rp->p.ds.data_shift; + return 0; + } + + r = LUKS2_keyslot_area(hdr, reencrypt_keyslot, &dummy, &area_length); + if (r < 0) + return -EINVAL; + + if (rp->type == REENC_PROTECTION_JOURNAL) { + *r_length = area_length; + return 0; + } + + if (rp->type == REENC_PROTECTION_CHECKSUM) { + *r_length = (area_length / rp->p.csum.hash_size) * rp->p.csum.block_size; + return 0; + } + + return -EINVAL; +#else + return -ENOTSUP; +#endif +} #if USE_LUKS2_REENCRYPTION static size_t reencrypt_get_alignment(struct crypt_device *cd, struct luks2_hdr *hdr) @@ -892,7 +936,8 @@ rh->jobj_segment_moved = NULL; } -static int reencrypt_offset_backward_moved(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t *reencrypt_length, uint64_t data_shift, uint64_t *offset) +static int reencrypt_offset_backward_moved(struct luks2_hdr *hdr, json_object *jobj_segments, + uint64_t *reencrypt_length, uint64_t data_shift, uint64_t *offset) { uint64_t tmp, linear_length = 0; int sg, segs = json_segments_count(jobj_segments); @@ -1474,7 +1519,8 @@ else crash_iv_offset = json_segment_get_iv_offset(json_segments_get_segment(rh->jobj_segs_hot, rseg)); - log_dbg(cd, "crash_offset: %" PRIu64 ", crash_length: %" PRIu64 ", crash_iv_offset: %" PRIu64, data_offset + rh->offset, rh->length, crash_iv_offset); + log_dbg(cd, "crash_offset: %" PRIu64 ", crash_length: %" PRIu64 ", crash_iv_offset: %" PRIu64, + data_offset + rh->offset, rh->length, crash_iv_offset); r = crypt_storage_wrapper_init(cd, &cw2, crypt_data_device(cd), data_offset + rh->offset, crash_iv_offset, new_sector_size, @@ -1842,7 +1888,9 @@ return commit ? LUKS2_hdr_write(cd, hdr) : 0; } -static int reencrypt_set_encrypt_segments(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t dev_size, uint64_t data_shift, bool move_first_segment, crypt_reencrypt_direction_info di) +static int reencrypt_set_encrypt_segments(struct crypt_device *cd, struct luks2_hdr *hdr, + uint64_t dev_size, uint64_t data_shift, bool move_first_segment, + crypt_reencrypt_direction_info di) { int r; uint64_t first_segment_offset, first_segment_length, @@ -1912,7 +1960,6 @@ static int reencrypt_set_decrypt_shift_segments(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t dev_size, - uint64_t data_shift, uint64_t moved_segment_length, crypt_reencrypt_direction_info di) { @@ -1922,7 +1969,7 @@ data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT; json_object *jobj_segment_first = NULL, *jobj_segment_second = NULL, *jobj_segments; - if (!data_shift || di == CRYPT_REENCRYPT_BACKWARD) + if (di == CRYPT_REENCRYPT_BACKWARD) return -ENOTSUP; /* @@ -1930,12 +1977,11 @@ * [encrypted first segment (max data shift size)][gap (data shift size)][second encrypted data segment] */ first_segment_offset = 0; - if (dev_size > data_shift) { - first_segment_length = moved_segment_length; + first_segment_length = moved_segment_length; + if (dev_size > moved_segment_length) { second_segment_offset = data_offset + first_segment_length; second_segment_length = 0; - } else - first_segment_length = dev_size; + } jobj_segments = json_object_new_object(); if (!jobj_segments) @@ -1951,7 +1997,7 @@ return r; } - if (dev_size > data_shift) { + if (dev_size > moved_segment_length) { jobj_segment_second = json_segment_create_crypt(second_segment_offset, crypt_get_iv_offset(cd) + (first_segment_length >> SECTOR_SHIFT), second_segment_length ? &second_segment_length : NULL, @@ -2406,7 +2452,10 @@ return -EINVAL; if (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT) { - json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_segment_bcp); + if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_segment_bcp)) { + r = -EINVAL; + goto err; + } r = LUKS2_segment_set_flag(jobj_segment_bcp, "backup-moved-segment"); if (r) goto err; @@ -2431,8 +2480,12 @@ json_segment_get_cipher(jobj_tmp), json_segment_get_sector_size(jobj_tmp), 0); - } else - json_object_copy(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT), &jobj_segment_old); + } else { + if (json_object_copy(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT), &jobj_segment_old)) { + r = -EINVAL; + goto err; + } + } } else if (params->mode == CRYPT_REENCRYPT_ENCRYPT) { r = LUKS2_get_data_size(hdr, &tmp, NULL); if (r) @@ -2671,46 +2724,6 @@ return -EINVAL; } -int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd, - struct luks2_hdr *hdr, - const struct reenc_protection *rp, - int reencrypt_keyslot, - uint64_t *r_length) -{ - int r; - uint64_t dummy, area_length; - - assert(hdr); - assert(rp); - assert(r_length); - - if (rp->type <= REENC_PROTECTION_NONE) { - *r_length = LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH; - return 0; - } - - if (rp->type == REENC_PROTECTION_DATASHIFT) { - *r_length = rp->p.ds.data_shift; - return 0; - } - - r = LUKS2_keyslot_area(hdr, reencrypt_keyslot, &dummy, &area_length); - if (r < 0) - return -EINVAL; - - if (rp->type == REENC_PROTECTION_JOURNAL) { - *r_length = area_length; - return 0; - } - - if (rp->type == REENC_PROTECTION_CHECKSUM) { - *r_length = (area_length / rp->p.csum.hash_size) * rp->p.csum.block_size; - return 0; - } - - return -EINVAL; -} - static int reencrypt_decrypt_with_datashift_init(struct crypt_device *cd, const char *name, struct luks2_hdr *hdr, @@ -2769,10 +2782,12 @@ moved_segment_length = data_shift < LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH ? data_shift : LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH; - r = reencrypt_set_decrypt_shift_segments(cd, hdr, - data_size, data_shift, - moved_segment_length, - params->direction); + if (moved_segment_length > data_size) + moved_segment_length = data_size; + + r = reencrypt_set_decrypt_shift_segments(cd, hdr, data_size, + moved_segment_length, + params->direction); if (r) goto out; @@ -2898,8 +2913,8 @@ log_err(cd, _("Failed to resume device %s."), name); device_release_excl(cd, crypt_data_device(cd)); - if (r < 0 && crypt_load(cd, CRYPT_LUKS2, NULL) < 0) - log_dbg(cd, "Cannot reload context after failure."); + if (r < 0 && LUKS2_hdr_rollback(cd, hdr) < 0) + log_dbg(cd, "Failed to rollback LUKS2 metadata after failure."); return r; } @@ -3106,8 +3121,8 @@ r = reencrypt_keyslot; out: device_release_excl(cd, crypt_data_device(cd)); - if (r < 0 && crypt_load(cd, CRYPT_LUKS2, NULL) < 0) - log_dbg(cd, "Cannot reload context after failure."); + if (r < 0 && LUKS2_hdr_rollback(cd, hdr) < 0) + log_dbg(cd, "Failed to rollback LUKS2 metadata after failure."); return r; } diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_reencrypt_digest.c cryptsetup-2.6.1/lib/luks2/luks2_reencrypt_digest.c --- cryptsetup-2.5.0/lib/luks2/luks2_reencrypt_digest.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_reencrypt_digest.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup v2, reencryption digest helpers * - * Copyright (C) 2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2022 Ondrej Kozina - * Copyright (C) 2022 Milan Broz + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2023 Ondrej Kozina + * Copyright (C) 2022-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,7 +21,6 @@ */ #include "luks2_internal.h" -#include #define MAX_STR 64 diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_segment.c cryptsetup-2.6.1/lib/luks2/luks2_segment.c --- cryptsetup-2.5.0/lib/luks2/luks2_segment.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_segment.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, internal segment handling * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2022 Ondrej Kozina + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_token.c cryptsetup-2.6.1/lib/luks2/luks2_token.c --- cryptsetup-2.5.0/lib/luks2/luks2_token.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_token.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, token handling * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Milan Broz + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,7 +21,6 @@ #include #include -#include #include "luks2_internal.h" @@ -38,6 +37,7 @@ .u = { .v1 = { .name = LUKS2_TOKEN_KEYRING, .open = keyring_open, + .buffer_free = keyring_buffer_free, .validate = keyring_validate, .dump = keyring_dump } } @@ -423,7 +423,8 @@ JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); } -static int token_is_usable(struct luks2_hdr *hdr, json_object *jobj_token, int segment, crypt_keyslot_priority minimal_priority) +static int token_is_usable(struct luks2_hdr *hdr, json_object *jobj_token, int segment, + crypt_keyslot_priority minimal_priority, bool requires_keyslot) { crypt_keyslot_priority keyslot_priority; json_object *jobj_array; @@ -440,7 +441,13 @@ /* no assigned keyslot returns -ENOENT even for CRYPT_ANY_SEGMENT */ len = json_object_array_length(jobj_array); - if (len <= 0) + if (len < 0) + return -ENOENT; + + if (!requires_keyslot) + return 0; + + if (!len) return -ENOENT; for (i = 0; i < len; i++) { @@ -471,7 +478,7 @@ return ret_val; } -static int LUKS2_token_open(struct crypt_device *cd, +static int token_open(struct crypt_device *cd, struct luks2_hdr *hdr, int token, json_object *jobj_token, @@ -482,7 +489,8 @@ size_t pin_size, char **buffer, size_t *buffer_len, - void *usrptr) + void *usrptr, + bool requires_keyslot) { const struct crypt_token_handler_v2 *h; json_object *jobj_type; @@ -499,10 +507,11 @@ return -ENOENT; } - r = token_is_usable(hdr, jobj_token, segment, priority); + r = token_is_usable(hdr, jobj_token, segment, priority, requires_keyslot); if (r < 0) { if (r == -ENOENT) - log_dbg(cd, "Token %d unusable for segment %d with desired keyslot priority %d.", token, segment, priority); + log_dbg(cd, "Token %d unusable for segment %d with desired keyslot priority %d.", + token, segment, priority); return r; } @@ -594,7 +603,8 @@ return -EINVAL; if (keyslot_priority < priority) continue; - log_dbg(cd, "Trying to open keyslot %u with token %d (type %s).", num, token, json_object_get_string(jobj_type)); + log_dbg(cd, "Trying to open keyslot %u with token %d (type %s).", + num, token, json_object_get_string(jobj_type)); r = LUKS2_keyslot_open(cd, num, segment, buffer, buffer_len, vk); /* short circuit on fatal error */ if (r < 0 && r != -EPERM && r != -ENOENT) @@ -615,7 +625,7 @@ /* it is safe now, but have assert in case LUKS2_TOKENS_MAX grows */ assert(token >= 0 && (size_t)token < BITFIELD_SIZE(block_list)); - return (*block_list & (1 << token)); + return (*block_list & (UINT32_C(1) << token)); } static void token_block(int token, uint32_t *block_list) @@ -623,7 +633,7 @@ /* it is safe now, but have assert in case LUKS2_TOKENS_MAX grows */ assert(token >= 0 && (size_t)token < BITFIELD_SIZE(block_list)); - *block_list |= (1 << token); + *block_list |= (UINT32_C(1) << token); } static int token_open_priority(struct crypt_device *cd, @@ -650,7 +660,7 @@ token = atoi(slot); if (token_is_blocked(token, block_list)) continue; - r = LUKS2_token_open(cd, hdr, token, val, type, segment, priority, pin, pin_size, &buffer, &buffer_size, usrptr); + r = token_open(cd, hdr, token, val, type, segment, priority, pin, pin_size, &buffer, &buffer_size, usrptr, true); if (!r) { r = LUKS2_keyslot_open_by_token(cd, hdr, token, segment, priority, buffer, buffer_size, vk); @@ -669,7 +679,8 @@ return *stored_retval; } -static int token_open_any(struct crypt_device *cd, struct luks2_hdr *hdr, const char *type, int segment, const char *pin, size_t pin_size, void *usrptr, struct volume_key **vk) +static int token_open_any(struct crypt_device *cd, struct luks2_hdr *hdr, const char *type, int segment, + const char *pin, size_t pin_size, void *usrptr, struct volume_key **vk) { json_object *jobj_tokens; int r, retval = -ENOENT; @@ -681,41 +692,42 @@ if (!type) usrptr = NULL; - r = token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_PREFER, pin, pin_size, usrptr, &retval, &blocked, vk); + r = token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_PREFER, + pin, pin_size, usrptr, &retval, &blocked, vk); if (break_loop_retval(r)) return r; - return token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_NORMAL, pin, pin_size, usrptr, &retval, &blocked, vk); + return token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_NORMAL, + pin, pin_size, usrptr, &retval, &blocked, vk); } -int LUKS2_token_unlock_volume_key(struct crypt_device *cd, +int LUKS2_token_unlock_key(struct crypt_device *cd, struct luks2_hdr *hdr, int token, const char *type, const char *pin, size_t pin_size, - uint32_t flags, + int segment, void *usrptr, struct volume_key **vk) { char *buffer; size_t buffer_size; json_object *jobj_token; - int segment, r = -ENOENT; + int r = -ENOENT; assert(vk); - if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) - segment = CRYPT_ANY_SEGMENT; - else { + if (segment == CRYPT_DEFAULT_SEGMENT) segment = LUKS2_get_default_segment(hdr); - if (segment < 0) - return -EINVAL; - } + + if (segment < 0 && segment != CRYPT_ANY_SEGMENT) + return -EINVAL; if (token >= 0 && token < LUKS2_TOKENS_MAX) { if ((jobj_token = LUKS2_get_token_jobj(hdr, token))) { - r = LUKS2_token_open(cd, hdr, token, jobj_token, type, segment, CRYPT_SLOT_PRIORITY_IGNORE, pin, pin_size, &buffer, &buffer_size, usrptr); + r = token_open(cd, hdr, token, jobj_token, type, segment, CRYPT_SLOT_PRIORITY_IGNORE, + pin, pin_size, &buffer, &buffer_size, usrptr, true); if (!r) { r = LUKS2_keyslot_open_by_token(cd, hdr, token, segment, CRYPT_SLOT_PRIORITY_IGNORE, buffer, buffer_size, vk); @@ -751,10 +763,15 @@ void *usrptr) { bool use_keyring; - int keyslot, r; + int keyslot, r, segment; struct volume_key *vk = NULL; - r = LUKS2_token_unlock_volume_key(cd, hdr, token, type, pin, pin_size, flags, usrptr, &vk); + if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) + segment = CRYPT_ANY_SEGMENT; + else + segment = CRYPT_DEFAULT_SEGMENT; + + r = LUKS2_token_unlock_key(cd, hdr, token, type, pin, pin_size, segment, usrptr, &vk); if (r < 0) return r; @@ -871,6 +888,10 @@ json_object *jobj_tokens; int r = 0; + if ((keyslot < 0 && keyslot != CRYPT_ANY_SLOT) || keyslot >= LUKS2_KEYSLOTS_MAX || + (token < 0 && token != CRYPT_ANY_TOKEN) || token >= LUKS2_TOKENS_MAX) + return -EINVAL; + if (token == CRYPT_ANY_TOKEN) { json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens); @@ -953,3 +974,70 @@ return commit ? LUKS2_hdr_write(cd, hdr) : 0; } + +int LUKS2_token_unlock_passphrase(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *type, + const char *pin, + size_t pin_size, + void *usrptr, + char **passphrase, + size_t *passphrase_size) +{ + char *buffer; + size_t buffer_size; + json_object *jobj_token, *jobj_tokens; + int r = -ENOENT, retval = -ENOENT; + + if (!hdr) + return -EINVAL; + + if (token >= 0 && token < LUKS2_TOKENS_MAX) { + if ((jobj_token = LUKS2_get_token_jobj(hdr, token))) + r = token_open(cd, hdr, token, jobj_token, type, CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE, + pin, pin_size, &buffer, &buffer_size, usrptr, false); + } else if (token == CRYPT_ANY_TOKEN) { + json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens); + + if (!type) + usrptr = NULL; + + json_object_object_foreach(jobj_tokens, slot, val) { + token = atoi(slot); + r = token_open(cd, hdr, token, val, type, CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE, + pin, pin_size, &buffer, &buffer_size, usrptr, false); + + /* + * return priorities (ordered form least to most significant): + * ENOENT - unusable for activation (no token handler, invalid token metadata, etc) + * EAGAIN - usable but not ready (token HW is missing) + * ENOANO - ready, but token pin is wrong or missing + * + * success (>= 0) or any other negative errno short-circuits token activation loop + * immediately + */ + if (break_loop_retval(r)) + goto out; + + update_return_errno(r, &retval); + } + r = retval; + } else + r = -EINVAL; +out: + if (!r) { + *passphrase = crypt_safe_alloc(buffer_size); + if (*passphrase) { + memcpy(*passphrase, buffer, buffer_size); + *passphrase_size = buffer_size; + } else + r = -ENOMEM; + LUKS2_token_buffer_free(cd, token, buffer, buffer_size); + } + + if (!r) + return token; + + return r; +} diff -Nru cryptsetup-2.5.0/lib/luks2/luks2_token_keyring.c cryptsetup-2.6.1/lib/luks2/luks2_token_keyring.c --- cryptsetup-2.5.0/lib/luks2/luks2_token_keyring.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/luks2/luks2_token_keyring.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, kernel keyring token * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,8 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include - #include "luks2_internal.h" int keyring_open(struct crypt_device *cd, @@ -139,3 +137,8 @@ return token; } + +void keyring_buffer_free(void *buffer, size_t buffer_len __attribute__((unused))) +{ + crypt_safe_free(buffer); +} diff -Nru cryptsetup-2.5.0/lib/Makemodule.am cryptsetup-2.6.1/lib/Makemodule.am --- cryptsetup-2.5.0/lib/Makemodule.am 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/Makemodule.am 2023-02-09 16:12:17.000000000 +0000 @@ -53,8 +53,6 @@ lib/utils_loop.h \ lib/utils_devpath.c \ lib/utils_wipe.c \ - lib/utils_fips.c \ - lib/utils_fips.h \ lib/utils_device.c \ lib/utils_keyring.c \ lib/utils_keyring.h \ @@ -75,6 +73,8 @@ lib/loopaes/loopaes.c \ lib/tcrypt/tcrypt.h \ lib/tcrypt/tcrypt.c \ + lib/keyslot_context.h \ + lib/keyslot_context.c \ lib/luks1/af.h \ lib/luks1/af.c \ lib/luks1/keyencryption.c \ @@ -106,4 +106,6 @@ lib/utils_blkid.c \ lib/utils_blkid.h \ lib/bitlk/bitlk.h \ - lib/bitlk/bitlk.c + lib/bitlk/bitlk.c \ + lib/fvault2/fvault2.h \ + lib/fvault2/fvault2.c diff -Nru cryptsetup-2.5.0/lib/random.c cryptsetup-2.6.1/lib/random.c --- cryptsetup-2.5.0/lib/random.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/random.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * cryptsetup kernel RNG access functions * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,7 +21,6 @@ #include #include #include -#include #include #include "libcryptsetup.h" @@ -171,6 +170,7 @@ return -ENOSYS; } +/* coverity[ -taint_source : arg-1 ] */ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality) { int status, rng_type; diff -Nru cryptsetup-2.5.0/lib/setup.c cryptsetup-2.6.1/lib/setup.c --- cryptsetup-2.5.0/lib/setup.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/setup.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -36,8 +36,10 @@ #include "tcrypt/tcrypt.h" #include "integrity/integrity.h" #include "bitlk/bitlk.h" +#include "fvault2/fvault2.h" #include "utils_device_locking.h" #include "internal.h" +#include "keyslot_context.h" #define CRYPT_CD_UNRESTRICTED (1 << 0) #define CRYPT_CD_QUIET (1 << 1) @@ -112,6 +114,9 @@ struct bitlk_metadata params; char *cipher_spec; } bitlk; + struct { /* used in CRYPT_FVAULT2 */ + struct fvault2_params params; + } fvault2; struct { /* used if initialized without header by name */ char *active_name; /* buffers, must refresh from kernel on every query */ @@ -323,6 +328,11 @@ return (type && !strcmp(CRYPT_BITLK, type)); } +static int isFVAULT2(const char *type) +{ + return (type && !strcmp(CRYPT_FVAULT2, type)); +} + static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags) { int r = 0; @@ -386,15 +396,12 @@ static void crypt_set_null_type(struct crypt_device *cd) { - if (!cd->type) - return; - free(cd->type); cd->type = NULL; - cd->u.none.active_name = NULL; cd->data_offset = 0; cd->metadata_size = 0; cd->keyslots_size = 0; + crypt_safe_memzero(&cd->u, sizeof(cd->u)); } static void crypt_reset_null_type(struct crypt_device *cd) @@ -482,7 +489,7 @@ size_t len; int r; - /* Must user header-on-disk if we know type here */ + /* Must use header-on-disk if we know the type here */ if (cd->type || !cd->u.none.active_name) return -EINVAL; @@ -691,6 +698,49 @@ return r; } +static void crypt_free_type(struct crypt_device *cd, const char *force_type) +{ + const char *type = force_type ?: cd->type; + + if (isPLAIN(type)) { + free(CONST_CAST(void*)cd->u.plain.hdr.hash); + free(cd->u.plain.cipher); + free(cd->u.plain.cipher_spec); + } else if (isLUKS2(type)) { + LUKS2_reencrypt_free(cd, cd->u.luks2.rh); + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); + free(cd->u.luks2.keyslot_cipher); + } else if (isLUKS1(type)) { + free(cd->u.luks1.cipher_spec); + } else if (isLOOPAES(type)) { + free(CONST_CAST(void*)cd->u.loopaes.hdr.hash); + free(cd->u.loopaes.cipher); + free(cd->u.loopaes.cipher_spec); + } else if (isVERITY(type)) { + free(CONST_CAST(void*)cd->u.verity.hdr.hash_name); + free(CONST_CAST(void*)cd->u.verity.hdr.data_device); + free(CONST_CAST(void*)cd->u.verity.hdr.hash_device); + free(CONST_CAST(void*)cd->u.verity.hdr.fec_device); + free(CONST_CAST(void*)cd->u.verity.hdr.salt); + free(CONST_CAST(void*)cd->u.verity.root_hash); + free(cd->u.verity.uuid); + device_free(cd, cd->u.verity.fec_device); + } else if (isINTEGRITY(type)) { + free(CONST_CAST(void*)cd->u.integrity.params.integrity); + free(CONST_CAST(void*)cd->u.integrity.params.journal_integrity); + free(CONST_CAST(void*)cd->u.integrity.params.journal_crypt); + crypt_free_volume_key(cd->u.integrity.journal_crypt_key); + crypt_free_volume_key(cd->u.integrity.journal_mac_key); + } else if (isBITLK(type)) { + free(cd->u.bitlk.cipher_spec); + BITLK_bitlk_metadata_free(&cd->u.bitlk.params); + } else if (!type) { + free(cd->u.none.active_name); + cd->u.none.active_name = NULL; + } + + crypt_set_null_type(cd); +} /* internal only */ struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd) @@ -743,12 +793,18 @@ return r; } -static void _luks2_reload(struct crypt_device *cd) +static void _luks2_rollback(struct crypt_device *cd) { if (!cd || !isLUKS2(cd->type)) return; - (void) _crypt_load_luks2(cd, 1, 0); + if (LUKS2_hdr_rollback(cd, &cd->u.luks2.hdr)) { + log_err(cd, _("Failed to rollback LUKS2 metadata in memory.")); + return; + } + + free(cd->u.luks2.keyslot_cipher); + cd->u.luks2.keyslot_cipher = NULL; } static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type, @@ -864,18 +920,20 @@ cd->u.tcrypt.params.veracrypt_pim = 0; if (r < 0) - return r; + goto out; if (!cd->type && !(cd->type = strdup(CRYPT_TCRYPT))) - return -ENOMEM; - + r = -ENOMEM; +out: + if (r < 0) + crypt_free_type(cd, CRYPT_TCRYPT); return r; } static int _crypt_load_verity(struct crypt_device *cd, struct crypt_params_verity *params) { int r; - size_t sb_offset = 0; + uint64_t sb_offset = 0; r = init_crypto(cd); if (r < 0) @@ -889,14 +947,11 @@ r = VERITY_read_sb(cd, sb_offset, &cd->u.verity.uuid, &cd->u.verity.hdr); if (r < 0) - return r; + goto out; if (!cd->type && !(cd->type = strdup(CRYPT_VERITY))) { - free(CONST_CAST(void*)cd->u.verity.hdr.hash_name); - free(CONST_CAST(void*)cd->u.verity.hdr.salt); - free(cd->u.verity.uuid); - crypt_safe_memzero(&cd->u.verity.hdr, sizeof(cd->u.verity.hdr)); - return -ENOMEM; + r = -ENOMEM; + goto out; } if (params) @@ -904,21 +959,25 @@ /* Hash availability checked in sb load */ cd->u.verity.root_hash_size = crypt_hash_size(cd->u.verity.hdr.hash_name); - if (cd->u.verity.root_hash_size > 4096) - return -EINVAL; + if (cd->u.verity.root_hash_size > 4096) { + r = -EINVAL; + goto out; + } if (params && params->data_device && (r = crypt_set_data_device(cd, params->data_device)) < 0) - return r; + goto out; if (params && params->fec_device) { r = device_alloc(cd, &cd->u.verity.fec_device, params->fec_device); if (r < 0) - return r; + goto out; cd->u.verity.hdr.fec_area_offset = params->fec_area_offset; cd->u.verity.hdr.fec_roots = params->fec_roots; } - +out: + if (r < 0) + crypt_free_type(cd, CRYPT_VERITY); return r; } @@ -933,45 +992,49 @@ r = INTEGRITY_read_sb(cd, &cd->u.integrity.params, &cd->u.integrity.sb_flags); if (r < 0) - return r; + goto out; // FIXME: add checks for fields in integrity sb vs params + r = -ENOMEM; if (params) { cd->u.integrity.params.journal_watermark = params->journal_watermark; cd->u.integrity.params.journal_commit_time = params->journal_commit_time; cd->u.integrity.params.buffer_sectors = params->buffer_sectors; - // FIXME: check ENOMEM - if (params->integrity) - cd->u.integrity.params.integrity = strdup(params->integrity); + if (params->integrity && + !(cd->u.integrity.params.integrity = strdup(params->integrity))) + goto out; cd->u.integrity.params.integrity_key_size = params->integrity_key_size; - if (params->journal_integrity) - cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity); - if (params->journal_crypt) - cd->u.integrity.params.journal_crypt = strdup(params->journal_crypt); + if (params->journal_integrity && + !(cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity))) + goto out; + if (params->journal_crypt && + !(cd->u.integrity.params.journal_crypt = strdup(params->journal_crypt))) + goto out; if (params->journal_crypt_key) { cd->u.integrity.journal_crypt_key = crypt_alloc_volume_key(params->journal_crypt_key_size, params->journal_crypt_key); if (!cd->u.integrity.journal_crypt_key) - return -ENOMEM; + goto out; } if (params->journal_integrity_key) { cd->u.integrity.journal_mac_key = crypt_alloc_volume_key(params->journal_integrity_key_size, params->journal_integrity_key); if (!cd->u.integrity.journal_mac_key) - return -ENOMEM; + goto out; } } - if (!cd->type && !(cd->type = strdup(CRYPT_INTEGRITY))) { - free(CONST_CAST(void*)cd->u.integrity.params.integrity); - return -ENOMEM; - } - - return 0; + if (!cd->type && !(cd->type = strdup(CRYPT_INTEGRITY))) + goto out; + r = 0; +out: + if (r < 0) + crypt_free_type(cd, CRYPT_INTEGRITY); + return r; } static int _crypt_load_bitlk(struct crypt_device *cd) @@ -984,20 +1047,45 @@ r = BITLK_read_sb(cd, &cd->u.bitlk.params); if (r < 0) - return r; + goto out; if (asprintf(&cd->u.bitlk.cipher_spec, "%s-%s", cd->u.bitlk.params.cipher, cd->u.bitlk.params.cipher_mode) < 0) { cd->u.bitlk.cipher_spec = NULL; - return -ENOMEM; + r = -ENOMEM; + goto out; } - if (!cd->type && !(cd->type = strdup(CRYPT_BITLK))) - return -ENOMEM; + if (!cd->type && !(cd->type = strdup(CRYPT_BITLK))) { + r = -ENOMEM; + goto out; + } device_set_block_size(crypt_data_device(cd), cd->u.bitlk.params.sector_size); +out: + if (r < 0) + crypt_free_type(cd, CRYPT_BITLK); + return r; +} - return 0; +static int _crypt_load_fvault2(struct crypt_device *cd) +{ + int r; + + r = init_crypto(cd); + if (r < 0) + return r; + + r = FVAULT2_read_metadata(cd, &cd->u.fvault2.params); + if (r < 0) + goto out; + + if (!cd->type && !(cd->type = strdup(CRYPT_FVAULT2))) + r = -ENOMEM; +out: + if (r < 0) + crypt_free_type(cd, CRYPT_FVAULT2); + return r; } int crypt_load(struct crypt_device *cd, @@ -1051,6 +1139,12 @@ return -EINVAL; } r = _crypt_load_bitlk(cd); + } else if (isFVAULT2(requested_type)) { + if (cd->type && !isFVAULT2(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } + r = _crypt_load_fvault2(cd); } else return -EINVAL; @@ -1110,52 +1204,11 @@ return NULL; } -static void crypt_free_type(struct crypt_device *cd) -{ - if (isPLAIN(cd->type)) { - free(CONST_CAST(void*)cd->u.plain.hdr.hash); - free(cd->u.plain.cipher); - free(cd->u.plain.cipher_spec); - } else if (isLUKS2(cd->type)) { - LUKS2_reencrypt_free(cd, cd->u.luks2.rh); - LUKS2_hdr_free(cd, &cd->u.luks2.hdr); - free(cd->u.luks2.keyslot_cipher); - } else if (isLUKS1(cd->type)) { - free(cd->u.luks1.cipher_spec); - } else if (isLOOPAES(cd->type)) { - free(CONST_CAST(void*)cd->u.loopaes.hdr.hash); - free(cd->u.loopaes.cipher); - free(cd->u.loopaes.cipher_spec); - } else if (isVERITY(cd->type)) { - free(CONST_CAST(void*)cd->u.verity.hdr.hash_name); - free(CONST_CAST(void*)cd->u.verity.hdr.data_device); - free(CONST_CAST(void*)cd->u.verity.hdr.hash_device); - free(CONST_CAST(void*)cd->u.verity.hdr.fec_device); - free(CONST_CAST(void*)cd->u.verity.hdr.salt); - free(CONST_CAST(void*)cd->u.verity.root_hash); - free(cd->u.verity.uuid); - device_free(cd, cd->u.verity.fec_device); - } else if (isINTEGRITY(cd->type)) { - free(CONST_CAST(void*)cd->u.integrity.params.integrity); - free(CONST_CAST(void*)cd->u.integrity.params.journal_integrity); - free(CONST_CAST(void*)cd->u.integrity.params.journal_crypt); - crypt_free_volume_key(cd->u.integrity.journal_crypt_key); - crypt_free_volume_key(cd->u.integrity.journal_mac_key); - } else if (isBITLK(cd->type)) { - free(cd->u.bitlk.cipher_spec); - BITLK_bitlk_metadata_free(&cd->u.bitlk.params); - } else if (!cd->type) { - free(cd->u.none.active_name); - cd->u.none.active_name = NULL; - } - - crypt_set_null_type(cd); -} - static int _init_by_name_crypt(struct crypt_device *cd, const char *name) { bool found = false; - char **dep, *cipher_spec = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = {}; + char **dep, *cipher_spec = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + char deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = {}; const char *dev, *namei; int key_nums, r; struct crypt_dm_active_device dmd, dmdi = {}, dmdep = {}; @@ -1284,7 +1337,7 @@ if (r < 0) { log_dbg(cd, "LUKS device header uuid: %s mismatches DM returned uuid %s", LUKS_UUID(cd), dmd.uuid); - crypt_free_type(cd); + crypt_free_type(cd, NULL); r = 0; goto out; } @@ -1303,6 +1356,13 @@ crypt_set_null_type(cd); r = 0; } + } else if (isFVAULT2(cd->type)) { + r = _crypt_load_fvault2(cd); + if (r < 0) { + log_dbg(cd, "FVAULT2 device header not available."); + crypt_set_null_type(cd); + r = 0; + } } out: dm_targets_free(cd, &dmd); @@ -1473,6 +1533,8 @@ (*cd)->type = strdup(CRYPT_INTEGRITY); else if (!strncmp(CRYPT_BITLK, dmd.uuid, sizeof(CRYPT_BITLK)-1)) (*cd)->type = strdup(CRYPT_BITLK); + else if (!strncmp(CRYPT_FVAULT2, dmd.uuid, sizeof(CRYPT_FVAULT2)-1)) + (*cd)->type = strdup(CRYPT_FVAULT2); else log_dbg(NULL, "Unknown UUID set, some parameters are not set."); } else @@ -1682,9 +1744,6 @@ if (r < 0) return r; - if (!device_size(crypt_data_device(cd), &dev_size) && - dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE)) - log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n")); if (asprintf(&cd->u.luks1.cipher_spec, "%s-%s", cipher, cipher_mode) < 0) { cd->u.luks1.cipher_spec = NULL; @@ -1700,10 +1759,17 @@ } r = LUKS_write_phdr(&cd->u.luks1.hdr, cd); - if (r) + if (r) { free(cd->u.luks1.cipher_spec); + return r; + } - return r; + if (!device_size(crypt_data_device(cd), &dev_size) && + dev_size <= (crypt_get_data_offset(cd) * SECTOR_SIZE)) + log_std(cd, _("Device %s is too small for activation, there is no remaining space for data.\n"), + device_path(crypt_data_device(cd))); + + return 0; } static int _crypt_format_luks2(struct crypt_device *cd, @@ -1879,9 +1945,6 @@ if (r < 0) goto out; - if (dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE)) - log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n")); - if (cd->metadata_size && (cd->metadata_size != LUKS2_metadata_size(&cd->u.luks2.hdr))) log_std(cd, _("WARNING: LUKS2 metadata size changed to %" PRIu64 " bytes.\n"), LUKS2_metadata_size(&cd->u.luks2.hdr)); @@ -1962,10 +2025,18 @@ } out: - if (r) + if (r) { LUKS2_hdr_free(cd, &cd->u.luks2.hdr); + return r; + } - return r; + /* Device size can be larger now if it is a file container */ + if (!device_size(crypt_data_device(cd), &dev_size) && + dev_size <= (crypt_get_data_offset(cd) * SECTOR_SIZE)) + log_std(cd, _("Device %s is too small for activation, there is no remaining space for data.\n"), + device_path(crypt_data_device(cd))); + + return 0; } static int _crypt_format_loopaes(struct crypt_device *cd, @@ -2392,7 +2463,8 @@ } /* compare volume keys */ -static int _compare_volume_keys(struct volume_key *svk, unsigned skeyring_only, struct volume_key *tvk, unsigned tkeyring_only) +static int _compare_volume_keys(struct volume_key *svk, unsigned skeyring_only, + struct volume_key *tvk, unsigned tkeyring_only) { if (!svk && !tvk) return 0; @@ -2448,6 +2520,9 @@ const struct dm_target *src, const struct dm_target *tgt) { + char *src_cipher = NULL, *src_integrity = NULL; + int r = -EINVAL; + /* for crypt devices keys are mandatory */ if (!src->u.crypt.vk || !tgt->u.crypt.vk) return -EINVAL; @@ -2455,21 +2530,30 @@ /* CIPHER checks */ if (!src->u.crypt.cipher || !tgt->u.crypt.cipher) return -EINVAL; - if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) { - log_dbg(cd, "Cipher specs do not match."); + + /* + * dm_query_target converts capi cipher specification to dm-crypt format. + * We need to do same for cipher specification requested in source + * device. + */ + if (crypt_capi_to_cipher(&src_cipher, &src_integrity, src->u.crypt.cipher, src->u.crypt.integrity)) return -EINVAL; + + if (strcmp(src_cipher, tgt->u.crypt.cipher)) { + log_dbg(cd, "Cipher specs do not match."); + goto out; } if (tgt->u.crypt.vk->keylength == 0 && crypt_is_cipher_null(tgt->u.crypt.cipher)) log_dbg(cd, "Existing device uses cipher null. Skipping key comparison."); else if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) { log_dbg(cd, "Keys in context and target device do not match."); - return -EINVAL; + goto out; } - if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) { + if (crypt_strcmp(src_integrity, tgt->u.crypt.integrity)) { log_dbg(cd, "Integrity parameters do not match."); - return -EINVAL; + goto out; } if (src->u.crypt.offset != tgt->u.crypt.offset || @@ -2477,15 +2561,19 @@ src->u.crypt.iv_offset != tgt->u.crypt.iv_offset || src->u.crypt.tag_size != tgt->u.crypt.tag_size) { log_dbg(cd, "Integer parameters do not match."); - return -EINVAL; + goto out; } - if (device_is_identical(src->data_device, tgt->data_device) <= 0) { + if (device_is_identical(src->data_device, tgt->data_device) <= 0) log_dbg(cd, "Data devices do not match."); - return -EINVAL; - } + else + r = 0; - return 0; +out: + free(src_cipher); + free(src_integrity); + + return r; } static int _compare_integrity_devices(struct crypt_device *cd, @@ -2597,13 +2685,16 @@ r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER | DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE | - DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_INTEGRITY_PARAMS | DM_ACTIVE_JOURNAL_CRYPT_KEY | DM_ACTIVE_JOURNAL_MAC_KEY, &tdmd); + DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_INTEGRITY_PARAMS | + DM_ACTIVE_JOURNAL_CRYPT_KEY | DM_ACTIVE_JOURNAL_MAC_KEY, &tdmd); if (r < 0) { log_err(cd, _("Device %s is not active."), name); return -EINVAL; } - if (!single_segment(&tdmd) || (tgt->type != DM_CRYPT && tgt->type != DM_INTEGRITY) || (tgt->type == DM_CRYPT && tgt->u.crypt.tag_size)) { + if (!single_segment(&tdmd) || + (tgt->type != DM_CRYPT && tgt->type != DM_INTEGRITY) || + (tgt->type == DM_CRYPT && tgt->u.crypt.tag_size)) { r = -ENOTSUP; log_err(cd, _("Unsupported parameters on device %s."), name); goto out; @@ -2854,7 +2945,9 @@ log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size); - r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_INTEGRITY_PARAMS | DM_ACTIVE_JOURNAL_CRYPT_KEY | DM_ACTIVE_JOURNAL_MAC_KEY, &dmdq); + r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY | + DM_ACTIVE_INTEGRITY_PARAMS | DM_ACTIVE_JOURNAL_CRYPT_KEY | + DM_ACTIVE_JOURNAL_MAC_KEY, &dmdq); if (r < 0) { log_err(cd, _("Device %s is not active."), name); return -EINVAL; @@ -2914,7 +3007,8 @@ r = dm_integrity_target_set(cd, &dmd.segment, 0, dmdq.segment.size, crypt_metadata_device(cd), crypt_data_device(cd), crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd), - crypt_get_sector_size(cd), tgt->u.integrity.vk, tgt->u.integrity.journal_crypt_key, tgt->u.integrity.journal_integrity_key, ¶ms); + crypt_get_sector_size(cd), tgt->u.integrity.vk, tgt->u.integrity.journal_crypt_key, + tgt->u.integrity.journal_integrity_key, ¶ms); if (r) goto out; r = _reload_device(cd, name, &dmd); @@ -2927,7 +3021,9 @@ return r; log_dbg(cd, "Maximum integrity device size from kernel %" PRIu64, new_size); - if (old_size == new_size && new_size == dmdq.size && !dm_flags(cd, tgt->type, &supported_flags) && !(supported_flags & DM_INTEGRITY_RESIZE_SUPPORTED)) + if (old_size == new_size && new_size == dmdq.size && + !dm_flags(cd, tgt->type, &supported_flags) && + !(supported_flags & DM_INTEGRITY_RESIZE_SUPPORTED)) log_std(cd, _("WARNING: Maximum size already set or kernel doesn't support resize.\n")); } @@ -2968,7 +3064,8 @@ r = dm_integrity_target_set(cd, &dmd.segment, 0, new_size, crypt_metadata_device(cd), crypt_data_device(cd), crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd), - crypt_get_sector_size(cd), tgt->u.integrity.vk, tgt->u.integrity.journal_crypt_key, tgt->u.integrity.journal_integrity_key, ¶ms); + crypt_get_sector_size(cd), tgt->u.integrity.vk, tgt->u.integrity.journal_crypt_key, + tgt->u.integrity.journal_integrity_key, ¶ms); if (r) goto out; } @@ -2985,7 +3082,9 @@ if (!r) r = _reload_device(cd, name, &dmd); - if (r && tgt->type == DM_INTEGRITY && !dm_flags(cd, tgt->type, &supported_flags) && !(supported_flags & DM_INTEGRITY_RESIZE_SUPPORTED)) + if (r && tgt->type == DM_INTEGRITY && + !dm_flags(cd, tgt->type, &supported_flags) && + !(supported_flags & DM_INTEGRITY_RESIZE_SUPPORTED)) log_err(cd, _("Resize failed, the kernel doesn't support it.")); } out: @@ -3127,7 +3226,7 @@ } else if (isLUKS2(cd->type) && (!requested_type || isLUKS2(requested_type))) { r = LUKS2_hdr_restore(cd, &cd->u.luks2.hdr, backup_file); if (r) - _luks2_reload(cd); + (void) _crypt_load_luks2(cd, 1, 0); } else if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type))) r = LUKS_hdr_restore(backup_file, &cd->u.luks1.hdr, cd); else @@ -3143,7 +3242,7 @@ { int r; - if (!cd || !isLUKS(cd->type)) + if (!cd || (cd->type && !isLUKS(cd->type))) return -EINVAL; r = device_is_identical(crypt_data_device(cd), crypt_metadata_device(cd)); @@ -3165,7 +3264,7 @@ dm_backend_exit(cd); crypt_free_volume_key(cd->volume_key); - crypt_free_type(cd); + crypt_free_type(cd, NULL); device_free(cd, cd->device); device_free(cd, cd->metadata_device); @@ -3385,7 +3484,8 @@ r = LUKS_open_key_with_hdr(keyslot, passphrase_read, passphrase_size_read, &cd->u.luks1.hdr, &vk, cd); else - r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, passphrase_read, passphrase_size_read, &vk); + r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, + passphrase_read, passphrase_size_read, &vk); crypt_safe_free(passphrase_read); if (r < 0) @@ -3490,7 +3590,8 @@ return -EINVAL; } - r = LUKS2_token_unlock_volume_key(cd, &cd->u.luks2.hdr, token, type, pin, pin_size, 0, usrptr, &vk); + r = LUKS2_token_unlock_key(cd, &cd->u.luks2.hdr, token, type, + pin, pin_size, CRYPT_DEFAULT_SEGMENT, usrptr, &vk); keyslot = r; if (r >= 0) r = resume_by_volume_key(cd, vk, name); @@ -3509,82 +3610,21 @@ const char *new_passphrase, size_t new_passphrase_size) { - int digest, r, active_slots; - struct luks2_keyslot_params params; - struct volume_key *vk = NULL; - - log_dbg(cd, "Adding new keyslot, existing passphrase %sprovided," - "new passphrase %sprovided.", - passphrase ? "" : "not ", new_passphrase ? "" : "not "); - - if ((r = onlyLUKS(cd))) - return r; + int r; + struct crypt_keyslot_context kc, new_kc; if (!passphrase || !new_passphrase) return -EINVAL; - r = keyslot_verify_or_find_empty(cd, &keyslot); - if (r) - return r; - - if (isLUKS1(cd->type)) - active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr); - else - active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); - if (active_slots == 0) { - /* No slots used, try to use pre-generated key in header */ - if (cd->volume_key) { - vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); - r = vk ? 0 : -ENOMEM; - } else { - log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.")); - return -EINVAL; - } - } else if (active_slots < 0) - return -EINVAL; - else { - /* Passphrase provided, use it to unlock existing keyslot */ - if (isLUKS1(cd->type)) - r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, passphrase, - passphrase_size, &cd->u.luks1.hdr, &vk, cd); - else - r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, passphrase, - passphrase_size, &vk); - } - - if (r < 0) - goto out; - - if (isLUKS1(cd->type)) - r = LUKS_set_key(keyslot, CONST_CAST(char*)new_passphrase, - new_passphrase_size, &cd->u.luks1.hdr, vk, cd); - else { - r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); - digest = r; - - if (r >= 0) - r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); - - if (r >= 0) - r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0); + crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size); + crypt_keyslot_unlock_by_passphrase_init_internal(&new_kc, new_passphrase, new_passphrase_size); - if (r >= 0) - r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot, - CONST_CAST(char*)new_passphrase, - new_passphrase_size, vk, ¶ms); - } + r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, 0); - if (r < 0) - goto out; + crypt_keyslot_context_destroy_internal(&kc); + crypt_keyslot_context_destroy_internal(&new_kc); - r = 0; -out: - crypt_free_volume_key(vk); - if (r < 0) { - _luks2_reload(cd); - return r; - } - return keyslot; + return r; } int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, @@ -3698,7 +3738,7 @@ out: crypt_free_volume_key(vk); if (r < 0) { - _luks2_reload(cd); + _luks2_rollback(cd); return r; } return keyslot_new; @@ -3713,87 +3753,21 @@ size_t new_keyfile_size, uint64_t new_keyfile_offset) { - int digest, r, active_slots; - size_t passwordLen, new_passwordLen; - struct luks2_keyslot_params params; - char *password = NULL, *new_password = NULL; - struct volume_key *vk = NULL; + int r; + struct crypt_keyslot_context kc, new_kc; if (!keyfile || !new_keyfile) return -EINVAL; - log_dbg(cd, "Adding new keyslot, existing keyfile %s, new keyfile %s.", - keyfile, new_keyfile); + crypt_keyslot_unlock_by_keyfile_init_internal(&kc, keyfile, keyfile_size, keyfile_offset); + crypt_keyslot_unlock_by_keyfile_init_internal(&new_kc, new_keyfile, new_keyfile_size, new_keyfile_offset); - if ((r = onlyLUKS(cd))) - return r; + r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, 0); - r = keyslot_verify_or_find_empty(cd, &keyslot); - if (r) - return r; - - if (isLUKS1(cd->type)) - active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr); - else - active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); - if (active_slots == 0) { - /* No slots used, try to use pre-generated key in header */ - if (cd->volume_key) { - vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); - r = vk ? 0 : -ENOMEM; - } else { - log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.")); - return -EINVAL; - } - } else { - r = crypt_keyfile_device_read(cd, keyfile, - &password, &passwordLen, - keyfile_offset, keyfile_size, 0); - if (r < 0) - goto out; + crypt_keyslot_context_destroy_internal(&kc); + crypt_keyslot_context_destroy_internal(&new_kc); - if (isLUKS1(cd->type)) - r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, password, passwordLen, - &cd->u.luks1.hdr, &vk, cd); - else - r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, password, passwordLen, &vk); - } - - if (r < 0) - goto out; - - r = crypt_keyfile_device_read(cd, new_keyfile, - &new_password, &new_passwordLen, - new_keyfile_offset, new_keyfile_size, 0); - if (r < 0) - goto out; - - if (isLUKS1(cd->type)) - r = LUKS_set_key(keyslot, new_password, new_passwordLen, - &cd->u.luks1.hdr, vk, cd); - else { - r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); - digest = r; - - if (r >= 0) - r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); - - if (r >= 0) - r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0); - - if (r >= 0) - r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot, - new_password, new_passwordLen, vk, ¶ms); - } -out: - crypt_safe_free(password); - crypt_safe_free(new_password); - crypt_free_volume_key(vk); - if (r < 0) { - _luks2_reload(cd); - return r; - } - return keyslot; + return r; } int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, @@ -3829,43 +3803,21 @@ const char *passphrase, size_t passphrase_size) { - struct volume_key *vk = NULL; int r; + struct crypt_keyslot_context kc, new_kc; if (!passphrase) return -EINVAL; - log_dbg(cd, "Adding new keyslot %d using volume key.", keyslot); - - if ((r = onlyLUKS(cd))) - return r; - - if (isLUKS2(cd->type)) - return crypt_keyslot_add_by_key(cd, keyslot, - volume_key, volume_key_size, passphrase, - passphrase_size, 0); - - r = keyslot_verify_or_find_empty(cd, &keyslot); - if (r < 0) - return r; - - if (volume_key) - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - else if (cd->volume_key) - vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size); + crypt_keyslot_unlock_by_passphrase_init_internal(&new_kc, passphrase, passphrase_size); - if (!vk) - return -ENOMEM; + r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, 0); - r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); - if (r < 0) - log_err(cd, _("Volume key does not match the volume.")); - else - r = LUKS_set_key(keyslot, passphrase, passphrase_size, - &cd->u.luks1.hdr, vk, cd); + crypt_keyslot_context_destroy_internal(&kc); + crypt_keyslot_context_destroy_internal(&new_kc); - crypt_free_volume_key(vk); - return (r < 0) ? r : keyslot; + return r; } int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) @@ -4392,6 +4344,10 @@ r = BITLK_activate_by_passphrase(cd, name, passphrase, passphrase_size, &cd->u.bitlk.params, flags); keyslot = 0; + } else if (isFVAULT2(cd->type)) { + r = FVAULT2_activate_by_passphrase(cd, name, passphrase, passphrase_size, + &cd->u.fvault2.params, flags); + keyslot = 0; } else { log_err(cd, _("Device type is not properly initialized.")); r = -EINVAL; @@ -4622,7 +4578,8 @@ if (!crypt_use_keyring_for_vk(cd)) use_keyring = false; else - use_keyring = (name && !crypt_is_cipher_null(crypt_get_cipher(cd))) || (flags & CRYPT_ACTIVATE_KEYRING_KEY); + use_keyring = (name && !crypt_is_cipher_null(crypt_get_cipher(cd))) || + (flags & CRYPT_ACTIVATE_KEYRING_KEY); if (!r && use_keyring) { r = LUKS2_key_description_by_segment(cd, @@ -4909,10 +4866,34 @@ const char *passphrase, size_t passphrase_size) { + int r; + struct crypt_keyslot_context kc; + + if (!passphrase) + return crypt_volume_key_get_by_keyslot_context(cd, keyslot, volume_key, volume_key_size, NULL); + + crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size); + + r = crypt_volume_key_get_by_keyslot_context(cd, keyslot, volume_key, volume_key_size, &kc); + + crypt_keyslot_context_destroy_internal(&kc); + + return r; +} + +int crypt_volume_key_get_by_keyslot_context(struct crypt_device *cd, + int keyslot, + char *volume_key, + size_t *volume_key_size, + struct crypt_keyslot_context *kc) +{ + size_t passphrase_size; + int key_len, r; + const char *passphrase = NULL; struct volume_key *vk = NULL; - int key_len, r = -EINVAL; - if (!cd || !volume_key || !volume_key_size || (!isTCRYPT(cd->type) && !isVERITY(cd->type) && !passphrase)) + if (!cd || !volume_key || !volume_key_size || + (!kc && !isLUKS(cd->type) && !isTCRYPT(cd->type) && !isVERITY(cd->type))) return -EINVAL; if (isLUKS2(cd->type) && keyslot != CRYPT_ANY_SLOT) @@ -4928,20 +4909,39 @@ return -ENOMEM; } - if (isPLAIN(cd->type) && cd->u.plain.hdr.hash) { - r = process_key(cd, cd->u.plain.hdr.hash, key_len, - passphrase, passphrase_size, &vk); + if (kc && (!kc->get_passphrase || kc->type == CRYPT_KC_TYPE_KEY)) + return -EINVAL; + + if (kc) { + r = kc->get_passphrase(cd, kc, &passphrase, &passphrase_size); if (r < 0) - log_err(cd, _("Cannot retrieve volume key for plain device.")); + return r; + } + + r = -EINVAL; + + if (isLUKS2(cd->type)) { + if (kc && !kc->get_luks2_key) + log_err(cd, _("Cannot retrieve volume key for LUKS2 device.")); + else if (!kc) + r = -ENOENT; + else + r = kc->get_luks2_key(cd, kc, keyslot, + keyslot == CRYPT_ANY_SLOT ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT, + &vk); } else if (isLUKS1(cd->type)) { - r = LUKS_open_key_with_hdr(keyslot, passphrase, - passphrase_size, &cd->u.luks1.hdr, &vk, cd); - } else if (isLUKS2(cd->type)) { - r = LUKS2_keyslot_open(cd, keyslot, - keyslot == CRYPT_ANY_SLOT ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT, - passphrase, passphrase_size, &vk); - } else if (isTCRYPT(cd->type)) { - r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk); + if (kc && !kc->get_luks1_volume_key) + log_err(cd, _("Cannot retrieve volume key for LUKS1 device.")); + else if (!kc) + r = -ENOENT; + else + r = kc->get_luks1_volume_key(cd, kc, keyslot, &vk); + } else if (isPLAIN(cd->type)) { + if (passphrase && cd->u.plain.hdr.hash) + r = process_key(cd, cd->u.plain.hdr.hash, key_len, + passphrase, passphrase_size, &vk); + if (r < 0) + log_err(cd, _("Cannot retrieve volume key for plain device.")); } else if (isVERITY(cd->type)) { /* volume_key == root hash */ if (cd->u.verity.root_hash) { @@ -4950,11 +4950,26 @@ r = 0; } else log_err(cd, _("Cannot retrieve root hash for verity device.")); + } else if (isTCRYPT(cd->type)) { + r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk); } else if (isBITLK(cd->type)) { - r = BITLK_get_volume_key(cd, passphrase, passphrase_size, &cd->u.bitlk.params, &vk); + if (passphrase) + r = BITLK_get_volume_key(cd, passphrase, passphrase_size, &cd->u.bitlk.params, &vk); + if (r < 0) + log_err(cd, _("Cannot retrieve volume key for BITLK device.")); + } else if (isFVAULT2(cd->type)) { + if (passphrase) + r = FVAULT2_get_volume_key(cd, passphrase, passphrase_size, &cd->u.fvault2.params, &vk); + if (r < 0) + log_err(cd, _("Cannot retrieve volume key for FVAULT2 device.")); } else log_err(cd, _("This operation is not supported for %s crypt device."), cd->type ?: "(none)"); + if (r == -ENOENT && isLUKS(cd->type) && cd->volume_key) { + vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + r = vk ? 0 : -ENOMEM; + } + if (r >= 0 && vk) { memcpy(volume_key, vk->key, vk->keylength); *volume_key_size = vk->keylength; @@ -5016,7 +5031,7 @@ int crypt_memory_lock(struct crypt_device *cd, int lock) { - return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd); + return 0; } void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags) @@ -5126,6 +5141,8 @@ return INTEGRITY_dump(cd, crypt_data_device(cd), 0); else if (isBITLK(cd->type)) return BITLK_dump(cd, crypt_data_device(cd), &cd->u.bitlk.params); + else if (isFVAULT2(cd->type)) + return FVAULT2_dump(cd, crypt_data_device(cd), &cd->u.fvault2.params); log_err(cd, _("Dump operation is not supported for this device type.")); return -EINVAL; @@ -5190,6 +5207,9 @@ if (isBITLK(cd->type)) return cd->u.bitlk.params.cipher; + if (isFVAULT2(cd->type)) + return cd->u.fvault2.params.cipher; + if (!cd->type && !_init_by_name_crypt_none(cd)) return cd->u.none.cipher; @@ -5223,6 +5243,9 @@ if (isBITLK(cd->type)) return cd->u.bitlk.params.cipher_mode; + if (isFVAULT2(cd->type)) + return cd->u.fvault2.params.cipher_mode; + if (!cd->type && !_init_by_name_crypt_none(cd)) return cd->u.none.cipher_mode; @@ -5305,6 +5328,9 @@ if (isBITLK(cd->type)) return cd->u.bitlk.params.guid; + if (isFVAULT2(cd->type)) + return cd->u.fvault2.params.family_uuid; + return NULL; } @@ -5368,6 +5394,9 @@ if (isBITLK(cd->type)) return cd->u.bitlk.params.key_size / 8; + if (isFVAULT2(cd->type)) + return cd->u.fvault2.params.key_size; + if (!cd->type && !_init_by_name_crypt_none(cd)) return cd->u.none.key_size; @@ -5552,6 +5581,9 @@ if (isBITLK(cd->type)) return cd->u.bitlk.params.volume_header_size / SECTOR_SIZE; + if (isFVAULT2(cd->type)) + return cd->u.fvault2.params.log_vol_off / SECTOR_SIZE; + return cd->data_offset; } @@ -5751,13 +5783,13 @@ if (r < 0) { /* in-memory header may be invalid after failed conversion */ - _luks2_reload(cd); + _luks2_rollback(cd); if (r == -EBUSY) log_err(cd, _("Cannot convert device %s which is still in use."), mdata_device_path(cd)); return r; } - crypt_free_type(cd); + crypt_free_type(cd, NULL); return crypt_load(cd, type, params); } @@ -5828,7 +5860,8 @@ if (r < 0) return r; - return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, type, pin, pin_size, flags, usrptr); + return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, type, + pin, pin_size, flags, usrptr); } int crypt_activate_by_token(struct crypt_device *cd, @@ -5925,7 +5958,7 @@ int r; char json[4096]; - if (!params) + if (!params || !params->key_description) return -EINVAL; log_dbg(cd, "Creating new LUKS2 keyring token (%d).", token); @@ -6034,28 +6067,18 @@ } static int verify_and_update_segment_digest(struct crypt_device *cd, - struct luks2_hdr *hdr, int keyslot, - const char *volume_key, size_t volume_key_size, - const char *password, size_t password_size) + struct luks2_hdr *hdr, int keyslot, struct crypt_keyslot_context *kc) { int digest, r; struct volume_key *vk = NULL; - if (keyslot < 0 || (volume_key && !volume_key_size)) - return -EINVAL; + assert(kc); + assert(kc->get_luks2_key); + assert(keyslot >= 0); - if (volume_key) - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - else { - r = LUKS2_keyslot_open(cd, keyslot, CRYPT_ANY_SEGMENT, password, password_size, &vk); - if (r != keyslot) { - r = -EINVAL; - goto out; - } - } - - if (!vk) - return -ENOMEM; + r = kc->get_luks2_key(cd, kc, keyslot, CRYPT_ANY_SEGMENT, &vk); + if (r < 0) + return r; /* check volume_key (param) digest matches keyslot digest */ r = LUKS2_digest_verify(cd, hdr, vk, keyslot); @@ -6075,9 +6098,150 @@ log_err(cd, _("Failed to assign keyslot %u as the new volume key."), keyslot); out: crypt_free_volume_key(vk); + return r < 0 ? r : keyslot; } +static int luks2_keyslot_add_by_verified_volume_key(struct crypt_device *cd, + int keyslot_new, + const char *new_passphrase, + size_t new_passphrase_size, + struct volume_key *vk) +{ + int r; + struct luks2_keyslot_params params; + + assert(cd); + assert(keyslot_new >= 0); + assert(new_passphrase); + assert(vk); + assert(crypt_volume_key_get_id(vk) >= 0); + + r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); + if (r < 0) { + log_err(cd, _("Failed to initialize default LUKS2 keyslot parameters.")); + return r; + } + + r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot_new, crypt_volume_key_get_id(vk), 1, 0); + if (r < 0) { + log_err(cd, _("Failed to assign keyslot %d to digest."), keyslot_new); + return r; + } + + r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot_new, + CONST_CAST(char*)new_passphrase, + new_passphrase_size, vk, ¶ms); + + return r < 0 ? r : keyslot_new; +} + +static int luks2_keyslot_add_by_volume_key(struct crypt_device *cd, + int keyslot_new, + const char *new_passphrase, + size_t new_passphrase_size, + struct volume_key *vk) +{ + int r; + + assert(cd); + assert(keyslot_new >= 0); + assert(new_passphrase); + assert(vk); + + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + if (r >= 0) + crypt_volume_key_set_id(vk, r); + + if (r < 0) { + log_err(cd, _("Volume key does not match the volume.")); + return r; + } + + return luks2_keyslot_add_by_verified_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk); +} + +static int luks1_keyslot_add_by_volume_key(struct crypt_device *cd, + int keyslot_new, + const char *new_passphrase, + size_t new_passphrase_size, + struct volume_key *vk) +{ + int r; + + assert(cd); + assert(keyslot_new >= 0); + assert(new_passphrase); + assert(vk); + + r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + if (r < 0) { + log_err(cd, _("Volume key does not match the volume.")); + return r; + } + + r = LUKS_set_key(keyslot_new, CONST_CAST(char*)new_passphrase, + new_passphrase_size, &cd->u.luks1.hdr, vk, cd); + + return r < 0 ? r : keyslot_new; +} + +static int keyslot_add_by_key(struct crypt_device *cd, + bool is_luks1, + int keyslot_new, + const char *new_passphrase, + size_t new_passphrase_size, + struct volume_key *vk, + uint32_t flags) +{ + int r, digest; + + assert(cd); + assert(keyslot_new >= 0); + assert(new_passphrase); + assert(vk); + + if (!flags) + return is_luks1 ? luks1_keyslot_add_by_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk) : + luks2_keyslot_add_by_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk); + + if (is_luks1) + return -EINVAL; + + digest = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + if (digest >= 0) /* if key matches volume key digest tear down new vk flag */ + flags &= ~CRYPT_VOLUME_KEY_SET; + else { + /* if key matches any existing digest, do not create new digest */ + if ((flags & CRYPT_VOLUME_KEY_DIGEST_REUSE)) + digest = LUKS2_digest_any_matching(cd, &cd->u.luks2.hdr, vk); + + /* no segment flag or new vk flag requires new key digest */ + if (flags & (CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET)) { + if (digest < 0 || !(flags & CRYPT_VOLUME_KEY_DIGEST_REUSE)) + digest = LUKS2_digest_create(cd, "pbkdf2", &cd->u.luks2.hdr, vk); + } + } + + r = digest; + if (r < 0) { + log_err(cd, _("Volume key does not match the volume.")); + return r; + } + + crypt_volume_key_set_id(vk, digest); + + if (flags & CRYPT_VOLUME_KEY_SET) { + r = update_volume_key_segment_digest(cd, &cd->u.luks2.hdr, digest, 0); + if (r < 0) + log_err(cd, _("Failed to assign keyslot %u as the new volume key."), keyslot_new); + } + + if (r >= 0) + r = luks2_keyslot_add_by_verified_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk); + + return r < 0 ? r : keyslot_new; +} int crypt_keyslot_add_by_key(struct crypt_device *cd, int keyslot, @@ -6087,92 +6251,133 @@ size_t passphrase_size, uint32_t flags) { - int digest, r; - struct luks2_keyslot_params params; - struct volume_key *vk = NULL; + int r; + struct crypt_keyslot_context kc, new_kc; if (!passphrase || ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) && (flags & CRYPT_VOLUME_KEY_SET))) return -EINVAL; - log_dbg(cd, "Adding new keyslot %d with volume key %sassigned to a crypt segment.", - keyslot, flags & CRYPT_VOLUME_KEY_NO_SEGMENT ? "un" : ""); + if ((r = onlyLUKS(cd)) < 0) + return r; + + if ((flags & CRYPT_VOLUME_KEY_SET) && crypt_keyslot_status(cd, keyslot) > CRYPT_SLOT_INACTIVE && + isLUKS2(cd->type)) { + if (volume_key) + crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size); + else + crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size); + + r = verify_and_update_segment_digest(cd, &cd->u.luks2.hdr, keyslot, &kc); + + crypt_keyslot_context_destroy_internal(&kc); - if ((r = onlyLUKS2(cd))) return r; + } - /* new volume key assignment */ - if ((flags & CRYPT_VOLUME_KEY_SET) && crypt_keyslot_status(cd, keyslot) > CRYPT_SLOT_INACTIVE) - return verify_and_update_segment_digest(cd, &cd->u.luks2.hdr, - keyslot, volume_key, volume_key_size, passphrase, passphrase_size); + crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size); + crypt_keyslot_unlock_by_passphrase_init_internal(&new_kc, passphrase, passphrase_size); - r = keyslot_verify_or_find_empty(cd, &keyslot); - if (r < 0) + r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, flags); + + crypt_keyslot_context_destroy_internal(&kc); + crypt_keyslot_context_destroy_internal(&new_kc); + + return r; +} + +int crypt_keyslot_add_by_keyslot_context(struct crypt_device *cd, + int keyslot_existing, + struct crypt_keyslot_context *kc, + int keyslot_new, + struct crypt_keyslot_context *new_kc, + uint32_t flags) +{ + bool is_luks1; + int active_slots, r; + const char *new_passphrase; + size_t new_passphrase_size; + struct volume_key *vk = NULL; + + if (!kc || ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) && + (flags & CRYPT_VOLUME_KEY_SET))) + return -EINVAL; + + r = flags ? onlyLUKS2(cd) : onlyLUKS(cd); + if (r) return r; - if (volume_key) - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - else if (flags & CRYPT_VOLUME_KEY_NO_SEGMENT) - vk = crypt_generate_volume_key(cd, volume_key_size); - else if (cd->volume_key) - vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); - else + if ((flags & CRYPT_VOLUME_KEY_SET) && crypt_keyslot_status(cd, keyslot_existing) > CRYPT_SLOT_INACTIVE) + return verify_and_update_segment_digest(cd, &cd->u.luks2.hdr, keyslot_existing, kc); + + if (!new_kc || !new_kc->get_passphrase) return -EINVAL; - if (!vk) - return -ENOMEM; + log_dbg(cd, "Adding new keyslot %d by %s%s, volume key provided by %s (%d).", + keyslot_new, keyslot_context_type_string(new_kc), + (flags & CRYPT_VOLUME_KEY_NO_SEGMENT) ? " unassigned to a crypt segment" : "", + keyslot_context_type_string(kc), keyslot_existing); - /* if key matches volume key digest tear down new vk flag */ - digest = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); - if (digest >= 0) - flags &= ~CRYPT_VOLUME_KEY_SET; + r = keyslot_verify_or_find_empty(cd, &keyslot_new); + if (r < 0) + return r; - /* if key matches any existing digest, do not create new digest */ - if (digest < 0 && (flags & CRYPT_VOLUME_KEY_DIGEST_REUSE)) - digest = LUKS2_digest_any_matching(cd, &cd->u.luks2.hdr, vk); - - /* no segment flag or new vk flag requires new key digest */ - if (flags & (CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET)) { - if (digest < 0 || !(flags & CRYPT_VOLUME_KEY_DIGEST_REUSE)) - digest = LUKS2_digest_create(cd, "pbkdf2", &cd->u.luks2.hdr, vk); - } + is_luks1 = isLUKS1(cd->type); + if (is_luks1) + active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr); + else + active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); - r = digest; - if (r < 0) { - log_err(cd, _("Volume key does not match the volume.")); - goto out; - } + if (active_slots < 0) + return -EINVAL; - r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); - if (r < 0) { - log_err(cd, _("Failed to initialize default LUKS2 keyslot parameters.")); - goto out; - } + if (active_slots == 0 && kc->type != CRYPT_KC_TYPE_KEY) + r = -ENOENT; + else if (is_luks1 && kc->get_luks1_volume_key) + r = kc->get_luks1_volume_key(cd, kc, keyslot_existing, &vk); + else if (!is_luks1 && kc->get_luks2_volume_key) + r = kc->get_luks2_volume_key(cd, kc, keyslot_existing, &vk); + else + return -EINVAL; - r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0); - if (r < 0) { - log_err(cd, _("Failed to assign keyslot %d to digest."), keyslot); - goto out; + if (r == -ENOENT) { + if ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) && kc->type == CRYPT_KC_TYPE_KEY) { + if (!(vk = crypt_generate_volume_key(cd, kc->u.k.volume_key_size))) + return -ENOMEM; + r = 0; + } else if (cd->volume_key) { + if (!(vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key))) + return -ENOMEM; + r = 0; + } else if (active_slots == 0) { + log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.")); + r = -EINVAL; + } } - r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot, - passphrase, passphrase_size, vk, ¶ms); + if (r < 0) + return r; + + r = new_kc->get_passphrase(cd, new_kc, &new_passphrase, &new_passphrase_size); + /* If new keyslot context is token just assign it to new keyslot */ + if (r >= 0 && new_kc->type == CRYPT_KC_TYPE_TOKEN && !is_luks1) + r = LUKS2_token_assign(cd, &cd->u.luks2.hdr, keyslot_new, new_kc->u.t.id, 1, 0); + if (r >= 0) + r = keyslot_add_by_key(cd, is_luks1, keyslot_new, new_passphrase, new_passphrase_size, vk, flags); - if (r >= 0 && (flags & CRYPT_VOLUME_KEY_SET)) - r = update_volume_key_segment_digest(cd, &cd->u.luks2.hdr, digest, 1); -out: crypt_free_volume_key(vk); + if (r < 0) { - _luks2_reload(cd); + _luks2_rollback(cd); return r; } - return keyslot; + + return keyslot_new; } /* * Keyring handling */ - int crypt_use_keyring_for_vk(struct crypt_device *cd) { uint32_t dmc_flags; @@ -6298,8 +6503,7 @@ r = _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags); - crypt_safe_memzero(passphrase, passphrase_size); - free(passphrase); + crypt_safe_free(passphrase); return r; } diff -Nru cryptsetup-2.5.0/lib/tcrypt/tcrypt.c cryptsetup-2.6.1/lib/tcrypt/tcrypt.c --- cryptsetup-2.5.0/lib/tcrypt/tcrypt.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/tcrypt/tcrypt.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -23,7 +23,6 @@ #include #include #include -#include #include "libcryptsetup.h" #include "tcrypt.h" diff -Nru cryptsetup-2.5.0/lib/tcrypt/tcrypt.h cryptsetup-2.6.1/lib/tcrypt/tcrypt.h --- cryptsetup-2.5.0/lib/tcrypt/tcrypt.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/tcrypt/tcrypt.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * TCRYPT (TrueCrypt-compatible) header definition * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/utils_benchmark.c cryptsetup-2.6.1/lib/utils_benchmark.c --- cryptsetup-2.5.0/lib/utils_benchmark.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_benchmark.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * libcryptsetup - cryptsetup library, cipher benchmark * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -47,6 +47,7 @@ r = -ENOMEM; if (posix_memalign(&buffer, crypt_getpagesize(), buffer_size)) goto out; + memset(buffer, 0, buffer_size); r = crypt_cipher_ivsize(cipher, cipher_mode); if (r >= 0 && iv_size != (size_t)r) { @@ -98,7 +99,7 @@ int (*progress)(uint32_t time_ms, void *usrptr), void *usrptr) { - int r; + int r, priority; const char *kdf_opt; if (!pbkdf || (!password && password_size)) @@ -112,10 +113,12 @@ log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt); + crypt_process_priority(cd, &priority, true); r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size, salt, salt_size, volume_key_size, pbkdf->time_ms, pbkdf->max_memory_kb, pbkdf->parallel_threads, &pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr); + crypt_process_priority(cd, &priority, false); if (!r) log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).", @@ -184,7 +187,7 @@ pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */ pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */ - r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "01234567890abcdef", 16, + r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8, "01234567890abcdef", 16, volume_key_size, &benchmark_callback, &u); pbkdf->time_ms = ms_tmp; if (r < 0) { @@ -204,7 +207,7 @@ return 0; } - r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, + r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8, "0123456789abcdef0123456789abcdef", 32, volume_key_size, &benchmark_callback, &u); if (r < 0) diff -Nru cryptsetup-2.5.0/lib/utils_blkid.c cryptsetup-2.6.1/lib/utils_blkid.c --- cryptsetup-2.5.0/lib/utils_blkid.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_blkid.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * blkid probe utilities * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_blkid.h cryptsetup-2.6.1/lib/utils_blkid.h --- cryptsetup-2.5.0/lib/utils_blkid.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_blkid.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * blkid probe utilities * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils.c cryptsetup-2.6.1/lib/utils.c --- cryptsetup-2.5.0/lib/utils.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -59,43 +59,33 @@ return phys_memory_kb; } -/* MEMLOCK */ -#define DEFAULT_PROCESS_PRIORITY -18 - -static int _priority; -static int _memlock_count = 0; - -// return 1 if memory is locked -int crypt_memlock_inc(struct crypt_device *ctx) +void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise) { - if (!_memlock_count++) { - log_dbg(ctx, "Locking memory."); - if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) { - log_dbg(ctx, "Cannot lock memory with mlockall."); - _memlock_count--; - return 0; - } - errno = 0; - if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno) - log_err(ctx, _("Cannot get process priority.")); + int _priority, new_priority; + + if (raise) { + _priority = getpriority(PRIO_PROCESS, 0); + if (_priority < 0) + _priority = 0; + if (priority) + *priority = _priority; + + /* + * Do not bother checking CAP_SYS_NICE as device activation + * requires CAP_SYSADMIN later anyway. + */ + if (getuid() || geteuid()) + new_priority = 0; else - if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY)) - log_dbg(ctx, "setpriority %d failed: %s", - DEFAULT_PROCESS_PRIORITY, strerror(errno)); - } - return _memlock_count ? 1 : 0; -} + new_priority = -18; -int crypt_memlock_dec(struct crypt_device *ctx) -{ - if (_memlock_count && (!--_memlock_count)) { - log_dbg(ctx, "Unlocking memory."); - if (munlockall() == -1) - log_err(ctx, _("Cannot unlock memory.")); + if (setpriority(PRIO_PROCESS, 0, new_priority)) + log_dbg(cd, "Cannot raise process priority."); + } else { + _priority = priority ? *priority : 0; if (setpriority(PRIO_PROCESS, 0, _priority)) - log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno)); + log_dbg(cd, "Cannot reset process priority."); } - return _memlock_count ? 1 : 0; } /* Keyfile processing */ @@ -112,9 +102,9 @@ char tmp[BUFSIZ]; size_t next_read; ssize_t bytes_r; - off64_t r; + off_t r; - r = lseek64(fd, bytes, SEEK_CUR); + r = lseek(fd, bytes, SEEK_CUR); if (r > 0) return 0; if (r < 0 && errno != ESPIPE) @@ -179,7 +169,7 @@ key_size = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1; unlimited_read = 1; /* use 4k for buffer (page divisor but avoid huge pages) */ - buflen = 4096 - sizeof(size_t); // sizeof(struct safe_allocation); + buflen = 4096 - 16; /* sizeof(struct safe_allocation); */ } else buflen = key_size; diff -Nru cryptsetup-2.5.0/lib/utils_crypt.c cryptsetup-2.6.1/lib/utils_crypt.c --- cryptsetup-2.5.0/lib/utils_crypt.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_crypt.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,8 +2,8 @@ * utils_crypt - cipher utilities for cryptsetup * * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,6 +31,8 @@ #include "libcryptsetup.h" #include "utils_crypt.h" +#define MAX_CAPI_LEN_STR "143" /* for sscanf of crypto API string + 16 + \0 */ + int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, char *cipher_mode) { @@ -266,3 +268,80 @@ return false; return (strstr(cipher_spec, "cipher_null") || !strcmp(cipher_spec, "null")); } + +int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm) +{ + char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN], + auth[MAX_CAPI_ONE_LEN], tmp[MAX_CAPI_LEN], dmcrypt_tmp[MAX_CAPI_LEN*2], + capi[MAX_CAPI_LEN+1]; + size_t len; + int i; + + if (!c_dm) + return -EINVAL; + + /* legacy mode */ + if (strncmp(c_dm, "capi:", 4)) { + if (!(*org_c = strdup(c_dm))) + return -ENOMEM; + if (i_dm) { + if (!(*org_i = strdup(i_dm))) { + free(*org_c); + *org_c = NULL; + return -ENOMEM; + } + } else + *org_i = NULL; + return 0; + } + + /* modes with capi: prefix */ + i = sscanf(c_dm, "capi:%" MAX_CAPI_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", tmp, iv); + if (i != 2) + return -EINVAL; + + len = strlen(tmp); + if (len < 2) + return -EINVAL; + + if (tmp[len-1] == ')') + tmp[len-1] = '\0'; + + if (sscanf(tmp, "rfc4309(%" MAX_CAPI_LEN_STR "s", capi) == 1) { + if (!(*org_i = strdup("aead"))) + return -ENOMEM; + } else if (sscanf(tmp, "rfc7539(%" MAX_CAPI_LEN_STR "[^,],%" MAX_CAPI_ONE_LEN_STR "s", capi, auth) == 2) { + if (!(*org_i = strdup(auth))) + return -ENOMEM; + } else if (sscanf(tmp, "authenc(%" MAX_CAPI_ONE_LEN_STR "[^,],%" MAX_CAPI_LEN_STR "s", auth, capi) == 2) { + if (!(*org_i = strdup(auth))) + return -ENOMEM; + } else { + if (i_dm) { + if (!(*org_i = strdup(i_dm))) + return -ENOMEM; + } else + *org_i = NULL; + memset(capi, 0, sizeof(capi)); + strncpy(capi, tmp, sizeof(capi)-1); + } + + i = sscanf(capi, "%" MAX_CAPI_ONE_LEN_STR "[^(](%" MAX_CAPI_ONE_LEN_STR "[^)])", mode, cipher); + if (i == 2) + i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv); + else + i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv); + if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) { + free(*org_i); + *org_i = NULL; + return -EINVAL; + } + + if (!(*org_c = strdup(dmcrypt_tmp))) { + free(*org_i); + *org_i = NULL; + return -ENOMEM; + } + + return 0; +} diff -Nru cryptsetup-2.5.0/lib/utils_crypt.h cryptsetup-2.6.1/lib/utils_crypt.h --- cryptsetup-2.5.0/lib/utils_crypt.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_crypt.h 2023-02-09 16:12:17.000000000 +0000 @@ -2,8 +2,8 @@ * utils_crypt - cipher utilities for cryptsetup * * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -27,9 +27,12 @@ struct crypt_device; -#define MAX_CIPHER_LEN 32 -#define MAX_CIPHER_LEN_STR "31" -#define MAX_KEYFILES 32 +#define MAX_CIPHER_LEN 32 +#define MAX_CIPHER_LEN_STR "31" +#define MAX_KEYFILES 32 +#define MAX_CAPI_ONE_LEN 2 * MAX_CIPHER_LEN +#define MAX_CAPI_ONE_LEN_STR "63" /* for sscanf length + '\0' */ +#define MAX_CAPI_LEN 144 /* should be enough to fit whole capi string */ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, char *cipher_mode); @@ -46,4 +49,6 @@ bool crypt_is_cipher_null(const char *cipher_spec); +int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm); + #endif /* _UTILS_CRYPT_H */ diff -Nru cryptsetup-2.5.0/lib/utils_device.c cryptsetup-2.6.1/lib/utils_device.c --- cryptsetup-2.5.0/lib/utils_device.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_device.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,7 +21,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include #include #include #include @@ -623,7 +622,10 @@ phys_block_size = device_block_phys_size_fd(fd); close(fd); - if (device->block_size >= phys_block_size || phys_block_size <= SECTOR_SIZE || phys_block_size > MAX_SECTOR_SIZE || MISALIGNED(phys_block_size, device->block_size)) + if (device->block_size >= phys_block_size || + phys_block_size <= SECTOR_SIZE || + phys_block_size > MAX_SECTOR_SIZE || + MISALIGNED(phys_block_size, device->block_size)) return device->block_size; return phys_block_size; diff -Nru cryptsetup-2.5.0/lib/utils_device_locking.c cryptsetup-2.6.1/lib/utils_device_locking.c --- cryptsetup-2.5.0/lib/utils_device_locking.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_device_locking.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Metadata on-disk locking for processes serialization * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -32,7 +32,6 @@ # include /* for major, minor */ #endif #include -#include #include "internal.h" #include "utils_device_locking.h" @@ -106,7 +105,7 @@ lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC); if (lockdfd < 0) { if (errno == ENOENT) { - log_dbg(cd, _("Locking directory %s/%s will be created with default compiled-in permissions."), dir, base); + log_dbg(cd, "Locking directory %s/%s will be created with default compiled-in permissions.", dir, base); /* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */ if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST) diff -Nru cryptsetup-2.5.0/lib/utils_device_locking.h cryptsetup-2.6.1/lib/utils_device_locking.h --- cryptsetup-2.5.0/lib/utils_device_locking.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_device_locking.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Metadata on-disk locking for processes serialization * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_devpath.c cryptsetup-2.6.1/lib/utils_devpath.c --- cryptsetup-2.5.0/lib/utils_devpath.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_devpath.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_dm.h cryptsetup-2.6.1/lib/utils_dm.h --- cryptsetup-2.5.0/lib/utils_dm.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_dm.h 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -75,6 +75,7 @@ #define DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues */ #define DM_INTEGRITY_FIX_HMAC_SUPPORTED (1 << 26) /* hmac covers also superblock */ #define DM_INTEGRITY_RESET_RECALC_SUPPORTED (1 << 27) /* dm-integrity automatic recalculation supported */ +#define DM_VERITY_TASKLETS_SUPPORTED (1 << 28) /* dm-verity tasklets supported */ typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type; enum tdirection { TARGET_EMPTY = 0, TARGET_SET, TARGET_QUERY }; diff -Nru cryptsetup-2.5.0/lib/utils_fips.c cryptsetup-2.6.1/lib/utils_fips.c --- cryptsetup-2.5.0/lib/utils_fips.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_fips.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,55 +0,0 @@ -/* - * FIPS mode utilities - * - * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#include -#include -#include -#include "utils_fips.h" - -#if !ENABLE_FIPS -bool crypt_fips_mode(void) { return false; } -#else -static bool fips_checked = false; -static bool fips_mode = false; - -static bool kernel_fips_mode(void) -{ - int fd; - char buf[1] = ""; - - if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) { - while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR); - close(fd); - } - - return (buf[0] == '1'); -} - -bool crypt_fips_mode(void) -{ - if (fips_checked) - return fips_mode; - - fips_mode = kernel_fips_mode() && !access("/etc/system-fips", F_OK); - fips_checked = true; - - return fips_mode; -} -#endif /* ENABLE_FIPS */ diff -Nru cryptsetup-2.5.0/lib/utils_fips.h cryptsetup-2.6.1/lib/utils_fips.h --- cryptsetup-2.5.0/lib/utils_fips.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_fips.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -/* - * FIPS mode utilities - * - * Copyright (C) 2011-2022 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef _UTILS_FIPS_H -#define _UTILS_FIPS_H - -#include - -bool crypt_fips_mode(void); - -#endif /* _UTILS_FIPS_H */ diff -Nru cryptsetup-2.5.0/lib/utils_io.c cryptsetup-2.6.1/lib/utils_io.c --- cryptsetup-2.5.0/lib/utils_io.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_io.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +29,7 @@ #include "utils_io.h" +/* coverity[ -taint_source : arg-1 ] */ static ssize_t _read_buffer(int fd, void *buf, size_t length, volatile int *quit) { size_t read_size = 0; diff -Nru cryptsetup-2.5.0/lib/utils_io.h cryptsetup-2.6.1/lib/utils_io.h --- cryptsetup-2.5.0/lib/utils_io.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_io.h 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_keyring.c cryptsetup-2.6.1/lib/utils_keyring.c --- cryptsetup-2.5.0/lib/utils_keyring.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_keyring.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * kernel keyring utilities * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -163,7 +163,7 @@ ret = keyctl_read(kid, NULL, 0); if (ret > 0) { len = ret; - buf = malloc(len); + buf = crypt_safe_alloc(len); if (!buf) return -ENOMEM; @@ -173,9 +173,7 @@ if (ret < 0) { err = errno; - if (buf) - crypt_safe_memzero(buf, len); - free(buf); + crypt_safe_free(buf); return -err; } diff -Nru cryptsetup-2.5.0/lib/utils_keyring.h cryptsetup-2.6.1/lib/utils_keyring.h --- cryptsetup-2.5.0/lib/utils_keyring.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_keyring.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * kernel keyring syscall wrappers * - * Copyright (C) 2016-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_loop.c cryptsetup-2.6.1/lib/utils_loop.c --- cryptsetup-2.5.0/lib/utils_loop.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_loop.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * loopback block device utilities * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_loop.h cryptsetup-2.6.1/lib/utils_loop.h --- cryptsetup-2.5.0/lib/utils_loop.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_loop.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * loopback block device utilities * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_pbkdf.c cryptsetup-2.6.1/lib/utils_pbkdf.c --- cryptsetup-2.5.0/lib/utils_pbkdf.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_pbkdf.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * utils_pbkdf - PBKDF settings for libcryptsetup * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/lib/utils_safe_memory.c cryptsetup-2.6.1/lib/utils_safe_memory.c --- cryptsetup-2.5.0/lib/utils_safe_memory.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_safe_memory.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * utils_safe_memory - safe memory helpers * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -20,13 +20,17 @@ */ #include +#include #include +#include #include "libcryptsetup.h" struct safe_allocation { - size_t size; - char data[0]; + size_t size; + bool locked; + char data[0] __attribute__((aligned(8))); }; +#define OVERHEAD offsetof(struct safe_allocation, data) /* * Replacement for memset(s, 0, n) on stack that can be optimized out @@ -34,6 +38,9 @@ */ void crypt_safe_memzero(void *data, size_t size) { + if (!data) + return; + #ifdef HAVE_EXPLICIT_BZERO explicit_bzero(data, size); #else @@ -49,15 +56,19 @@ { struct safe_allocation *alloc; - if (!size || size > (SIZE_MAX - offsetof(struct safe_allocation, data))) + if (!size || size > (SIZE_MAX - OVERHEAD)) return NULL; - alloc = malloc(size + offsetof(struct safe_allocation, data)); + alloc = malloc(size + OVERHEAD); if (!alloc) return NULL; + crypt_safe_memzero(alloc, size + OVERHEAD); alloc->size = size; - crypt_safe_memzero(&alloc->data, size); + + /* Ignore failure if it is over limit. */ + if (!mlock(alloc, size + OVERHEAD)) + alloc->locked = true; /* coverity[leaked_storage] */ return &alloc->data; @@ -72,11 +83,16 @@ if (!data) return; - p = (char *)data - offsetof(struct safe_allocation, data); + p = (char *)data - OVERHEAD; alloc = (struct safe_allocation *)p; crypt_safe_memzero(data, alloc->size); + if (alloc->locked) { + munlock(alloc, alloc->size + OVERHEAD); + alloc->locked = false; + } + s = (volatile size_t *)&alloc->size; *s = 0x55aa55aa; free(alloc); @@ -92,7 +108,7 @@ if (new_data && data) { - p = (char *)data - offsetof(struct safe_allocation, data); + p = (char *)data - OVERHEAD; alloc = (struct safe_allocation *)p; if (size > alloc->size) diff -Nru cryptsetup-2.5.0/lib/utils_storage_wrappers.c cryptsetup-2.6.1/lib/utils_storage_wrappers.c --- cryptsetup-2.5.0/lib/utils_storage_wrappers.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_storage_wrappers.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * Generic wrapper for storage functions * (experimental only) * - * Copyright (C) 2018-2022 Ondrej Kozina + * Copyright (C) 2018-2023 Ondrej Kozina * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/utils_storage_wrappers.h cryptsetup-2.6.1/lib/utils_storage_wrappers.h --- cryptsetup-2.5.0/lib/utils_storage_wrappers.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_storage_wrappers.h 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * Generic wrapper for storage functions * (experimental only) * - * Copyright (C) 2018-2022 Ondrej Kozina + * Copyright (C) 2018-2023 Ondrej Kozina * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/utils_wipe.c cryptsetup-2.6.1/lib/utils_wipe.c --- cryptsetup-2.5.0/lib/utils_wipe.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/utils_wipe.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,8 +2,8 @@ * utils_wipe - wipe a device * * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -150,7 +150,7 @@ if (blockdev && pattern == CRYPT_WIPE_ZERO && !wipe_zeroout(cd, devfd, offset, wipe_block_size)) { /* zeroout ioctl does not move offset */ - if (lseek64(devfd, offset + wipe_block_size, SEEK_SET) < 0) { + if (lseek(devfd, offset + wipe_block_size, SEEK_SET) < 0) { log_err(cd, _("Cannot seek to device offset.")); return -EINVAL; } @@ -221,7 +221,7 @@ if (r) goto out; - if (lseek64(devfd, offset, SEEK_SET) < 0) { + if (lseek(devfd, offset, SEEK_SET) < 0) { log_err(cd, _("Cannot seek to device offset.")); r = -EINVAL; goto out; diff -Nru cryptsetup-2.5.0/lib/verity/rs_decode_char.c cryptsetup-2.6.1/lib/verity/rs_decode_char.c --- cryptsetup-2.5.0/lib/verity/rs_decode_char.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/verity/rs_decode_char.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,7 +3,7 @@ * * Copyright (C) 2002, Phil Karn, KA9Q * libcryptsetup modifications - * Copyright (C) 2017-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/verity/rs_encode_char.c cryptsetup-2.6.1/lib/verity/rs_encode_char.c --- cryptsetup-2.5.0/lib/verity/rs_encode_char.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/verity/rs_encode_char.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,7 +3,7 @@ * * Copyright (C) 2002, Phil Karn, KA9Q * libcryptsetup modifications - * Copyright (C) 2017-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/verity/rs.h cryptsetup-2.6.1/lib/verity/rs.h --- cryptsetup-2.5.0/lib/verity/rs.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/verity/rs.h 2023-02-09 16:12:17.000000000 +0000 @@ -3,7 +3,7 @@ * * Copyright (C) 2004 Phil Karn, KA9Q * libcryptsetup modifications - * Copyright (C) 2017-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/verity/verity.c cryptsetup-2.6.1/lib/verity/verity.c --- cryptsetup-2.5.0/lib/verity/verity.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/verity/verity.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/verity/verity_fec.c cryptsetup-2.6.1/lib/verity/verity_fec.c --- cryptsetup-2.5.0/lib/verity/verity_fec.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/verity/verity_fec.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * dm-verity Forward Error Correction (FEC) support * * Copyright (C) 2015 Google, Inc. All rights reserved. - * Copyright (C) 2017-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/verity/verity.h cryptsetup-2.6.1/lib/verity/verity.h --- cryptsetup-2.5.0/lib/verity/verity.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/verity/verity.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/verity/verity_hash.c cryptsetup-2.6.1/lib/verity/verity_hash.c --- cryptsetup-2.5.0/lib/verity/verity_hash.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/verity/verity_hash.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/lib/volumekey.c cryptsetup-2.6.1/lib/volumekey.c --- cryptsetup-2.5.0/lib/volumekey.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/lib/volumekey.c 2023-02-09 16:12:17.000000000 +0000 @@ -2,7 +2,7 @@ * cryptsetup volume key implementation * * Copyright (C) 2004-2006 Clemens Fruhwirth - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/m4/ax_check_compile_flag.m4 cryptsetup-2.6.1/m4/ax_check_compile_flag.m4 --- cryptsetup-2.5.0/m4/ax_check_compile_flag.m4 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/m4/ax_check_compile_flag.m4 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,53 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the current language's compiler +# or gives an error. (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the current language's default +# flags (e.g. CFLAGS) when the check is done. The check is thus made with +# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to +# force the compiler to issue an error when a bad flag is given. +# +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 6 + +AC_DEFUN([AX_CHECK_COMPILE_FLAG], +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl +AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ + ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS + _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" + AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) +AS_VAR_IF(CACHEVAR,yes, + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_COMPILE_FLAGS diff -Nru cryptsetup-2.5.0/Makefile.am cryptsetup-2.6.1/Makefile.am --- cryptsetup-2.5.0/Makefile.am 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/Makefile.am 2023-02-09 16:12:17.000000000 +0000 @@ -1,5 +1,5 @@ EXTRA_DIST = README.md COPYING.LGPL FAQ.md docs misc autogen.sh -SUBDIRS = po tests +SUBDIRS = po tests tests/fuzz CLEANFILES = DISTCLEAN_TARGETS = @@ -14,8 +14,14 @@ -DVERSION=\""$(VERSION)"\" \ -DEXTERNAL_LUKS2_TOKENS_PATH=\"${EXTERNAL_LUKS2_TOKENS_PATH}\" AM_CFLAGS = -Wall +AM_CXXFLAGS = -Wall AM_LDFLAGS = +if ENABLE_FUZZ_TARGETS +AM_CFLAGS += -fsanitize=fuzzer-no-link +AM_CXXFLAGS += -fsanitize=fuzzer-no-link +endif + LDADD = $(LTLIBINTL) tmpfilesddir = @DEFAULT_TMPFILESDIR@ @@ -64,3 +70,8 @@ check-programs: libcryptsetup.la $(MAKE) -C tests $@ + +if ENABLE_FUZZ_TARGETS +fuzz-targets: libcryptsetup.la libcrypto_backend.la + $(MAKE) -C tests/fuzz $@ +endif diff -Nru cryptsetup-2.5.0/man/common_options.adoc cryptsetup-2.6.1/man/common_options.adoc --- cryptsetup-2.5.0/man/common_options.adoc 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/man/common_options.adoc 2023-02-09 16:12:17.000000000 +0000 @@ -127,21 +127,20 @@ If the name given is "-", then the passphrase will be read from stdin. In this case, reading will not stop at newline characters. + +ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY[] +The passphrase supplied via --key-file is always the passphrase for existing +keyslot requested by the command. ++ +If you want to set a new passphrase via key file, you have to use a +positional argument or parameter --new-keyfile. ++ +endif::[] ifdef::ACTION_OPEN[] *NOTE:* With _plain_ device type, the passphrase obtained via --key-file option is passed directly in dm-crypt. Unlike the interactive mode (stdin) where digest (--hash option) of the passphrase is passed in dm-crypt instead. + endif::[] -ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_BITLKDUMP[] -With LUKS, the passphrase supplied via --key-file is always the existing -passphrase requested by a command, except in the case of _luksFormat_ -where --key-file is equivalent to the positional key file argument. -+ -If you want to set a new passphrase via key file, you have to use a -positional argument to _luksAddKey_. -+ -endif::[] ifndef::ACTION_REENCRYPT[] See section _NOTES ON PASSPHRASE PROCESSING_ in *cryptsetup*(8) for more information. endif::[] @@ -171,16 +170,27 @@ --keyfile-offset is also given, the size count starts after the offset. endif::[] +ifdef::ACTION_LUKSADDKEY[] +*--new-keyfile* _name_:: +Read the passphrase for a new keyslot from file. ++ +If the name given is "-", then the passphrase will be read from stdin. +In this case, reading will not stop at newline characters. ++ +This is alternative method to positional argument when adding new +passphrase via kefile. +endif::[] + ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY[] *--new-keyfile-offset* _value_:: Skip _value_ bytes at the start when adding a new passphrase from key -file with _luksAddKey_. +file. endif::[] ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY[] *--new-keyfile-size* _value_:: Read a maximum of _value_ bytes when adding a new passphrase from key -file with _luksAddKey_. The default is to read the whole file up to +file. The default is to read the whole file up to the compiled-in maximum length that can be queried with --help. Supplying more than the compiled in maximum aborts the operation. When --new-keyfile-offset is also given, reading starts after the offset. @@ -193,7 +203,7 @@ endif::[] ifdef::ACTION_FORMAT[] + -For _luksFormat_ this allows creating a LUKS header with this specific +This allows creating a LUKS header with this specific volume key. If the volume key was taken from an existing LUKS header and all other parameters are the same, then the new header decrypts the data encrypted with the header the volume key was taken from. + @@ -202,8 +212,9 @@ The volume key is stored in a file instead of being printed out to standard output. + endif::[] ifdef::ACTION_LUKSADDKEY[] -For _luksAddKey_ this allows adding a new passphrase without having to -know an existing one. + +This allows adding a new keyslot without having to know passphrase to existing one. +It may be also used when no keyslot is active. ++ endif::[] ifdef::ACTION_OPEN[] This allows one to open _luks_ and _bitlk_ device types without giving a passphrase. + @@ -277,7 +288,18 @@ ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSDUMP,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_CONFIG,ACTION_TOKEN,ACTION_REPAIR,ACTION_REENCRYPT[] *--key-slot, -S <0-N>*:: -ifndef::ACTION_OPEN[] +ifdef::ACTION_LUKSADDKEY[] +When used together with parameter --new-key-slot this option allows you to specify which +key slot is selected for unlocking volume key. ++ +*NOTE:* This option is ignored if existing volume key gets unlocked +via LUKS2 token (--token-id, --token-type or --token-only parameters) or +when volume key is provided directly via --volume-key-file parameter. ++ +*NOTE:* To maintain backward compatibility, without --new-key-slot parameter, +this option allows you to specify which key slot is selected for the new key. +endif::[] +ifndef::ACTION_OPEN,ACTION_LUKSADDKEY[] For LUKS operations that add key material, this option allows you to specify which key slot is selected for the new key. endif::[] @@ -298,18 +320,40 @@ 31 for LUKS2. endif::[] +ifdef::ACTION_LUKSADDKEY[] +*--new-key-slot <0-N>*:: +This option allows you to specify which key slot is selected for +the new key. ++ +*NOTE:* When used this option affects --key-slot option. ++ +The maximum number of key slots depends on the LUKS version. LUKS1 can have up +to 8 key slots. LUKS2 can have up to 32 key slots based on key slot area +size and key size, but a valid key slot ID can always be between 0 and +31 for LUKS2. +endif::[] + ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT,ACTION_BENCHMARK,ACTION_LUKSADDKEY[] *--key-size, -s* _bits_:: +ifndef::ACTION_LUKSADDKEY[] Sets key size in _bits_. The argument has to be a multiple of 8. The possible key-sizes are limited by the cipher and mode used. + See /proc/crypto for more information. Note that key-size in /proc/crypto is stated in bytes. + +endif::[] +ifdef::ACTION_LUKSADDKEY[] +Provide volume key size in _bits_. The argument has to be a multiple of 8. ++ +This option is required when parameter --volume-key-file is used to provide +current volume key. Also, it is used when new unbound keyslot is created by +specifying --unbound parameter. +endif::[] ifdef::ACTION_OPEN[] This option can be used for _plain_ device type only. endif::[] -ifndef::ACTION_REENCRYPT,ACTION_OPEN[] +ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_LUKSADDKEY[] This option can be used for _open --type plain_ or _luksFormat_. All other LUKS actions will use the key-size specified in the LUKS header. Use _cryptsetup --help_ to show the compiled-in defaults. @@ -753,22 +797,55 @@ option. endif::[] -ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_TOKEN[] +ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_LUKSADDKEY[] *--token-id*:: -Specify what token to use. If omitted, all available tokens will be checked -before proceeding further with passphrase prompt. +ifndef::ACTION_TOKEN,ACTION_LUKSADDKEY[] +Specify what token to use and allow token PIN prompt to take precedence over interative +keyslot passphrase prompt. If omitted, all available tokens (not protected by PIN) +will be checked before proceeding further with passphrase prompt. +endif::[] +ifdef::ACTION_LUKSADDKEY[] +Specify what token to use when unlocking existing keyslot to get volume key. +endif::[] +ifdef::ACTION_TOKEN[] +Specify token number. If omitted, first unused token id is used when adding or importing +new token. +endif::[] endif::[] -ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME[] +ifdef::ACTION_LUKSADDKEY[] +*--new-token-id*:: +Specify what token to use to get the passphrase for a new keyslot. +endif::[] + +ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_LUKSADDKEY[] *--token-only*:: +ifndef::ACTION_LUKSADDKEY[] Do not proceed further with action if token based keyslot unlock failed. Without the option, action asks for passphrase to proceed further. ++ +It allows LUKS2 tokens protected by PIN to take precedence over interactive keyslot +passphrase prompt. +endif::[] +ifdef::ACTION_LUKSADDKEY[] +Use only LUKS2 tokens to unlock existing volume key. ++ +*NOTE*: To create a new keyslot using passphrase provided by a token use --new-token-id parameter. +endif::[] endif::[] -ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME[] -*--token-type*:: -Restrict tokens eligible for operation to specific token type (name). +ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_LUKSADDKEY[] +*--token-type* _type_:: +ifndef::ACTION_LUKSADDKEY[] +Restrict tokens eligible for operation to specific token _type_. Mostly useful when no --token-id is specified. ++ +It allows LUKS2 _type_ tokens protected by PIN to take precedence over interactive keyslot +passphrase prompt. +endif::[] +ifdef::ACTION_LUKSADDKEY[] +Specify what token type (all _type_ tokens) to use when unlocking existing keyslot to get volume key. +endif::[] endif::[] ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT[] @@ -933,17 +1010,22 @@ invalid integrity tag. endif::[] -ifdef::ACTION_OPEN,ACTION_LUKSADDKEY,ACTION_LUKSDUMP[] +ifdef::ACTION_OPEN,ACTION_LUKSADDKEY,ACTION_LUKSDUMP,ACTION_TOKEN[] *--unbound*:: -ifndef::ACTION_OPEN[] -Creates new or dumps existing LUKS2 unbound keyslot. -+ +ifdef::ACTION_LUKSADDKEY[] +Creates new LUKS2 unbound keyslot. +endif::[] +ifdef::ACTION_LUKSDUMP[] +Dumps existing LUKS2 unbound keyslot. endif::[] ifdef::ACTION_OPEN[] Allowed only together with --test-passphrase parameter, it allows one to test passphrase for unbound LUKS2 keyslot. Otherwise, unbound keyslot passphrase can be tested only when specific keyslot is selected via --key-slot parameter. endif::[] +ifdef::ACTION_TOKEN[] +Creates new LUKS2 keyring token assigned to no keyslot. Usable only with _add_ action. +endif::[] endif::[] ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[] diff -Nru cryptsetup-2.5.0/man/cryptsetup.8.adoc cryptsetup-2.6.1/man/cryptsetup.8.adoc --- cryptsetup-2.5.0/man/cryptsetup.8.adoc 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/man/cryptsetup.8.adoc 2023-02-09 16:12:17.000000000 +0000 @@ -21,7 +21,7 @@ and vulnerable to damage. In addition, cryptsetup provides limited support for the use of loop-AES -volumes, TrueCrypt, VeraCrypt, and BitLocker compatible volumes. +volumes, TrueCrypt, VeraCrypt, BitLocker and FileVault2 compatible volumes. For more information about specific cryptsetup action see *cryptsetup-*(8), where ** is the name of the @@ -389,6 +389,50 @@ please report all problems related to this compatibility extension to the cryptsetup project. +== FVAULT2 (Apple macOS FileVault2 compatible) EXTENSION + +cryptsetup supports the mapping of FileVault2 (FileVault2 full-disk +encryption) by Apple for the macOS operating system using a native Linux +kernel API. + +*NOTE:* cryptsetup supports only FileVault2 based on Core Storage and HFS+ +filesystem (introduced in MacOS X 10.7 Lion). +It does NOT support the new version of FileVault based on the APFS +filesystem used in recent macOS versions. + +Header formatting and FVAULT2 header changes are not supported; +cryptsetup never changes the FVAULT2 header on-device. + +FVAULT2 extension requires kernel userspace crypto API to be available +(for details, see TCRYPT section) and kernel driver for HFS+ (hfsplus) +filesystem. + +Cryptsetup should recognize the basic configuration for portable drives. + +The *fvault2Dump* command should work for all recognized FVAULT2 devices +and doesn't require superuser privilege. + +For unlocking with the *open*, a password must be provided. +Other unlocking methods are not supported. + +=== OPEN +*open --type fvault2 * + +fvault2Open (*old syntax*) + +Opens the FVAULT2 (a FileVault2-compatible) (usually the second +partition on the device) and sets up a mapping . + +See *cryptsetup-open*(8). + +=== DUMP +*fvault2Dump * + +Dump the header information of an FVAULT2 device. + +See *cryptsetup-fvault2Dump*(8). + +Note that cryptsetup does not use any macOS code or proprietary +specifications. Please report all problems related to this compatibility +extension to the cryptsetup project. + == MISCELLANEOUS ACTIONS === REPAIR diff -Nru cryptsetup-2.5.0/man/cryptsetup-fvault2Dump.8.adoc cryptsetup-2.6.1/man/cryptsetup-fvault2Dump.8.adoc --- cryptsetup-2.5.0/man/cryptsetup-fvault2Dump.8.adoc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/man/cryptsetup-fvault2Dump.8.adoc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,34 @@ += cryptsetup-fvault2Dump(8) +:doctype: manpage +:manmanual: Maintenance Commands +:mansource: cryptsetup {release-version} +:man-linkstyle: pass:[blue R < >] +:COMMON_OPTIONS: +:ACTION_BITLKDUMP: + +== Name + +cryptsetup-fvault2Dump - dump the header information of a FVAULT2 (FileVault2 compatible) device + +== SYNOPSIS + +*cryptsetup _fvault2Dump_ [] * + +== DESCRIPTION + +Dump the header information of a FVAULT2 (FileVault2 compatible) device. + +If the --dump-volume-key option is used, the FVAULT2 device volume key +is dumped instead of header information. You have to provide password +or keyfile to dump volume key. + +Beware that the volume key can be used to decrypt the data stored in +the container without a passphrase. +This means that if the volume key is compromised, the whole device has +to be erased to prevent further access. Use this option carefully. + +** can be [--dump-volume-key, --volume-key-file, --key-file, +--keyfile-offset, --keyfile-size, --timeout]. + +include::man/common_options.adoc[] +include::man/common_footer.adoc[] diff -Nru cryptsetup-2.5.0/man/cryptsetup-luksAddKey.8.adoc cryptsetup-2.6.1/man/cryptsetup-luksAddKey.8.adoc --- cryptsetup-2.5.0/man/cryptsetup-luksAddKey.8.adoc 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/man/cryptsetup-luksAddKey.8.adoc 2023-02-09 16:12:17.000000000 +0000 @@ -16,10 +16,12 @@ == DESCRIPTION -Adds a new passphrase. An existing passphrase must be supplied -interactively or via --key-file. The new passphrase to be added can be -specified interactively or read from the file given as the positional -argument. +Adds a keyslot protected by a new passphrase. An existing passphrase +must be supplied interactively, via --key-file or LUKS2 token (plugin). +Alternatively to existing passphrase user may pass directly volume key +(via --volume-key-file). The new passphrase to be added can be specified +interactively, read from the file given as the positional argument (also +via --new-keyfile parameter) or via LUKS2 token. *NOTE:* with --unbound option the action creates new unbound LUKS2 keyslot. The keyslot cannot be used for device activation. If you don't @@ -31,11 +33,39 @@ algorithm is always the same for all keyslots. ** can be [--key-file, --keyfile-offset, --keyfile-size, ---new-keyfile-offset, --new-keyfile-size, --key-slot, --volume-key-file, ---force-password, --hash, --header, --disable-locks, --iter-time, ---pbkdf, --pbkdf-force-iterations, --pbkdf-memory, --pbkdf-parallel, ---unbound, --type, --keyslot-cipher, --keyslot-key-size, --key-size, ---timeout, --verify-passphrase]. +--new-keyfile, --new-keyfile-offset, --new-keyfile-size, --key-slot, +--new-key-slot, --volume-key-file, --force-password, --hash, --header, +--disable-locks, --iter-time, --pbkdf, --pbkdf-force-iterations, +--pbkdf-memory, --pbkdf-parallel, --unbound, --type, --keyslot-cipher, +--keyslot-key-size, --key-size, --timeout, --token-id, --token-type, +--token-only, --new-token-id, --verify-passphrase]. include::man/common_options.adoc[] + +== EXAMPLES + +*NOTE*: When not specified otherwise interactive passphrase prompt is always default method. + +Add new keyslot using interactive passphrase prompt for both existing and new passphrase: + +*cryptsetup luksAddKey /dev/device* + +Add new keyslot using LUKS2 tokens to unlock existing keyslot with interactive passphrase prompt for new passphrase: + +*cryptsetup luksAddKey --token-only /dev/device* + +Add new keyslot using LUKS2 systemd-tpm2 tokens to unlock existing keyslot with interactive passphrase prompt for new passphrase (systemd-tpm2 token plugin must be available): + +*cryptsetup luksAddKey --token-type systemd-tpm2 /dev/device* + +Add new keyslot using interactive passphrase prompt for existing keyslot, reading new passphrase from key_file: + +*cryptsetup luksAddKey --new-keyfile key_file /dev/device* or +*cryptsetup luksAddKey /dev/device key_file* + +Add new keyslot using volume stored in volume_key_file and LUKS2 token in slot 5 to get new keyslot passphrase (token in slot 5 must exist +and respective token plugin must be available): + +*cryptsetup luksAddKey --volume-key-file volume_key_file --new-token-id 5 /dev/device* + include::man/common_footer.adoc[] diff -Nru cryptsetup-2.5.0/man/cryptsetup-open.8.adoc cryptsetup-2.6.1/man/cryptsetup-open.8.adoc --- cryptsetup-2.5.0/man/cryptsetup-open.8.adoc 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/man/cryptsetup-open.8.adoc 2023-02-09 16:12:17.000000000 +0000 @@ -8,7 +8,7 @@ == Name -cryptsetup-open, cryptsetup-create, cryptsetup-plainOpen, cryptsetup-luksOpen, cryptsetup-loopaesOpen, cryptsetup-tcryptOpen, cryptsetup-bitlkOpen - open an encrypted device and create a mapping with a specified name +cryptsetup-open, cryptsetup-create, cryptsetup-plainOpen, cryptsetup-luksOpen, cryptsetup-loopaesOpen, cryptsetup-tcryptOpen, cryptsetup-bitlkOpen, cryptsetup-fvault2Open - open an encrypted device and create a mapping with a specified name == SYNOPSIS @@ -59,9 +59,15 @@ Opens the LUKS device and sets up a mapping after successful verification of the supplied passphrase. -First, the passphrase is searched in LUKS tokens. If it's not found in -any token and also the passphrase is not supplied via --key-file, the -command prompts for it interactively. +First, the passphrase is searched in LUKS2 tokens unprotected by PIN. +If such token does not exist (or fails to unlock keyslot) and +also the passphrase is not supplied via --key-file, the command +prompts for passphrase interactively. + +If there is valid LUKS2 token but it requires PIN to unlock assigned keyslot, +it is not used unless one of following options is added: --token-only, +--token-type where type matches desired PIN protected token or --token-id with id +matching PIN protected token. ** can be [--key-file, --keyfile-offset, --keyfile-size, --readonly, --test-passphrase, --allow-discards, --header, --key-slot, @@ -141,6 +147,17 @@ . ** can be [--key-file, --keyfile-offset, --keyfile-size, --key-size, +--readonly, --test-passphrase, --allow-discards --volume-key-file, --tries, +--timeout, --verify-passphrase]. + +=== FileVault2 +*open --type fvault2 * + +fvault2Open (*old syntax*) + +Opens the FVAULT2 (a FileVault2 compatible) and sets up a mapping +. + +** can be [--key-file, --keyfile-offset, --keyfile-size, --key-size, --readonly, --test-passphrase, --allow-discards --volume-key-file, --tries, --timeout, --verify-passphrase]. diff -Nru cryptsetup-2.5.0/man/cryptsetup-token.8.adoc cryptsetup-2.6.1/man/cryptsetup-token.8.adoc --- cryptsetup-2.5.0/man/cryptsetup-token.8.adoc 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/man/cryptsetup-token.8.adoc 2023-02-09 16:12:17.000000000 +0000 @@ -12,7 +12,7 @@ == SYNOPSIS -*cryptsetup _token_ [] * +*cryptsetup _token_ [] * == DESCRIPTION @@ -40,13 +40,16 @@ Action _export_ writes requested token JSON to a file passed with --json-file or to standard output. +Action _unassign_ removes token binding to specified keyslot. Both token +and keyslot must be specified by --token-id and --key-slot parameters. + If --token-id is used with action _add_ or action _import_ and a token with that ID already exists, option --token-replace can be used to replace the existing token. ** can be [--header, --token-id, --key-slot, --key-description, --disable-external-tokens, --disable-locks, --disable-keyring, ---json-file, --token-replace]. +--json-file, --token-replace, --unbound]. include::man/common_options.adoc[] include::man/common_footer.adoc[] diff -Nru cryptsetup-2.5.0/man/Makemodule.am cryptsetup-2.6.1/man/Makemodule.am --- cryptsetup-2.5.0/man/Makemodule.am 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/man/Makemodule.am 2023-02-09 16:12:17.000000000 +0000 @@ -29,6 +29,7 @@ man/cryptsetup-config.8.adoc \ man/cryptsetup-tcryptDump.8.adoc \ man/cryptsetup-bitlkDump.8.adoc \ + man/cryptsetup-fvault2Dump.8.adoc \ man/cryptsetup-repair.8.adoc \ man/cryptsetup-benchmark.8.adoc \ man/cryptsetup-ssh.8.adoc \ @@ -64,6 +65,7 @@ man/cryptsetup-config.8 \ man/cryptsetup-tcryptDump.8 \ man/cryptsetup-bitlkDump.8 \ + man/cryptsetup-fvault2Dump.8 \ man/cryptsetup-repair.8 \ man/cryptsetup-benchmark.8 @@ -74,6 +76,7 @@ man/cryptsetup-loopaesOpen.8 \ man/cryptsetup-tcryptOpen.8 \ man/cryptsetup-bitlkOpen.8 \ + man/cryptsetup-fvault2Open.8 \ man/cryptsetup-luksErase.8 VERITYSETUP_MANPAGES = man/veritysetup.8 diff -Nru cryptsetup-2.5.0/man/veritysetup.8.adoc cryptsetup-2.6.1/man/veritysetup.8.adoc --- cryptsetup-2.5.0/man/veritysetup.8.adoc 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/man/veritysetup.8.adoc 2023-02-09 16:12:17.000000000 +0000 @@ -58,7 +58,7 @@ ** can be [--hash-offset, --no-superblock, --ignore-corruption or --restart-on-corruption, --panic-on-corruption, --ignore-zero-blocks, ---check-at-most-once, --root-hash-signature, --root-hash-file]. +--check-at-most-once, --root-hash-signature, --root-hash-file, --use-tasklets]. If option --root-hash-file is used, the root hash is read from instead of from the command line parameter. Expects hex-encoded text, @@ -213,6 +213,10 @@ kernel). This feature requires Linux kernel version 5.4 or more recent. +*--use-tasklets*:: +Try to use kernel tasklets in dm-verity driver for performance reasons. +This option is available since Linux kernel version 6.0. + *--deferred*:: Defers device removal in *close* command until the last user closes it. diff -Nru cryptsetup-2.5.0/po/cryptsetup.pot cryptsetup-2.6.1/po/cryptsetup.pot --- cryptsetup-2.5.0/po/cryptsetup.pot 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/cryptsetup.pot 2023-02-09 16:12:17.000000000 +0000 @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0\n" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-28 14:43+0200\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -16,83 +16,87 @@ "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "" -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "" -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "" -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "" -#: lib/libdevmapper.c:1689 lib/libdevmapper.c:1695 lib/libdevmapper.c:1787 -#: lib/libdevmapper.c:1790 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "" -#: lib/libdevmapper.c:1704 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "" -#: lib/libdevmapper.c:1716 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "" + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "" -#: lib/libdevmapper.c:1722 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "" -#: lib/libdevmapper.c:1726 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "" -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1739 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "" -#: lib/libdevmapper.c:1745 lib/libdevmapper.c:1793 lib/libdevmapper.c:1796 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "" -#: lib/libdevmapper.c:1751 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "" -#: lib/libdevmapper.c:2787 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "" -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random " "events.\n" msgstr "" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "" -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "" @@ -104,432 +108,444 @@ msgid "Error reading from RNG." msgstr "" -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "" -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "" -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "" -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "" -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "" -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "" -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2995 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "" -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "" -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "" -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "" -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "" -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3767 lib/luks2/luks2_reencrypt.c:4169 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "" -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "" -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1433 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "" + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 #: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "" -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "" -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "" -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "" -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "" -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "" -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "" -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "" -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2951 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "" -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "" -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "" -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "" -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#, c-format +msgid "Cannot wipe header on device %s." msgstr "" -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1769 lib/setup.c:2036 #, c-format -msgid "Cannot wipe header on device %s." +msgid "" +"Device %s is too small for activation, there is no remaining space for " +"data.\n" msgstr "" -#: lib/setup.c:1774 +#: lib/setup.c:1840 msgid "" "WARNING: The device activation will fail, dm-crypt is missing support for " "requested encryption sector size.\n" msgstr "" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "" -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "" -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3019 lib/luks2/luks2_reencrypt.c:4264 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "" -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "" -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "" -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "" -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "" -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "" -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "" -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "" -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "" -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "" -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "" -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "" -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "" -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "" -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "" "WARNING: Requested tag size %d bytes differs from %s size output (%d " "bytes).\n" msgstr "" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "" -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "" -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2847 -#: lib/luks2/luks2_reencrypt.c:3084 lib/luks2/luks2_reencrypt.c:3469 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "" -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "" -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2863 lib/luks2/luks2_reencrypt.c:4017 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "" -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2877 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "" -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2898 lib/luks2/luks2_reencrypt.c:3930 -#: lib/luks2/luks2_reencrypt.c:4021 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "" -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "" -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "" -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "" -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "" -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "" -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "" -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "" -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "" -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "" -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "" -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "" -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "" -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "" -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "" - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "" -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "" -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "" -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "" -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "" -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3575 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "" -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3594 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "" -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "" -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "" -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "" -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "" -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "" -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "" -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "" -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "" -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "" -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "" -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "" -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "" -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "" + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "" + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "" @@ -537,149 +553,153 @@ msgid "Cannot retrieve root hash for verity device." msgstr "" -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "" + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "" + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "" -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "" -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "" -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "" -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "" -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "" -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "" -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "" + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "" -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3792 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "" -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "" -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "" - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "" - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "" -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "" -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "" -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "" -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "" -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "" -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "" -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "" -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "" -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1408 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "" -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "" -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "" -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "" -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "" -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "" -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "" -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "" -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "" "Attaching loopback device failed (loop device with autoclear flag is " "required)." msgstr "" -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "" -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "" @@ -734,33 +754,27 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "" -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "" -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "" -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "" -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "" "Locking aborted. The locking path %s/%s is unusable (not a directory or " "missing)." msgstr "" -#: lib/utils_device_locking.c:109 -#, c-format -msgid "" -"Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "" - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "" "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." @@ -791,9 +805,9 @@ msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "" -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "" @@ -806,23 +820,24 @@ msgid "Failed to access temporary keystore device." msgstr "" -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "" -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "" -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "" @@ -838,184 +853,188 @@ msgid "LUKS keyslot %u is invalid." msgstr "" -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "" -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "" -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "" -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "" -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "" -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "" -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "" -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "" "does not contain LUKS header. Replacing header can destroy data on that " "device." msgstr "" -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "" "already contains LUKS header. Replacing header will destroy existing " "keyslots." msgstr "" -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" msgstr "" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "" -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "" -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "" -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "" -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "" -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "" -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "" -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "" -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "" -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "" -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "" -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "" -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "" -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "" -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "" -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "" -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "" -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "" "Data offset for LUKS header must be either 0 or higher than header size." msgstr "" -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:514 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "" -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "" -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "" -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "" -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "" + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "" -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "" -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "" @@ -1036,189 +1055,199 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "" -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "" -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "" -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "" -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "" -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "" -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "" -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "" -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "" -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "" -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "" -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "" "Unexpected metadata entry type '%u' found when parsing supported Volume " "Master Key." msgstr "" -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "" -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "" "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "" -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "" "Unexpected metadata entry value '%u' found when parsing supported Volume " "Master Key." msgstr "" -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "" -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "" -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %." msgstr "" -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "" -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "" -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "" -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "" -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "" -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "" -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "" -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %" msgstr "" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "" -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "" -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "" -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "" -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "" -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "" -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "" "WARNING: BitLocker volume size % does not match the underlying " "device size %" msgstr "" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "" "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "" -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "" "Cannot activate device, kernel dm-crypt is missing support for BITLK " "Elephant diffuser." msgstr "" -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "" "Cannot activate device, kernel dm-crypt is missing support for large sector " "size." msgstr "" -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "" +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "" + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "" + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1374,132 +1403,132 @@ "activation options to override)." msgstr "" -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "" -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "" "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "" -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." msgstr "" -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "" -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "" "WARNING: keyslots area (% bytes) is very small, available LUKS2 " "keyslot count is very limited.\n" msgstr "" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "" "Binary header with keyslot areas size differ on device and backup, restore " "failed." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "" "does not contain LUKS2 header. Replacing header can destroy data on that " "device." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "" "already contains LUKS2 header. Replacing header will destroy existing " "keyslots." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" "Replacing header with backup may corrupt the data on that device!" msgstr "" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" "Replacing header with backup may corrupt data." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4067 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "" "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "" "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "" @@ -1512,20 +1541,21 @@ msgid "Keyslot open failed." msgstr "" -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "" -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "" - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "" +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "" + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "" @@ -1550,7 +1580,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3725 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "" @@ -1613,253 +1643,253 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3862 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3874 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3888 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "" "Source and target device sizes don't match. Source %, target: " "%." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "" "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2670 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "" -#: lib/luks2/luks2_reencrypt.c:2747 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2787 +#: lib/luks2/luks2_reencrypt.c:2802 msgid "Invalid reencryption resilience parameters." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2809 +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "" "Moved segment too large. Requested size %, available space for: " "%." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2896 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2982 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2989 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3023 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "" "Data shift (% sectors) is less than future data offset (% " "sectors)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3030 lib/luks2/luks2_reencrypt.c:3518 -#: lib/luks2/luks2_reencrypt.c:3539 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3219 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3236 lib/luks2/luks2_reencrypt.c:4191 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3316 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3320 lib/luks2/luks2_reencrypt.c:3634 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3327 lib/luks2/luks2_reencrypt.c:3641 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3329 lib/luks2/luks2_reencrypt.c:3643 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3347 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3482 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3496 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3573 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3742 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3749 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3844 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3896 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3908 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3913 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3921 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4010 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4033 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4059 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "" "Fatal error while reencrypting chunk starting at %, % " "sectors long." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4063 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4068 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4122 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4128 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4135 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4157 lib/luks2/luks2_reencrypt.c:4204 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "" -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "" @@ -1867,18 +1897,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "" -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" +msgid "Enter token PIN: " msgstr "" -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" +msgid "Enter token %d PIN: " msgstr "" -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1097 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "" @@ -1902,10 +1932,10 @@ "data." msgstr "" -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:724 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "" @@ -1950,79 +1980,89 @@ "This dump should be always stored encrypted on safe place." msgstr "" -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" "This dump should be stored encrypted in a safe place." msgstr "" -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "" + +#: src/cryptsetup.c:747 +msgid "" +"Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "" "Resize of active device requires volume key in keyring but --disable-keyring " "option is set." msgstr "" -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "" -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "" "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit " "key (requested %u ms time)\n" msgstr "" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "" -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the " "reencryption operation is desirable (see luksDump output)\n" @@ -2030,552 +2070,590 @@ "genuine." msgstr "" -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "" -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "" -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "" -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." msgstr "" -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will " "contain invalid checksum).\n" msgstr "" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "" -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "" -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "" -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "" -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "" -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "" -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "" -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "" -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "" -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "" +"LUKS file container %s is too small for activation, there is no remaining " +"space for data." +msgstr "" + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "" "Cannot determine volume key size for LUKS without keyslots, please use --key-" "size option." msgstr "" -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "" -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "" -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "" "This is the last keyslot. Device will become unusable after purging this key." msgstr "" -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "" -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "" -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "" -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "" -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "" -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "" -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "" -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "" -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "" -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "" -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." msgstr "" -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "" -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "" -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "" -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "" -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "" -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "" -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" "Device will become unusable after this operation." msgstr "" -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "" -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "" -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "" -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "" -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "" -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "" -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "" -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "" -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "" -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "" -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "" + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "" + +#: src/cryptsetup.c:2983 msgid "" "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " "for TCRYPT device." msgstr "" -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "" "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT " "device type." msgstr "" -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "" "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "" -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "" "Option --veracrypt-query-pim is supported only for VeraCrypt compatible " "devices." msgstr "" -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "" "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "" -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "" -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "" -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "" -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "" -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "" "Option --offset with open action is only supported for plain and loopaes " "devices." msgstr "" -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "" -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "" "Sector size option with open action is supported only for plain devices." msgstr "" -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "" "Large IV sectors option is supported only for opening plain type device with " "sector size larger than 512 bytes." msgstr "" -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3032 msgid "" -"Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK " -"devices." +"Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and " +"FVAULT2 devices." msgstr "" -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "" -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "" -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "" -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "" "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "" -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "" -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "" -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "" -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "" -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "" -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "" "Option --integrity-no-wipe can be used only for format action with integrity " "extension." msgstr "" -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "" -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "" -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "" -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "" -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "" -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "" + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "" + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr "" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "" -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr "" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr "" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr "" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr "" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" msgstr "" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, " +"fvault2Open\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, " -"bitlkClose\n" +"bitlkClose, fvault2Close\n" msgstr "" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2585,34 +2663,34 @@ " optional key file for the new key for luksAddKey action\n" msgstr "" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" "Default compiled-in metadata format is %s (for luksFormat action).\n" msgstr "" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" "LUKS2 external token plugin support is %s.\n" msgstr "" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2624,7 +2702,7 @@ "\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2634,99 +2712,99 @@ "\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "" "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "" -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "" -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "" -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "" -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "" -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "" -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "" -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "" -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "" -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "" -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "" -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "" "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/" "argon2id." msgstr "" -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "" -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "" -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "" @@ -2754,72 +2832,72 @@ msgid "Cannot write to root hash file %s." msgstr "" -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "" -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "" -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "" -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "" -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "" -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "" -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "" -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr "" -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr "" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr "" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2829,7 +2907,7 @@ " hash of the root node on \n" msgstr "" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2838,13 +2916,13 @@ "Hash format: %u\n" msgstr "" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "" "Option --ignore-corruption and --restart-on-corruption cannot be used " "together." msgstr "" -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "" "Option --panic-on-corruption and --restart-on-corruption cannot be used " "together." @@ -3125,7 +3203,7 @@ msgid "Finished, time %s, %s, %s\n" msgstr "" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "" @@ -3137,42 +3215,42 @@ " %s" msgstr "" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "" -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "" -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "" -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "" -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "" -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "" -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "" -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "" @@ -3294,180 +3372,180 @@ "(block size: % bytes) detected on device %s." msgstr "" -#: src/utils_reencrypt.c:494 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "" "Encryption without detached header (--header) is not possible without data " "device size reduction (--reduce-device-size)." msgstr "" -#: src/utils_reencrypt.c:500 +#: src/utils_reencrypt.c:525 msgid "" "Requested data offset must be less than or equal to half of --reduce-device-" "size parameter." msgstr "" -#: src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:535 #, c-format msgid "" "Adjusting --reduce-device-size value to twice the --offset % " "(sectors).\n" msgstr "" -#: src/utils_reencrypt.c:540 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "" -#: src/utils_reencrypt.c:542 src/utils_reencrypt.c:549 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "" -#: src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "" -#: src/utils_reencrypt.c:611 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "" -#: src/utils_reencrypt.c:621 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "" -#: src/utils_reencrypt.c:657 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "" -#: src/utils_reencrypt.c:685 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "" -#: src/utils_reencrypt.c:693 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "" -#: src/utils_reencrypt.c:719 +#: src/utils_reencrypt.c:744 #, c-format msgid "" "Header file %s does not exist. Do you want to initialize LUKS2 decryption of " "device %s and export LUKS2 header to file %s?" msgstr "" -#: src/utils_reencrypt.c:767 +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "" -#: src/utils_reencrypt.c:820 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "" -#: src/utils_reencrypt.c:848 +#: src/utils_reencrypt.c:873 msgid "" "LUKS2 decryption is supported with detached header device only (with data " "offset set to 0)." msgstr "" -#: src/utils_reencrypt.c:983 src/utils_reencrypt.c:992 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "" -#: src/utils_reencrypt.c:1013 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "" "Key file can be used only with --key-slot or with exactly one key slot " "active." msgstr "" -#: src/utils_reencrypt.c:1022 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "" -#: src/utils_reencrypt.c:1034 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "" -#: src/utils_reencrypt.c:1086 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "" -#: src/utils_reencrypt.c:1140 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "" -#: src/utils_reencrypt.c:1242 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option " "(dangerous!)." msgstr "" -#: src/utils_reencrypt.c:1282 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" "Reencryption interrupted." msgstr "" -#: src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "" -#: src/utils_reencrypt.c:1304 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1320 src/utils_reencrypt.c:1342 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1348 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1421 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "" -#: src/utils_reencrypt.c:1469 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "" -#: src/utils_reencrypt.c:1482 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "" -#: src/utils_reencrypt.c:1488 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "" -#: src/utils_reencrypt.c:1494 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "" -#: src/utils_reencrypt.c:1500 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "" -#: src/utils_reencrypt.c:1506 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1513 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "" diff -Nru cryptsetup-2.5.0/po/cs.po cryptsetup-2.6.1/po/cs.po --- cryptsetup-2.5.0/po/cs.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/cs.po 2023-02-09 16:12:17.000000000 +0000 @@ -3,7 +3,7 @@ # This file is distributed under the same license as the cryptsetup package. # Milan Broz , 2010. # Petr Pisar , 2010, 2011, 2012, 2013, 2014, 2015, 2016. -# Petr Pisar , 2017, 2018, 2019, 2020, 2021, 2022. +# Petr Pisar , 2017, 2018, 2019, 2020, 2021, 2022, 2023. # # See `LUKS On-Disk Format Specification' document to clarify some terms. # @@ -29,10 +29,10 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-07-14 20:38+02:00\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-02 18:11+01:00\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" @@ -42,67 +42,71 @@ "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Nelze inicializovat device-mapper, nespuštěno superuživatelem." -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Nelze inicializovat device-mapper. Je jaderný modul dm_mod zaveden?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "Požadovaný příznak odložení není podporován." -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID pro zařízení %s bylo zkráceno." -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "Neznámý druh cíle DM." -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "Požadované výkonnostní volby dm-cryptu nejsou podporovány." -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Požadované volby, jak zacházet s poškozením dat dm-verity, nejsou podporovány." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "Požadovaná volba taskletu dm-cryptu není podporována." + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "Požadované FEC volby dm-cryptu nejsou podporovány." -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "Požadované volby integrity dat nejsou podporovány." -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "Požadované volby sector_size není podporována." -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Požadovaný automatický přepočet značek integrity není podporován." -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "Zahazování (TRIM) není podporováno." -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Požadovaný režim bitmapy integrity DM není podporován." -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "Dotaz na část dm-%s selhal." -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -111,16 +115,16 @@ "Aby bylo možné nasbírat náhodné události, žádáme uživatele, aby pohyboval\n" "myší nebo psal text do jiného okna.\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Vytváří se klíč (%d %% hotovo).\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Režim FIPS zapnut." -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "Fatální chyba během přípravy generátoru náhodných čísel." @@ -132,431 +136,441 @@ msgid "Error reading from RNG." msgstr "Chyba při čtení z generátoru náhodných čísel." -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "Implementaci šifrovacího generátoru náhodných čísel nelze inicializovat." -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "Implementaci šifrování nelze inicializovat." -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Hašovací algoritmus %s není podporován." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Chyba zpracování klíče (za použití haše %s)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Druh zařízení nelze určit. Nekompatibilní aktivace zařízení?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "Tato operace je podporována jen u zařízení LUKS." -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "Tato operace je podporována jen u zařízení LUKS2." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "Všechny pozice klíčů jsou obsazeny." -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Pozice klíče %d není platná, prosím, vyberte číslo mezi 0 a %d." -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Pozice klíče %d je obsazena, prosím, vyberte jinou." -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "Velikost zařízení není zarovnaná na velikost logického sektoru zařízení." -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "Nalezena hlavička, ale zařízení %s je příliš malé." -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "Tato operace není na zařízení tohoto typu podporována." -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "Zakázaná operace spolu s probíhajícím přešifrování." -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "Nahrání původních metadat LUKS2 do paměti selhalo." + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Zařízení %s není platným zařízením LUKS." -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Nepodporovaná verze LUKS %d." -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "Zařízení %s není aktivní." -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Zařízení nižší úrovně pod šifrovaným zařízením %s zmizelo." -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "Neplatné parametry plain šifry." -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "Neplatná velikost klíče." -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "UUID není na šifře tohoto typu podporováno." -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "Zařízení s oddělenými metadaty není na šifře tohoto typu podporováno." -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "Nepodporovaná velikost šifrovaného sektoru." -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "Velikost zařízení není zarovnaná na požadovanou velikost sektoru." -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "LUKS nelze bez zařízení naformátovat." -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "Požadované zarovnání dat není slučitelné s polohou dat." -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "POZOR: Poloha dat je mimo nyní dostupné zařízení s daty.\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 #, c-format msgid "Cannot wipe header on device %s." msgstr "Ze zařízení %s nelze odstranit hlavičku." -#: lib/setup.c:1774 +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Zařízení %s je na aktivaci příliš malé. Nezbývá žádné místo pro data.\n" + +#: lib/setup.c:1840 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "POZOR: Aktivace zařízení selže, dm-crypt nepodporuje požadovanou velikost šifrovaného sektoru.\n" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Klíč svazku je příliš malý na šifrovaní s rozšířeními pro integritu." -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Šifra %s-%s (velikost klíče %zd bitů) není dostupná." -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "POZOR: Metadata LUKS2 změnila velikost na % bajtů.\n" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "POZOR: Oblast s pozicemi klíčů pro LUKS2 změnila velikost na % bajtů.\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "Zařízení %s je příliš malé." -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "Zařízení %s, které se používá, nelze formátovat." -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Zařízení %s nelze formátovat, povolení zamítnuto." # FIXME "format integrity" is nonsense -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "Zařízení %s není možné formátovat integritu." -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "Zařízení %s nelze formátovat." -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "LOOPAES nelze bez zařízení naformátovat." -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "VERITY nelze bez zařízení naformátovat." -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Nepodporovaný druh VERITY haše %d." -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Nepodporovaná velikost bloku VERITY." -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Nepodporovaná poloha haše VERITY." -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "Nepodporovaná poloha VERITY FEC." -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "Oblast dat se překrývá s oblastí haše." -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "Oblast FEC se překrývá s oblastí haše." -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "Oblast dat se překrývá s oblastí FEC." -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "POZOR: Požadovaná velikost značky %d bajtů se liší od výstupu velikosti %s (%d bajtů).\n" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Požadován neznámý typ šifrovaného zařízení %s." -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "Nepodporované parametry na zařízení %s." -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "Neodpovídající parametry an za zařízení %s." -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "Zařízení dmcryptu si neodpovídají." -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "Zařízení %s nebylo možné znovu zavést." -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "Zařízení %s nebylo možné pozastavit." -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "Zařízení %s nebylo možné probudit." -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Nepřekonatelná chyba při zavádění zařízení %s (nad zařízením %s)." -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Zařízení %s nebylo možné přepnout do dm-error." -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "Nelze změnit velikost zařízení zpětné smyčky." -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "" "POZOR: Maximální velikost je již nastavena nebo změna velikosti není jádrem\n" "podporována.\n" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "Změna velikosti selhala, jádro ji nepodporuje." -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "Opravdu chcete změnit UUID zařízení?" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "Soubor se zálohou hlavičky neobsahuje kompatibilní hlavičku LUKS." -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "Svazek %s není aktivní." -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "Svazek %s je již uspán." -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "Uspání není na zařízení %s podporováno." -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "Chyba při uspávání zařízení %s." -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "Probuzení není na zařízení %s podporováno." -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "Chyba při probouzení zařízení %s." -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "Svazek %s není uspán." -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "Heslo svazku neodpovídá svazku." -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "Nelze přidat pozici klíče, všechny pozice jsou zakázány a klíč svazku nebyl poskytnut." - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "Záměna novou pozicí klíče se nezdařila." -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "Pozice klíče %d je neplatná." -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "Pozice klíče %d není aktivní." -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "Hlavička zařízení se překrývá s datovou oblastí." -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "Přešifrování již probíhá. Zařízení nelze aktivovat." -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "Získání zámku pro přešifrování selhalo." -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "Obnova přešifrování LUKS2 selhalo." -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "Typ zařízení není řádně inicializován." -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "Zařízení %s již existuje." -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Zařízení %s nelze použít. Název není platný nebo zařízení se stále používá." -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "Byl zadán neplatný klíč svazku." -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "K zařízení VERITY byl zadán neplatný kořenový haš." -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "Je potřeba podpis kořenového otisku." -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Jaderná klíčenka chybí: je potřeba pro předání podpisu do jádra." -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "Klíč se nepodařilo přidat do jaderné klíčenky." -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Odložené odebrání zařízení %s nebylo možné zrušit." -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Zařízení %s se stále používá." -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "Neplatné zařízení %s." -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "Vyhrazená paměť pro klíč svazku je příliš malá." -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Nelze získat klíč svazku pro zařízení LUKS2." + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Nelze získat klíč svazku pro zařízení LUKS1." + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "Nelze získat klíč svazku pro otevřené zařízení." @@ -564,148 +578,152 @@ msgid "Cannot retrieve root hash for verity device." msgstr "K zařízení VERITY nelze získat kořenový otisk." -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Nelze získat klíč svazku pro zařízení BITLK." + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Nelze získat klíč svazku pro zařízení FVAULT2." + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Na šifrovaném zařízení %s není tato operace podporována." -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "Operace výpisu není na zařízení tohoto typu podporována." -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Počátek dat není násobkem %u bajtů." -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Zařízení %s, které se stále používá, nelze konvertovat." -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Přiřazení pozice klíče %u jakožto nového klíče svazku se nezdařilo." -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Inicializace parametrů výchozí pozice klíče LUKS2 selhala." -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Přiřazení pozice klíče %d k otisku se nezdařilo." -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Nelze přidat pozici klíče, všechny pozice jsou zakázány a klíč svazku nebyl poskytnut." + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "Jaderná klíčenka není jádrem podporována." -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Čtení hesla z klíčenky selhalo (chyba %d)." -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Získání zámku pro tvrdý přístup do globální paměti selhalo." -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "Nelze zjistit prioritu procesu." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "Paměť nelze odemknout." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "Soubor s klíčem se nepodařilo otevřít." -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "Soubor s klíčem nelze z terminálu přečíst." -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "O souboru s klíčem nebylo možné zjistit údaje." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "Nelze se přesunout na požadované místo v souboru s klíčem." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "Při čtení hesla došla paměť." -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "Chyba při čtení hesla." -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "Na vstupu není nic k přečtení." -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "Maximální délka souboru s klíčem překročena." -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "Požadované množství dat nelze načíst." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "Zařízení %s neexistuje nebo přístup byl zamítnut." -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "Zařízení %s není kompatibilní." -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "U zařízení s daty se ignoruje chybná optimální velikost I/O (%u bajtů)." # TODO: Pluralize -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "Zařízení %s je příliš malé. Je třeba alespoň % bajtů." -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Zařízení %s nelze použít, protože se již používá (již namapováno nebo připojeno)." -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Zařízení %s nelze použít, povolení zamítnuto." -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "O zařízení %s nelze získat údaje." -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "Zařízení typu loopback nelze použít, nespuštěno superuživatelem." -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Připojení zařízení zpětné smyčky selhalo (požadováno zařízení s příznakem autoclear)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Požadovaná poloha je za hranicí skutečné velikosti zařízení %s." -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "Zařízení %s má nulovou velikost." @@ -759,30 +777,25 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "V režimu FIPS je podporován jen PBKDF2." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Porovnání výkonu PBKDF je zakázáno, ale počet iterací není nastaven." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Neslučitelné volby PBKDF2 (při použití hašovacího algoritmu %s)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "Neslučitelné volby PBKDF." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Zamykání zrušeno. Zamykací cesta %s/%s je nepoužitelná (není adresářem nebo neexistuje)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "Zamykací adresář %s/%s bude vytvořen s výchozími zakompilovanými právy." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Zamykání zrušeno. Zamykací cesta %s/%s je nepoužitelná (%s není adresářem)." @@ -814,9 +827,9 @@ msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "Zápis šifry by měl být ve tvaru [šifra]-[režim]-[iv]." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Na zařízení %s nelze zapsat, povolení zamítnuto." @@ -829,23 +842,24 @@ msgid "Failed to access temporary keystore device." msgstr "Přístup do dočasného zařízení s úložištěm klíče selhal." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "Chyba vstupu/výstupu při šifrování pozice klíče." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Zařízení %s nelze otevřít." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "Chyba vstupu/výstupu při dešifrování pozice klíče." @@ -861,54 +875,54 @@ msgid "LUKS keyslot %u is invalid." msgstr "Pozice %u klíče LUKS není platná." -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "Požadovaný soubor se zálohou hlavičky %s již existuje." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "Soubor se zálohou hlavičky %s nelze vytvořit." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "Nelze zapsat soubor %s se zálohou hlavičky." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "Záložní soubor neobsahuje platnou hlavičku LUKS." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "Nelze otevřít soubor se zálohou hlavičky %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "Soubor se zálohou hlavičky %s nelze načíst." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "Počátek dat nebo velikost klíče se liší mezi zařízením a zálohou, obnova se nezdařila." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "Zařízení %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "neobsahuje hlavičku LUKS. Nahrazení hlavičky může zničit data na daném zařízení." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "již obsahuje hlavičku LUKS. Nahrazení hlavičky zničí existující pozice s klíči." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -916,127 +930,131 @@ "\n" "POZOR: hlavička ve skutečném zařízení má jiné UUID než záloha!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "Nestandardní velikost klíče, je třeba ruční opravy." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "Nestandardní zarovnání pozice klíče, je třeba ruční opravy." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Režim šifry opraven (%s → %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Haš šifry opraven na malý písmena (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "Požadovaný haš LUKSu %s není podporován." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Opravují se pozice klíčů." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Pozice klíče %i: poloha opravena (%u → %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Pozice klíče %i: proklad opraven (%u → %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Pozice klíče %i: chybná značka oddílu." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Pozice klíče %i: sůl vymazána." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "Hlavička LUKS se zapisuje na disk." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "Oprava selhala." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "Režim LUKS šifry %s není platný." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "LUKS haš %s není platný." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "V hlavičce LUKS nenalezen žádný známý problém." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Chyba při aktualizaci hlavičky LUKS na zařízení %s." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Chyba při opakovaném čtení hlavičky LUKS po aktualizaci zařízení %s." # TODO: Pluralize -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Poloha dat u hlavičky LUKS musí být buď 0 nebo více než velikost hlavičky." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "Poskytnut UUID LUKSu ve špatném tvaru." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "Hlavičku LUKS nelze vytvořit: čtení náhodné soli selhalo." -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "Hlavičku LUKS nelze vytvořit: výpočet otisku hlavičky (haš %s) selhal." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "Pozice klíče %d je aktivní, nejprve ji uvolněte." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Pozice klíče %d obsahuje příliš málo útržků. Manipulace s hlavičkou?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Čítač opakování PBKDF2 přetekl." + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Pozici s klíčem nezle otevřít (za použití haše %s)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Pozice klíče %d není platná, prosím, vyberte pozici mezi 0 a %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Zařízení %s není možné smazat." @@ -1057,177 +1075,188 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "Jádro nepodporuje mapování kompatibilní s loop-AES." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "Chyba při čtení souboru s klíčem %s" -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Překročena maximální délka hesla TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Hašovací algoritmus PBKDF2 %s není podporován, přeskakuje se." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "Požadované kryptografické rozhraní jádra není dostupné." -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Ujistěte se, že jaderný modul algif_skcipher je zaveden." -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Aktivace nad sektory o velikosti %d není podporována." -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Jádro nepodporuje aktivaci v tomto zastaralém režimu TCRYPT." -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Aktivuje se systémové šifrování TCRYPT pro oddíl %s." -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Jádro nepodporuje mapování kompatibilní s TCRYPT." -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "Bez dat s hlavičkou TCRYPT není tato funkce podporována." -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Při rozboru podporovaného hlavního klíče svazku byla nalezena položka nečekaného typu „%u“." -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "Při rozboru hlavního svazku klíče byl nalezen neplatný řetězec." -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Při rozboru hlavního klíče svazku byl nalezen nečekaný řetězec („%s“)." -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "Při rozboru hlavního klíče svazku byl nalezen záznam metadat s nečekanou hodnotou „%u“." -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "BITLK verze 1 není v současnosti podporován." -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Neplatná nebo neznámá značka zavaděče zařízení BITLK." -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %." msgstr "Nepodporovaná velikost sektoru %." -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Z %s nebylo možné načíst hlavičku BITLK." -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Z %s nebylo možné přečíst metadata BITLK FVE." -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Neznámý nebo nepodporovaný druh šifrování." -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Z %s nebylo možné načíst položky metadat BITLK." -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "Převod popisu svazku BITLK se nezdařil" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Při rozboru externího klíče byla v metadatech nalezena položka nečekaného typu „%u“." -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "GUID „%s“ souboru BEK neodpovídá GUID svazku." -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Při rozboru externího klíče byla v metadatech nalezena položka s nečekanou hodnotou „%u“." -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %" msgstr "Nepodporovaná metadata BEK verze %." -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "Nečekaná velikost metadat BEK % neodpovídá délce souboru BEK" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Při rozboru startovacího klíče byla v metadatech nalezena nečekaná položka." -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "Tato operace není podporována." -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "Nečekaná velikost údajů o klíči." -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Toto zařízení BITLK je v nepodporovaném stavu a nelze jej aktivovat." -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Zařízení BITLK s typem „%s“ nelze aktivovat." -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Aktivace částečně dešifrovaného zařízení BITLK není podporována." -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "WARNING: BitLocker volume size % does not match the underlying device size %" msgstr "POZOR: Velikost svazku BitLockeru % neodpovídá velikosti zařízení ve zpod %" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu inicializačního vektoru BITLK." -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu difuzéru Elephant BITLK." -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu velikostí velkých sektorů." -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Zařízení nelze aktivovat. Chybí jaderný modul dm-zero." +# FIXME: Pluralize +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Z hlavičky svazku nebylo možné přečíst %u bajtů." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "Nepodporovaná verze FVAULT2 %." + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1382,17 +1411,17 @@ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Jádro odmítá aktivovat volbu nebezpečného přepočtu (pro přebití vizte zastaralé volby aktivace)" -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Získání zámku pro zápis do zařízení %s selhalo." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Zjištěn pokus o současnou aktualizaci metadat LUKS2. Operace se ruší." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1400,50 +1429,50 @@ "Zařízení obsahuje nejednoznačný vzorec. LUKS2 nelze automaticky obnovit.\n" "Prosím, spusťte obnovu příkazem „cryptsetup repair“." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "Požadovaná poloha dat je příliš nízká." # TODO: Pluralize -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "POZOR: oblast s pozicemi klíčů (% bajtů) je příliš malá, dostupný počet pozic klíčů LUKS2 je značně omezen.\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Získání zámku pro čtení ze zařízení %s selhalo." -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "V záloze %s byly zjištěny zakázané požadavky na LUKS2." -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "Počátek dat se liší mezi zařízením a zálohou, obnova se nezdařila." -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Velikost binární hlavičky s oblastí pro pozice klíčů se liší mezi zařízením a zálohou, obnova se nezdařila." -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "Zařízení %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "neobsahuje hlavičku LUKS2. Nahrazení hlavičky může zničit data na daném zařízení." -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "již obsahuje hlavičku LUKS2. Nahrazení hlavičky zničí existující pozice s klíči." -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1453,7 +1482,7 @@ "POZOR: Ve skutečné hlavičce zařízení byly objeveny neznámé požadavky na LUKS2!\n" "Nahrazení hlavičky zálohou může zničit data na zařízení!" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1463,50 +1492,50 @@ "POZOR: Na zařízení bylo objeveno nedokončené offline přešifrování!\n" "Nahrazení hlavičky zálohou může zničit data." -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "Neznámý příznak %s ignorován." -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Chybí klíč pro dm-crypt část %u." -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "Nastavení části dm-crypt selhalo." -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "Nastavení části dm-linear selhalo." -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "Nepodporovaná konfigurace integrity zařízení." -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Probíhá přešifrování. Zařízení nelze deaktivovat." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Výměna pozastaveného zařízení %s za cíl dm-error selhala." -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "Čtení požadavků na LUKS2 selhalo." -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "Zjištěny nesplněné požadavky na LUKS2." -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Operace se neslučuje se zařízením označeným pro zastaralé přešifrování. Operace se ruší." -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Operace se neslučuje se zařízením označeným pro přešifrování LUKS2. Operace se ruší." @@ -1518,20 +1547,21 @@ msgid "Keyslot open failed." msgstr "Otevření pozice s klíčem selhalo." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Šifru %s-%s nelze použít pro pozici s klíčem." -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "Pro novou pozicí klíče není místo." - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "Hašovací algoritmus %s není dostupný." +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "Pro novou pozicí klíče není místo." + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "Požadována neplatná změna režimu odolnosti při přešifrování." @@ -1554,7 +1584,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Hlavičky s dodatečnými metadaty LUKSMETA nelze převést." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "LUKS2 neumožňuje použít šifru zadanou jako %s-%s." @@ -1613,240 +1643,244 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Nelze převést do formátu LUKS1 – pozice s klíče %u není slučitelná s LUKS1." -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Velikost horké zóny musí být násobek vypočteného zarovnání zóny (%zu bajtů)." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Velikost zařízení musí být násobek vypočteného zarovnání zóny (%zu bajtů)." -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "Obálku pro starou část úložiště se nepodařilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "Obálku pro novou část úložiště se nepodařilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "Ochranu horké zóny se nepodařilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "Kontrolní součty pro aktuální horkou zónu se nepodařilo přečíst." -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Čtení oblasti s horkou zónou počínaje na % selhalo." -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Sektor %zu nebylo možné rozšifrovat." -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "Sektor %zu nebylo možné obnovit." -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Velikosti zdrojového a cílového zařízení se neshodují. Zdroj %, cíl %." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Aktivace zařízení horké zóny %s selhala." -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Aktivace překryvného zařízení %s se skutečnou tabulkou původu selhala." -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Zavedení nového mapování pro zařízení %s selhalo." -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "Zásobník zařízení k přešifrování se nepodařilo obnovit." -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "Nastavení velikosti nové oblasti s pozicemi klíčů selhalo." -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "Hodnota posunu dat není zarovnána s velikostí šifrovaného sektoru (% bajtů)." -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Nepodporovaný režim odolnosti %s" -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "Velikost přesunované oblasti nemůže být větší než hodnota posunu dat." -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "Neplatné parametry režimu odolnosti při přešifrování." + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %, available space for: %." msgstr "Přesunovaná oblast je příliš velká. Požadovaná velikost %, dostupné místo %." -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "Vyprázdnění tabulky selhalo." -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "Zmenšená velikost dat je větší než velikost skutečného zařízení" -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "Zařízení s daty není zarovnáno na velikost šifrovaného sektoru (% bajtů)." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Posun dat (% sektorů) je menší než budoucí poloha dat (% sektorů)." -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Zařízení %s nebylo možné otevřít ve výlučném režimu (již namapováno nebo připojeno)." -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "Zařízení není označeno pro přešifrování LUKS2." -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "Načtení kontextu přešifrování LUKS2 selhalo." -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "Stavu přešifrování se nepodařilo zjistit." -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "Zařízení se nepřešifrovává." -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "Proces přešifrování již běží." -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "Získání zámku pro přešifrování selhalo." -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "V přešifrování nelze pokračovat. Spusťte nejprve obnovu přešifrování." -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "Aktivní velikost zařízení a velikost požadovaná k přešifrování si neodpovídají." -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "V parametrech přešifrování je požadována zakázaná velikost zařízení." -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Probíhá přešifrování. Obnovu nelze provést." -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "V metadatech je přešifrování LUKS2 již inicializováno." -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Inicializace přešifrování LUKS2 v metadatech selhala." -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Nastavení segmentů zařízení pro další horkou zónu přešifrování selhalo." -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "Metadata pro odolnost při přešifrování se nepodařilo zapsat." -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "Rozšifrování selhalo." -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Zápis oblasti s horkou zónou počínaje na % selhal." -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "Synchronizace dat selhala." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Po dokončení přešifrování aktuální horké zóny se nepodařilo aktualizovat metadata." -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "Zápis metadat LUKS2 selhal." -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "Vyčištění oblasti zařízení s nepoužívanými daty selhalo." -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Odstranění nepoužívané (nepřiřazené) pozice s klíčem %d selhalo." -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "Odstranění pozice s klíčem přešifrování selhalo." -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Nepřekonatelná chyba při přešifrování bloku na pozici % dlouhého % sektorů." -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "Přešifrování za běhu selhalo." -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "Zařízení neprobouzejte, dokud jej ručně nenahradíte chybovým cílem." -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "V přešifrování nelze pokračovat. Přešifrování se nachází v nečekaném stavu." -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "Chybějící nebo neplatný kontext přešifrování." -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "Zásobník zařízení k přešifrování se nepodařilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "Kontext přešifrování se nepodařilo aktualizovat." -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "Metadata o přešifrování jsou neplatná." @@ -1854,18 +1888,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Parametry pro šifrování pozice s klíčem lze nastavit jen u zařízení LUKS2." -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "Zadejte PIN k tokenu:" +msgid "Enter token PIN: " +msgstr "Zadejte PIN k tokenu: " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "Zadejte PIN k tokenu %d:" +msgid "Enter token %d PIN: " +msgstr "Zadejte PIN k tokenu %d: " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Nelze najít žádný známý vzorek se specifikaci šifry." @@ -1883,10 +1917,10 @@ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Na %s byla nalezen vzorec zařízení. Pokračování může poškodit existující data." -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "Operace zrušena.\n" @@ -1933,7 +1967,7 @@ "který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n" "Tento výpis by měl být vždy uložen na bezpečném místě a v zašifrované podobě." -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1943,69 +1977,78 @@ "který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n" "Tento výpis by měl být uložen na bezpečném místě a v zašifrované podobě." -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Zařízení %s není platným zařízením FVAULT2." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Nelze určit velikost klíče svazku pro FVAULT2. Prosím, použijte přepínač --key-size." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Zařízení %s je stále aktivní a naplánováno pro odložené odstranění.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Změna velikosti aktivního zařízení vyžaduje klíč svazku v klíčence. Byl však použit přepínač --disable-keyring." -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "Hodnocení výkonu přerušeno." -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s –\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u iterací za sekundu pro %zubitový klíč\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s –\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u iterací, %5u paměti, %1u souběžných vláken (procesorů) pro %zubitový klíč (požadován čas %u ms)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "Výsledek hodnocení výkonu není spolehlivý." # ???: are aproximated? -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Testy jsou počítány jen z práce s pamětí (žádné I/O úložiště).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*sAlgoritmus | Klíč | Šifrování | Dešifrování\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Šifra %s (s %ibitovým klíčem) není dostupná." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algoritmus | Klíč | Šifrování | Dešifrování\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "–" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -2014,27 +2057,27 @@ "přešifrování je žádoucí (vizte výstup luksDump) a pokračujte (zvýšení verze\n" "metadat) pouze, když poznáte, že operace je chtěná." -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Zadejte heslo pro ochránění metadat o přešifrování a pro zvýšení jejich verze: " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Opravdu pokračovat s obnovou přešifrování LUKS2?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Zadejte heslo pro ověření otisku metadat o přešifrování: " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "Zadejte heslo pro obnovení přešifrování: " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "Opravdu se pokusit opravit hlavičku zařízení LUKS?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2042,7 +2085,7 @@ "\n" "Výmaz přerušen." -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2051,121 +2094,130 @@ "Lze přerušit pomocí Ctrl+C (zbytek nesmazaného zařízení bude obsahovat\n" "neplatné součty).\n" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Dočasné zařízení %s nelze deaktivovat." -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "Volby integrity lze použít jen při formátu LUKS2." -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "Nepodporované volby velikosti metadat LUKS2." -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "Soubor s hlavičkou neexistuje. Chcete jej vytvořit?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "Soubor s hlavičkou %s nelze vytvořit." -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Nelze najít žádný známý vzorek se specifikací integrity." -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "%s nelze použít pro hlavičku uvnitř disku." -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Toto nevratně přepíše data na %s." -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Nastavení parametrů PBKDF selhalo." -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Zmenšená poloha dat je dovolena jen u oddělené hlavičky LUKS." -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "Souborový kontejner LUKS %s je na aktivaci příliš malý. Nezbývá žádné místo pro data." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Bez pozic pro klíče nelze určit velikost LUKS klíče svazku. Prosím, použijte přepínač --key-size." -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "Zařízení aktivováno, ale příznaky nelze učinit trvalými." -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Ke smazání vybrán klíč na pozici %d." -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "" "Toto je poslední pozice klíče. Smazáním tohoto klíče přijdete o možnost\n" "zařízení použít." -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "Zadejte jakékoliv jiné heslo: " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Operace zrušena, pozice klíče NEBYLA vymazána.\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "Zadejte heslo, které se má smazat: " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Zařízení %s není platným zařízením LUKS2." -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "Zadejte nové heslo pro pozici klíče: " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "POZOR: Parametr --key-slot se použije pro číslo nové pozice klíče.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Zadejte jakékoliv existující heslo: " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "Zadejte heslo, které má být změněno: " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Zadejte nové heslo: " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "Zadejte heslo pro pozici klíče, který má být převeden: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "U operace isLuks je podporován pouze jeden argument se zařízením." -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Pozice klíče %d neobsahuje nepřiřazený klíč." -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2173,40 +2225,40 @@ "Výpis hlavičky s nepřiřazeným klíčem je citlivý údaj.\n" "Tento výpis by měl být uložen na bezpečném místě a v zašifrované podobě." -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "%s není název aktivního zařízení %s." -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s není název aktivního zařízení LUKS nebo mu chybí hlavička." -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "Je vyžadován přepínač --header-backup-file." -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s není zařízení spravované nástrojem cryptsetup." -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Reaktivace není na zařízení typu %s podporována" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Nerozpoznaná metadata druhu zařízení %s." -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "Příkaz vyžaduje jako argumenty zařízení a mapovaný název." -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2215,330 +2267,356 @@ "Tento úkon smaže všechny pozice s klíči na zařízení %s.\n" "Po jeho dokončení zařízení bude nepoužitelné." -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Operace zrušena, pozice s klíči NEBYLY smazány.\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Neplatný druh formátu LUKS. Podporován je pouze LUKS1 a LUKS2." -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "Zařízení je již druhu %s." -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Tato operace převede formát %s na %s.\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "Operace zrušena, zařízení NEBYLO převedeno.\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "Chybí přepínač --priority, --label nebo --subsystem." -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "Token %d je neplatný." -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "Token %d se používá." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Přidání tokenu %d klíčenky LUKS2 selhalo." -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Přiřazení tokenu %d do pozice s klíčem %d selhalo." -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "Token %d se nepoužívá." -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "Import tokenu ze souboru selhal." -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "Získání tokenu %d za účelem exportu selhalo." -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Token %d není přiřazen pozici s klíčem %d." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "Zrušení přiřazení tokenu %d k pozici s klíčem %d selhalo." + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Přepínač --tcrypt-hidden, --tcrypt-system nebo --tcrypt-backup je podporován jen u zařízení TCRYPT." -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Přepínače --veracrypt a --disable-veracrypt jsou podporovány jen u typu zařízení TCRYPT." -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Přepínač --veracrypt-pim je podporován jen u zařízení kompatibilním s VeraCrypt." -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Přepínač --veracrypt-query-pim je podporován jen u zařízení kompatibilním s VeraCrypt." -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Přepínače --veracrypt-pim a --veracrypt-query-pim se vzájemně vylučují." -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Přepínač --persistent není dovolen současně s --test-passphrase." -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Přepínače --refresh a --test-passphrase se vzájemně vylučují." -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "Přepínač --shared je dovolen jen při úkonu otevírání zařízení plain." -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Přepínač --skip je podporován jen při otevírání zařízení plain a loopaes." -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Při otevírání je přepínač --offset podporován jen u zařízení plain a loopaes." -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Přepínač --tcrypt-hidden nelze použít s přepínačem --allow-discards." -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "Otevírání s přepínačem velikosti sektoru je podporován jen u zařízení plain." # FIXME: "Large IV sectors" should read "IV large sectors". -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Volba inicializačního vektoru s velkými sektory je podporována jen při otevírání zařízení typu plain s velikostí sektoru větší než 512 bajtů." -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Přepínač --test-passphrase je dovolen pouze při otevírání zařízení LUKS, TCRYPT a BITLK." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "Přepínač --test-passphrase je dovolen pouze při otevírání zařízení LUKS, TCRYPT, BITLK a FVAULT2." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "Přepínače --device-size a --size nelze kombinovat." -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "Přepínač --unbound je dovolen jen při otevírání zařízení LUKS." -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Přepínač --unbound není dovolen současně s --test-passphrase." -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Přepínače --cancel-deferred a --deferred se vzájemně vylučují." -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "Přepínače --reduce-device-size a --data-size nelze kombinovat." -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Přepínač --active-name lze použít jen u zařízení LUKS2." -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Přepínače --active-name a --force-offline-reencrypt nelze kombinovat." -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "Je nutné určit pozici s klíčem." -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "Přepínače --align-payload a --offset nelze kombinovat." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Přepínač --integrity-no-wipe smí být použit jen při formátování s rozšířením integrity." -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "Je dovolen pouze jeden z přepínačů --use-[u]random." -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "Přepínač --unbound vyžaduje velikost klíče." -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "Neplatná operace tokenu." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "Parametr --key-description je při přidávání tokenu povinný." -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "Akce vyžaduje určitý token. Použijte parametr --token-id." -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "Přepínač --unbound lze použít pouze s akcí přidání." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Přepínače --key-slot a --unbound nelze kombinovat." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "Akce vyžaduje určitou pozici klíče. Použijte parametr --key-slot." + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr " [--type ] []" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "otevře zařízení jako " -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "zavře zařízení (odstraní mapování)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "změní velikost aktivního zařízení" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "zobrazí stav zařízení" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "[--cipher <šifra>]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "zhodnotí výkon šifry" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "pokusí se opravit metadata uložená na disku" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "přešifruje zařízení LUKS2" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "smaže všechny pozice s klíči (odstraní šifrovací klíč)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "převede formát LUKS do/z formátu LUKS2" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "nastaví trvalé volby konfigurace pro LUKS2" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr " []" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "naformátuje zařízení LUKS" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "do zařízení LUKS přidá klíč" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr " []" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "odstraní zadaný klíč nebo soubor s klíčem ze zařízení LUKS" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "změní zadaný klíč nebo soubor s klíčem u zařízení LUKS" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "převede klíč do nových parametrů PBKDF" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr " " -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "smaže klíč s číslem ze zařízení LUKS" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "zobrazí UUID zařízení LUKS" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "otestuje na hlavičku oddílu LUKS" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "vypíše údaje o oddílu LUKS" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "vypíše údaje o oddílu TCRYPT" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "vypíše údaje o zařízení BITLK" +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "vypíše údaje o zařízení FVAULT2" + # TODO: not consistent with previous line -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Uspí zařízení LUKS a smaže klíč (všechny operace budou zmrazeny)" # TODO: not consistent with previous line -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "Probudí uspané zařízení LUKS" # TODO: not consistent with previous line -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "Zálohuje hlavičku zařízení LUKS a jeho pozice s klíči" # TODO: not consistent with previous line -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "Obnoví hlavičku zařízení LUKS a jeho pozice s klíči" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr " " -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "Zachází s tokeny LUKS2" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2546,19 +2624,19 @@ "\n" " je jedna z:\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "Rovněž lze použít aliasy se starým zápisem :\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2573,7 +2651,7 @@ " je číslo pozice klíče LUKS, který se má upravit\n" " je volitelný soubor s novým klíčem pro akci luksAddKey\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2582,7 +2660,7 @@ "\n" "Výchozí zakompilovaný formát metadat (pro akci luksFormat) je %s.\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2591,21 +2669,21 @@ "\n" "Podpora pro zásuvný modul externího tokenu LUKS2 je %s.\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "zakompilována" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Cesta k zásuvnému modulu externího tokenu LUKS2: %s.\n" # Support is %s -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "vypnuta" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2622,7 +2700,7 @@ "Výchozí PBKDF pro LUKS2: %s\n" "\tDoba iterací: %d, nutná paměť: %d kB, souběžná vlákna: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2637,96 +2715,96 @@ "\tplain: %s, Klíč: %d bitů, Haš hesla: %s\n" "\tLUKS: %s, Klíč: %d bitů, Haš hlavičky LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: V režimu XTS (dva vnitřní klíče) bude výchozí velikost klíče zdvojnásobena.\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: vyžaduje %s jako argumenty" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Pozice klíče není platná." -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "Velikost zařízení musí být násobkem 512bajtových sektorů." -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "Zadána neplatná maximální velikost horké zóny při přešifrování." -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "Velikost klíče musí být násobkem 8 bitů." -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "Maximální velikost zmenšení zařízení je 1 GiB." -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Velikost zmenšení musí být násobkem 512bajtových sektorů." -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Přepínač --priority smí mít pouze argument ignore, normal a prefer." -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "Zobrazí tuto nápovědu" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Zobrazí stručný návod na použití" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "Vypíše verzi balíku" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "Přepínače nápovědy:" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[PŘEPÍNAČ…] " -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "Chybí argument ." -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "Neznámá akce." -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Přepínač --key-file má přednost před zadaným argumentem souboru s klíčem." -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "Je dovolen pouze jeden argument přepínače --key-file." -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Funkce pro odvození klíče na základě hesla (PBKDF) smí být pouze pbkdf2 nebo argon2i/argon2id." -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Vynucené iterace PBKDF nelze kombinovat s volnou doby iterací." -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Přepínače --keyslot-cipher a --keyslot-key-size musí být použity spolu." -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Žádný úkon nebude proveden. Zavoláno s přepínačem --test-args.\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "Zamykání metadata nelze vypnout." @@ -2754,72 +2832,72 @@ msgid "Cannot write to root hash file %s." msgstr "Do souboru %s s kořenovým hašem nelze zapsat." -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "Zařízení %s není platným zařízením VERITY." -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "Soubor %s s kořenovým hašem nelze vytvořit." -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "Neplatný soubor %s s kořenovým hašem." -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "Zadán neplatný řetězec s kořenovým hašem." -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "Neplatné soubor s podpisem %s." -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "Soubor s podpisem %s nelze číst." -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "Příkaz vyžaduje argument nebo přepínač --root-hash-file." -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr " " -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "naformátuje zařízení" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr " []" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "ověří zařízení" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr " []" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "zobrazí stav aktivního zařízení" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "zobrazí údaje z disku" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2834,7 +2912,7 @@ " je zařízení obsahující ověřovací data\n" " haš kořenového uzlu na \n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2845,11 +2923,11 @@ "Výchozí zakompilované parametry dm-verity:\n" "\tHaš: %s, Datový blok (bajty): %u, Blok hašů (bajty): %u, Velikost soli: %u, Formát haše: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Přepínače --ignore-corruption a --restart-on-corruption nelze použít najednou." -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Přepínač --panic-on-corruption a --restart-on-corruption nelze použít najednou." @@ -3138,7 +3216,7 @@ msgid "Finished, time %s, %s, %s\n" msgstr "Dokončeno, čas %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "Odolnost hesla nelze prověřit: %s" @@ -3152,42 +3230,42 @@ "Kontrola odolnosti hesla selhala:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Kontrola odolnosti hesla selhala: Špatné heslo (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "Chyba při čtení hesla z terminálu." -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "Ověřte heslo: " -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "Hesla se neshodují." -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "Ve vstupu z terminálu nelze měnit polohu." -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "Zadejte heslo: " -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "Zadejte heslo pro %s: " -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "S tímto heslem není dostupný žádný klíč." -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "Nejsou dostupné žádné použitelné pozice s klíči." @@ -3261,41 +3339,51 @@ "To může vést k poškození dat, bylo-li zařízení ve skutečnosti aktivováno.\n" "Pro přešifrování za běhu použijte parametr --active-name.\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Zařízení %s není blokovým zařízením. Nelze určit, jestli je\n" +"aktivní, nebo ne. Pro obejití kontroly a spuštění v režimu offline\n" +"(nebezpečné!) použijte --force-offline-reencrypt." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Na současnou operaci přešifrování nelze použít požadovaný přepínač --resilience." + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "Zařízení není ve stavu přešifrování LUKS2. Neslučitelný přepínač --encrypt." -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "Zařízení není ve stavu dešifrování LUKS2. Neslučitelný přepínač --decrypt." -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "Zařízení je ve stavu přešifrování pomocí odolnosti posunu dat. Požadovaný přepínač --resilience nelze použít." -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "Na současnou operaci přešifrování nelze použít požadovaný přepínač --resilience." - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "Zařízení vyžaduje obnovu přešifrování. Spusťte nejprve opravu." -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Zařízení %s je již ve stavu přešifrování LUKS2. Přejete si dokončit dříve zahájenou operaci?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Zastaralé přešifrování LUKS2 již není podporováno." -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "Přešifrování zařízení s profilem integrity není podporováno." -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size % is incompatible with %s superblock\n" @@ -3304,98 +3392,103 @@ "Požadovaný --sector-size % není slučitelný se superblokem %s\n" "(velikost bloku % bajtů) nalezeném na zařízení %s." -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Přešifrování bez oddělené hlavičky (--header) není možné bez zmenšení velikosti datového zařízení (--reduce-device-size)." -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:525 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Požadovaný počátek dat musí být menší nebo roven polovině parametru --reduce-device-size" -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:535 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" msgstr "Upravuje se hodnota --reduce-device-size na dvojnásobek --offset % (v sektorech).\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Dočasný soubor s hlavičkou %s již existuje. Operace se ruší." -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "Dočasný soubor s hlavičkou %s nelze vytvořit." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Velikost metadat LUKS2 je větší než hodnota posunu dat." -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Umístění nové hlavičky na začátek zařízení %s selhalo." -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s je nyní aktivní a připraveno pro přešifrování za běhu.\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "Aktivní zařízení %s není LUKS2." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "Obnovuje se původní hlavička LUKS2." -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "Obnovení původní hlavičky LUKS2 selhalo." -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Soubor s hlavičkou %s neexistuje. Přejete si zahájit dešifrování LUKS2 zařízení %s a export hlavičku LUKS2 do souboru %s?" + +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "Přidání práv na čtení/zápis souboru s hlavičkou selhalo." -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Inicializace přešifrování selhala. Záloha hlavičky je dostupná v %s." -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:873 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Dešifrování LUKS2 je podporováno jen u zařízení s oddělenou hlavičkou (počátek dat na 0)." -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "Nedostatek pozic s klíči pro přešifrování." -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Soubor s klíčem lze použít jen s přepínačem --key-slot nebo s právě jednou aktivní pozicí klíče." -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Zadejte heslo pro pozici klíče %d: " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Zadejte heslo pro pozici klíče %u: " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Přepíná se algoritmus šifrování dat na %s.\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Žádné parametry oblasti s daty nebyly změněny. Přešifrování zrušeno." -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3404,7 +3497,7 @@ "podporováno. Nejprve zařízení aktivujte, nebo použijte přepínač\n" "--force-offline-reencrypt (nebezpečné!)." -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3413,58 +3506,58 @@ "\n" "Přešifrování přerušeno." -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Dokončuje se přešifrování LUKS ve vynuceném režimu offline.\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Zařízení %s obsahuje porušená metadata LUKS. Operace se ruší." -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Zařízení %s je již zařízením LUKS. Operace se ruší." -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Zařízení %s je již ve stavu přešifrování LUKS. Operace se ruší." -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "Dešifrování LUKS2 vyžaduje přepínač --header." -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "Příkaz vyžaduje jako argument zařízení." -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Neslučitelné verze. Zařízení %s je LUKS1." -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Neslučitelné verze. Zařízení %s je ve stavu přešifrování LUKS1." -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Neslučitelné verze. Zařízení %s je LUKS2." -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Neslučitelné verze. Zařízení %s je ve stavu přešifrování LUKS2." -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Přešifrování LUKS2 je již inicializováno. Operace se ruší." -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "Neprobíhá žádné přešifrování zařízení." @@ -3569,28 +3662,28 @@ msgid "Provided UUID is invalid." msgstr "Poskytnuté UUID není platné." -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "Nelze otevřít soubor s protokolem přešifrování." -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "Žádné dešifrování není rozpracované. Poskytnuté UUID lze použít jen k dokončení pozastaveného procesu dešifrování." -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Přešifrování změní: %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "klíč svazku" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr "nastaví haš na " -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr ", nastaví šifru na " @@ -3810,6 +3903,18 @@ msgid "Public key authentication error: " msgstr "Chyba při autentizaci veřejným klíčem: " +#~ msgid "WARNING: Data offset is outside of currently available data device.\n" +#~ msgstr "POZOR: Poloha dat je mimo nyní dostupné zařízení s daty.\n" + +#~ msgid "Cannot get process priority." +#~ msgstr "Nelze zjistit prioritu procesu." + +#~ msgid "Cannot unlock memory." +#~ msgstr "Paměť nelze odemknout." + +#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions." +#~ msgstr "Zamykací adresář %s/%s bude vytvořen s výchozími zakompilovanými právy." + #~ msgid "Failed to read BITLK signature from %s." #~ msgstr "Z %s nebylo možné načíst vzorec BITLK." @@ -4214,9 +4319,6 @@ #~ msgid "Sector size option is not supported for this command." #~ msgstr "Tento příkaz nepodporuje volbu velikosti sektoru." -#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions." -#~ msgstr "Přepínač --unbound lze použít pouze s akcemi luksAddKey nebo luksDump." - #~ msgid "Option --refresh may be used only with open action." #~ msgstr "Přepínač --refresh lze použít pouze s úkonem otevření." @@ -4397,9 +4499,6 @@ #~ msgid "Read new volume (master) key from file" #~ msgstr "Nový (hlavní) klíč svazku načte ze souboru" -#~ msgid "PBKDF2 iteration time for LUKS (in ms)" -#~ msgstr "Doba opakování PBKDF2 pro LUKS (v ms)" - #~ msgid "Use direct-io when accessing devices" #~ msgstr "K zařízením se bude přistupovat pomocí přímého I/O" diff -Nru cryptsetup-2.5.0/po/de.po cryptsetup-2.6.1/po/de.po --- cryptsetup-2.5.0/po/de.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/de.po 2023-02-09 16:12:17.000000000 +0000 @@ -1,14 +1,14 @@ # German translation for the cryptsetup package. # Copyright (C) 2010 Free Software Foundation, Inc. # This file is distributed under the same license as the cryptsetup package. -# Roland Illig , 2010-2022. +# Roland Illig , 2010-2023. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-07-16 11:29+0200\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-02 22:57+0100\n" "Last-Translator: Roland Illig \n" "Language-Team: German \n" "Language: de\n" @@ -17,69 +17,73 @@ "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -"X-Generator: Poedit 3.1.1\n" +"X-Generator: Poedit 3.2.2\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden, da das Programm nicht mit Root-Rechten läuft." -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden. Ist das Kernelmodul »dm_mod« geladen?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "Verlangter »deferred«-Schalter wird nicht unterstützt." -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID für Gerät »%s« wurde verkürzt." -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "Unbekannte Art des dm-Ziels." -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "Die verlangten dm-crypt-Performance-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Die verlangten dm-verity-Datenbeschädigungs-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "Die verlangte dm-verity-Tasklet-Option wird nicht unterstützt." + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "Die verlangten dm-verity-FEC-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "Die verlangten Datenintegritäts-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "Die verlangte sector_size-Option wird nicht unterstützt." -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Die verlangte automatische Berechnung der Integritätsangaben wird nicht unterstützt." -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "»Discard/TRIM« wird nicht unterstützt." -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Der verlangte Bitmap-Modus für dm-Integrität wird nicht unterstützt." -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "Fehler beim Abfragen des »dm-%s«-Segments." -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -87,16 +91,16 @@ "Das System hat keine Entropie mehr, um den Laufwerksschlüssel zu generieren.\n" "Bitte bewegen Sie die Maus oder tippen Sie etwas Text in ein anderes Fenster, um einige zufällige Ereignisse zu sammeln.\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Schlüssel wird generiert (%d %% erledigt).\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Laufe im FIPS-Modus." -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "Fataler Fehler während der Initialisierung des Zufallszahlengenerators." @@ -108,428 +112,438 @@ msgid "Error reading from RNG." msgstr "Fehler beim Einlesen vom Zufallszahlengenerator." -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "Fehler beim Initialisieren des Krypto-Zufallszahlengenerator-Backends." -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "Fehler beim Initialisieren des Krypto-Backends." -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Hash-Algorithmus »%s« wird nicht unterstützt." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Fehler beim Verarbeiten des Schlüssels (mit Hash-Algorithmus »%s«)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Geräte-Art kann nicht bestimmt werden. Inkompatible Aktivierung des Geräts?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "Diese Operation wird nur für LUKS-Geräte unterstützt." -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "Diese Operation wird nur für LUKS2-Geräte unterstützt." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "Alle Schlüsselfächer sind voll." -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie eins zwischen 0 und %d." -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Schlüsselfach %d ist voll, bitte wählen Sie ein anderes." -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "Gerätegröße ist nicht an logischer Sektorgröße ausgerichtet." -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "Header gefunden, aber Gerät »%s« ist zu klein." -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "Diese Operation wird für diese Geräteart nicht unterstützt." -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "Ungültige Operation, während die Wiederverschlüsselung läuft." -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "Fehler beim Rückabwickeln der LUKS2-Metadaten im Speicher." + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Gerät »%s« ist kein gültiges LUKS-Gerät." -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Nicht unterstützte LUKS-Version %d." -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "Gerät »%s« ist nicht aktiv." -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Zugrundeliegendes Gerät für das Kryptogerät »%s« ist verschwunden." -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "Ungültige Parameter für Plain-Verschlüsselung." -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "Ungültige Schlüsselgröße." -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "UUID wird für diese Verschlüsselungsart nicht unterstützt." -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "Gerät für separierte Metadaten wird für diese Verschlüsselungsart nicht unterstützt." -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "Nicht unterstützte Sektorengröße für Verschlüsselung." -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "Gerätegröße ist nicht an verlangter Sektorgröße ausgerichtet." -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "Ohne Gerät kann LUKS nicht formatiert werden." -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "Die angeforderte Datenausrichtung ist nicht mit dem Datenoffset kompatibel." -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "WARNING: Der Datenoffset ist außerhalb des derzeit verfügbaren Datengeräts.\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 #, c-format msgid "Cannot wipe header on device %s." msgstr "Fehler beim Auslöschen des Headers auf Gerät »%s«." -#: lib/setup.c:1774 +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Gerät %s ist zu klein für die Aktivierung, es ist kein Platz mehr für Daten vorhanden.\n" + +#: lib/setup.c:1840 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "WARNUNG: Die Geräteaktivierung wird fehlschlagen, dm-crypt fehlt die Unterstützung für die angeforderte Verschlüsselungsgröße.\n" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Laufwerksschlüssel ist zu klein für die Verschlüsselung mit Integritätserweiterungen." -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Verschlüsselung »%s-%s« (Schlüsselgröße %zd Bits) ist nicht verfügbar." -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "Warnung: Größe der LUKS2-Metadaten wurde auf % geändert.\n" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "Warnung: Größe des LUKS2-Schlüsselfachbereichs wurde auf % Bytes geändert.\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "Gerät »%s« ist zu klein." -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "Gerät »%s« kann nicht formatiert werden, da es gerade benutzt wird." -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Gerät »%s« kann nicht formatiert werden, Zugriff verweigert." -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "Fehler beim Formatieren der Integrität auf Gerät »%s«." -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "Gerät »%s« kann nicht formatiert werden." -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "Ohne Gerät kann LOOPAES nicht formatiert werden." -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "Ohne Gerät kann VERITY nicht formatiert werden." -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Nicht unterstützte VERITY-Hash-Art %d." -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Nicht unterstützte VERITY-Blockgröße." -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Nicht unterstützter VERITY-Hash-Offset." -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "Nicht unterstützter VERITY-FEC-Offset." -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "Datenbereich und Hashbereich überlappen sich." -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "Hashbereich und FEC-Bereich überlappen sich." -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "Datenbereich und FEC-Bereich überlappen sich." -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "WARNUNG: Angeforderte Taggröße mit %d Bytes unterscheidet sich von der Ausgabe der Größe %s (%d Bytes).\n" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Unbekannte Art des Verschlüsselungsgeräts »%s« verlangt." -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "Nicht unterstützte Parameter für Gerät %s." -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "Parameter für Gerät %s sind durcheinander." -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "Verschlüsselungsgeräte passen nicht zusammen." -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "Gerät »%s« konnte nicht neugeladen werden." -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "Gerät »%s« konnte nicht stillgelegt werden." -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "Gerät »%s« konnte nicht fortgesetzt werden." -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Schwerwiegender Fehler beim Neuladen von Gerät »%s« (über Gerät »%s«)." -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Gerät »%s« konnte nicht auf dm-error umgeschaltet werden." -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "Fehler beim Ändern der Größe des Loopback-Geräts." -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "WARNUNG: Die maximale Größe ist bereits eingestellt oder der Kernel unterstützt die Größenänderung nicht.\n" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "Fehler bei Größenänderung, der Kernel unterstützt sie nicht." -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "Wollen Sie wirklich die UUID des Geräts ändern?" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "Header-Backupdatei enthält keinen kompatiblen LUKS-Header." -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "Laufwerk »%s« ist nicht aktiv." -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "Laufwerk »%s« ist bereits im Ruhezustand." -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "Das Gerät »%s« unterstützt keinen Ruhezustand." -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "Das Gerät »%s« kann nicht in den Ruhezustand versetzt werden." -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "Das Gerät »%s« kann nicht aus dem Ruhezustand aufgeweckt werden." -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "Fehler beim Aufwecken von Gerät »%s« aus dem Ruhezustand." -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "Laufwerk »%s« ist nicht im Ruhezustand." -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "Der Laufwerksschlüssel passt nicht zum Laufwerk." -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "Schlüsselfach kann nicht hinzugefügt werden, da alle Fächer deaktiviert sind und kein Laufwerksschlüssel angegeben wurde." - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "Neues Schlüsselfach konnte nicht ausgewechselt werden." -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "Schlüsselfach %d ist ungültig." -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "Schlüsselfach %d ist nicht aktiv." -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "Geräteheader und Datenbereich überlappen sich." -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "Wiederverschlüsselung läuft bereits. Das Gerät kann nicht aktiviert werden." -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "Fehler beim Zugriff auf die Sperre zur Wiederverschlüsselung." -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "Fehler beim Wiederherstellen der LUKS2-Wiederverschlüsselung." -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "Geräteart ist nicht richtig initialisiert." -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "Das Gerät »%s« existiert bereits." -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Gerät »%s« kann nicht verwendet werden, da es gerade benutzt wird oder der Name ungültig ist." -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "Falscher Laufwerksschlüssel für Plain-Gerät angegeben." -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "Falscher Root-Hash-Schlüssel für VERITY-Gerät angegeben." -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "Signatur des Stammhashes erforderlich." -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Der Kernel-Schlüsselbund fehlt. Wird benötigt, um die Signatur zum Kernel zu übergeben." -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "Fehler beim Laden des Schlüssels im Kernel-Schlüsselbund." -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Fehler beim Abbrechen des verzögerten Löschens von Gerät »%s«." -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Gerät »%s« wird gerade benutzt." -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "Ungültiges Gerät »%s«." -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "Laufwerks-Schlüsselpuffer zu klein." -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für LUKS2-Gerät." + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für LUKS1-Gerät." + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für Plain-Gerät." @@ -537,147 +551,151 @@ msgid "Cannot retrieve root hash for verity device." msgstr "Root-Hash für Verity-Gerät kann nicht ermittelt werden." -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für BITLK-Gerät." + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für FVAULT2-Gerät." + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Diese Operation wird für Kryptogerät »%s« nicht unterstützt." -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "Die Dump-Operation wird für diese Geräteart nicht unterstützt." -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Datenoffset ist kein Vielfaches von %u Bytes." -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Gerät »%s« kann nicht konvertiert werden, da es gerade benutzt wird." -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Schlüsselfach %u konnte nicht dem Laufwerksschlüssel zugeordnet werden." -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Fehler beim Initialisieren der LUKS2-Schlüsselfach-Parameter." -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Schlüsselfach %d konnte nicht dem Digest zugeordnet werden." -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Schlüsselfach kann nicht hinzugefügt werden, da alle Fächer deaktiviert sind und kein Laufwerksschlüssel angegeben wurde." + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "Der Kernel-Schlüsselbund wird vom Kernel nicht unterstützt." -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Fehler beim Lesen der Passphrase vom Schlüsselbund (Fehler %d)." -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Globale Speicherzugriffsserialisierungssperre konnte nicht angefordert werden." -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "Fehler beim Ermitteln der Prozesspriorität." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "Fehler beim Entsperren des Speichers." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "Fehler beim Öffnen der Schlüsseldatei." -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "Fehler beim Einlesen der Schlüsseldatei »%s« vom Terminal." -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "Fehler beim Öffnen der Schlüsseldatei." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "Fehler beim Zugriff auf die Schlüsseldatei." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "Zu wenig Speicher zum Einlesen der Passphrase." -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "Fehler beim Einlesen der Passphrase." -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "Nichts zu lesen in der Eingabe." -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "Größenbegrenzung für die Schlüsseldatei überschritten." -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "Die gewünschte Menge an Daten kann nicht eingelesen werden." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "Gerät »%s« existiert nicht oder Zugriff verweigert." -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "Gerät »%s« ist nicht kompatibel." -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Merkwürdige Optimale-Datenübertragungs-Größe für Datengerät (%u Bytes) wird ignoriert." -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "Gerät »%s« ist zu klein. Mindestens % Bytes erforderlich." -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Gerät »%s« kann nicht benutzt werden, da es bereits anderweitig benutzt wird." -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Gerät »%s« kann nicht verwendet werden, Zugriff verweigert." -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "Fehler beim Abrufen der Infos über Gerät »%s«." -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "Das Loopback-Gerät kann nicht benutzt werden, da das Programm nicht mit Root-Rechten läuft." -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Anklemmen des Loopback-Geräts fehlgeschlagen (das Loopback-Gerät benötigt den »autoclear«-Schalter)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Der angeforderte Offset ist jenseits der wirklichen Größe des Geräts »%s«." -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "Gerät »%s« hat die Größe 0." @@ -731,30 +749,25 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "Im FIPS-Modus wird ausschließlich PBKDF2 unterstützt." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "PBKDF-Benchmark deaktiviert, aber Anzahl der Iterationen nicht angegeben." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Inkompatible PBKDF2-Optionen (mit Hash-Algorithmus »%s«)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "Inkompatible PBKDF2-Optionen." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (kein Verzeichnis oder existiert nicht)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "Das Verzeichnis %s/%s, das die Dateisperren enthält, wird mit den vorgegebenen, fest einprogrammierten Berechtigungen erzeugt." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (%s ist kein Verzeichnis)." @@ -787,9 +800,9 @@ msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "Verschlüsselungsverfahren sollte im Format [Verfahren]-[Modus]-[IV] sein." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Fehler beim Schreiben auf Gerät »%s«, Zugriff verweigert." @@ -802,23 +815,24 @@ msgid "Failed to access temporary keystore device." msgstr "Fehler beim Zugriff auf das temporäre Schlüsselspeichergerät." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "E/A-Fehler beim Verschlüsseln des Schlüsselfachs." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Fehler beim Öffnen des Geräts »%s«." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "E/A-Fehler beim Entschlüsseln des Schlüsselfachs." @@ -834,54 +848,54 @@ msgid "LUKS keyslot %u is invalid." msgstr "LUKS-Schlüsselfach %u ist ungültig." -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "Angeforderte Header-Backupdatei »%s« existiert bereits." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "Fehler beim Anlegen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "Fehler beim Speichern der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "Backupdatei enthält keinen gültigen LUKS-Header." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "Fehler beim Öffnen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "Fehler beim Einlesen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "Unterschiedlicher Offset oder Schlüsselgröße zwischen Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "Gerät »%s« %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "enthält keinen LUKS-Header. Das Ersetzen des Headers kann Daten auf dem Gerät zerstören." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "enthält bereits einen LUKS-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -889,128 +903,132 @@ "\n" "WARNUNG: Der Header des echten Geräts hat eine andere UUID als das Backup!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "Ungewöhnliche Schlüsselgröße, manuelles Reparieren erforderlich." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "Ungewöhnliche Ausrichtung der Schlüsselfächer, manuelles Reparieren erforderlich." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Verschlüsselungsmodus repariert (%s -> %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Chiffre-Hash in Kleinbuchstaben umgewandelt (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "Verlangter LUKS-Hash »%s« wird nicht unterstützt." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Schlüsselfächer werden repariert." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Schlüsselfach %i: Offset repariert (%u -> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Schlüsselfach %i: Streifen repariert (%u -> %u)." # XXX -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Schlüsselfach %i: schwindlerische Partitions-Signatur." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Schlüsselfach %i: Salt gelöscht." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "LUKS-Header wird auf den Datenträger geschrieben." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "Fehler beim Reparieren." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "LUKS-Verschlüsselungsmodus %s ist ungültig." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "LUKS-Hash %s ist ungültig." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "Keine bekannten Probleme im LUKS-Header erkannt." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Fehler beim Aktualisieren des LUKS-Headers auf Gerät »%s«." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Fehler beim Neueinlesen des LUKS-Headers nach dem Aktualisieren auf Gerät »%s«." -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Daten-Offset für LUKS-Header muss entweder 0 sein oder mehr als die Headergröße." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "Falsches LUKS-UUID-Format angegeben." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "LUKS-Header kann nicht angelegt werden: Fehler beim Einlesen des zufälligen Salts." # XXX -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "LUKS-Header kann nicht angelegt werden: Fehler beim Hashen des Headers (mit Hash-Algorithmus »%s«)." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "Schlüsselfach %d aktiv, löschen Sie es erst." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Material für Schlüsselfach %d enthält zu wenige Streifen. Manipulation des Headers?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Überlauf im Iterationswert von PBKDF2." + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Schlüsselfach kann nicht geöffnet werden (mit Hash-Algorithmus »%s«)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie ein Schlüsselfach zwischen 0 und %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Gerät »%s« kann nicht ausgelöscht werden." @@ -1031,177 +1049,187 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "Kernel unterstützt Loop-AES-kompatibles Mapping nicht." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«." -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Maximale Länge der TCRYPT-Passphrase (%zu) überschritten." -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Der Hash-Algorithmus »%s« für PBKDF2 wird nicht unterstützt, überspringe diesen Teil." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "Die benötigte Crypto-Kernel-Schnittstelle ist nicht verfügbar." -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Stellen Sie sicher, dass das Kernelmodul »algif_skcipher« geladen ist." -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Aktivierung wird für die Sektorengröße %d nicht unterstützt." -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Der Kernel unterstützt die Aktivierung für diesen TCRYPT-Legacymodus nicht." -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "TCRYPT-Systemverschlüsselung für Partition »%s« wird aktiviert." -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Kernel unterstützt TCRYPT-kompatibles Mapping nicht." -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "Diese Funktionalität braucht einen geladenen TCRYPT-Header." -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Parsen des unterstützten Volume Master Keys gefunden." -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "Ungültige Zeichenkette beim Parsen des Volume Master Key gefunden." -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Unerwartete Zeichenkette »%s« beim Parsen des Volume Master Key gefunden." -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "Unerwarteter Metadaten-Eintrag %u beim Einlesen des unterstützten Volume Master Key gefunden." -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "BITLK Version 1 wird derzeit nicht unterstützt." -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Ungültige oder unbekannte Bootsignatur für BITLK-Gerät." -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %." msgstr "Nicht unterstützte Sektorengröße %." -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Fehler beim Lesen des BITLK-Headers von »%s«." -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Fehler beim Schreiben der BITLK-FVE-Metadaten von »%s«." -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Unbekannte oder nicht unterstützte Verschlüsselungsart." -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Fehler beim Lesen der BITLK-Metadaten von »%s«." -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "Fehler beim Konvertieren der BITLK-Volumenbeschreibung" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Parsen des externen Schlüssels gefunden." -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "Die GUID der BEK-Datei »%s« stimmt nicht mit der GUID des Laufwerks überein." -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Unerwarteter Metadaten-Eintrag »%u« beim Einlesen des externen Schlüssels gefunden." -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %" msgstr "Nicht unterstützte BEK-Metadatenversion %" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "Unerwartete BEK-Metadatengröße % stimmt nicht mit BEK-Dateilänge überein" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Einlesen des Startschlüssels gefunden." -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "Diese Operation wird nicht unterstützt." -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "Unerwartete Größe des Datenschlüssels." -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Dieses BITLK-Gerät ist in einem nicht unterstützten Zustand und kann daher nicht aktiviert werden." -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "BITLK-Geräte der Art »%s« können nicht aktiviert werden." -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Aktivieren eines teilweise entschlüsselten BITLK-Geräts wird nicht unterstützt." -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "WARNING: BitLocker volume size % does not match the underlying device size %" msgstr "WARNUNG: BitLocker-Datenträgergröße % stimmt nicht mit der zugrunde liegenden Gerätegröße % überein" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Gerät kann nicht aktiviert werden, dem Kernelmodul dm-crypt fehlt die Unterstützung für BITLK-IV." -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Gerät kann nicht aktiviert werden, da dem Kernelmodul dm-crypt die Unterstützung für BITLK-Elephant-Verschleierer fehlt." -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Gerät kann nicht aktiviert werden, dem Kernelmodul dm-crypt fehlt die Unterstützung für große Sektoren." -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Gerät kann nicht aktiviert werden, das Kernelmodul dm-crypt existiert nicht." +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Fehler beim Einlesen von %u Bytes aus dem Laufwerks-Kopfbereich." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "Nicht unterstützte VFAULT2-Version %." + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1353,17 +1381,17 @@ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Der Kernel weigert sich, die unsichere Neuberechnungs-Option zu aktivieren. Um dies zu übersteuern, können Sie die veralteten Aktivierungsoptionen nutzen." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Fehler beim exklusiven Schreibzugriff auf Gerät »%s«." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Es wurde ein Versuch erkannt, die LUKS2-Metadaten nebenläufig zu ändern. Die Operation wird abgebrochen." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1371,49 +1399,49 @@ "Gerät enthält mehrdeutige Signaturen, LUKS2 kann nicht automatisch wiederhergestellt werden.\n" "Bitte führen Sie \"cryptsetup repair\" zur Wiederherstellung aus." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "Verlangter Daten-Offset ist zu klein." -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "WARNING: Der Schlüsselfach-Bereich (% Bytes) ist sehr klein, die LUKS2-Schlüsselfachanzahl ist sehr begrenzt.\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Fehler beim Zugriff auf die Lesesperre für das Gerät »%s«." -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Verbotene LUKS2-Anforderungen in Backup »%s« entdeckt." -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "Unterschiedliche Datenoffsets auf Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Unterschiedliche Größe der Binärheader mit Schlüsselfach-Bereichen zwischen Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "Gerät »%s« %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "enthält keinen LUKS2-Header. Das Ersetzen des Headers kann Daten auf dem Gerät zerstören." -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "enthält bereits einen LUKS2-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören." -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1423,7 +1451,7 @@ "WARNUNG: Unbekannte LUKS2-Anforderungen im echten Geräteheader entdeckt!\n" "Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen!" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1433,50 +1461,50 @@ "WARNUNG: Unvollendete Offline-Wiederverschlüsselung auf dem Gerät entdeckt!\n" "Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen." -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "Unbekannter Schalter »%s« wird ignoriert." -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Fehlender Schlüssel für dm-crypt-Segment %u" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "Fehler beim Festlegen des »dm-crypt«-Segments." -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "Fehler beim Festlegen des »dm-linear«-Segments." -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "Nicht unterstützte Konfiguration für Geräteintegrität." -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Wiederverschlüsselung läuft gerade. Das Gerät kann nicht deaktiviert werden." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Das stillgelegte Gerät »%s« mit dm-error-Ziel konnte nicht in den Fehlerzustand gesetzt werden." -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "Fehler beim Lesen der LUKS2-Anforderungen." -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "Unerfüllte LUKS2-Anforderungen entdeckt." -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für Altlasten-Wiederverschlüsselung markiert ist. Wird abgebrochen." -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für LUKS2-Wiederverschlüsselung markiert ist. Wird abgebrochen." @@ -1488,20 +1516,21 @@ msgid "Keyslot open failed." msgstr "Fehler beim Öffnen des Schlüsselfachs." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Der Algorithmus %s-%s kann nicht für Schlüsselfach-Verschlüsselung verwendet werden." -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "Nicht genug Speicherplatz für neues Schlüsselfach." - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "Der Hash-Algorithmus »%s« ist nicht verfügbar." +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "Nicht genug Speicherplatz für neues Schlüsselfach." + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "Ungültige Änderung des Modus für die robuste Wiederverschlüsselung angefordert." @@ -1524,7 +1553,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Fehler beim Konvertieren des Headers mit zusätzlichen LUKSMETA-Metadaten." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Die Chiffrierspezifikation %s-%s kann für LUKS2 nicht verwendet werden." @@ -1582,240 +1611,244 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u ist nicht zu LUKS1 kompatibel." -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Die Größe der Hotzone muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Gerätegröße muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein." -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher alter Segmente." -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher neuer Segmente." -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "Fehler beim Initialisieren des Hotzone-Schutzes." -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "Fehler beim Lesen der Prüfsummen für die aktuelle Hotzone." -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Fehler beim Lesen des Hotzone-Bereichs, der bei % beginnt." -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Fehler beim Entschlüsseln von Sektor %zu." -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "Fehler beim Wiederherstellen von Sektor %zu." -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Die Größe der Quell- und Zielgeräte stimmt nicht überein. Quelle %, Ziel: %." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Fehler beim Aktivieren des Hotzone-Geräts »%s«." -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Fehler beim Aktivieren des Überlagerungsgeräts »%s« mit der tatsächlichen Ursprungstabelle." -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Fehler beim Laden der neuen Zuordnung für Gerät »%s«." -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "Fehler beim Auffrischen des Gerätestapels für Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "Fehler beim Festlegen der neuen Bereichsgröße für Schlüsselfächer." -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "Datenverschiebung ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (% Bytes) ausgerichtet." -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Nicht unterstützter Modus »%s« für Widerstandsfähigkeit" -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "Die Größe des verschobenen Segments kann nicht größer als der Wert der Datenverschiebung sein." -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "Ungültige Parameter für die robuste Wiederverschlüsselung." + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %, available space for: %." msgstr "Das verschobene Segment ist zu groß. Angeforderte Größe %, verfügbarer Platz %." -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "Fehler beim Leeren der Tabelle." -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "Die reduzierte Datengröße ist größer als die tatsächliche Gerätegröße." -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "Datengerät ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (% Bytes) ausgerichtet." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Datenverschiebung (% Sektoren) ist weniger als der zukünftige Datenoffset (% Sektoren)." -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Fehler beim exklusiven Öffnen von »%s« (wird bereits anderweitig benutzt)." -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "Das Gerät ist nicht für LUKS2-Wiederverschlüsselung markiert." -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "Fehler beim Laden des LUKS2-Wiederverschlüsselungs-Kontextes." -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "Fehler beim Einlesen des Wiederverschlüsselungs-Zustands." -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "Das Gerät befindet sich nicht in der Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "Der Wiederverschlüsselungs-Vorgang läuft bereits." -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "Fehler beim Zugriff auf die Schreibsperre für die Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Führen Sie zuerst die Wiederverschlüsselungs-Wiederherstellung durch." -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "Aktive Gerätegröße und angeforderte Wiederverschlüsselungsgröße passen nicht zusammen." -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "Ungültige Gerätegröße wurde in den Wiederverschlüsselungsparametern angefordert." -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Wiederverschlüsselung läuft bereits. Wiederherstellung ist nicht möglich." -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "LUKS2-Wiederverschlüsselung ist in den Metadaten bereits initialisiert." -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "LUKS2-Wiederverschlüsselung konnte in den Metadaten nicht initialisiert werden." -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Fehler beim Festlegen der Gerätesegmente für die nächste Wiederverschlüsselungs-Hotzone." -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "Fehler beim Schreiben der Metadaten für robuste Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "Fehler beim Entschlüsseln." -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Fehler beim Schreiben des Hotzone-Bereichs, der bei % beginnt." -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "Fehler beim Synchronisieren von Daten." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Fehler beim Aktualisieren der Metadaten, nachdem die aktuelle Wiederverschlüsselungs-Hotzone beendet wurde." -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "Fehler beim Schreiben der LUKS2-Metadaten." -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "Fehler beim gründlichen Löschen des ungenutzten Bereichs auf dem Gerät." -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Fehler beim Entfernen des ungenutzten (ungebundenen) Schlüsselfachs %d." -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "Fehler beim Entfernen des Schlüsselfachs zur Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Schwerwiegender Fehler beim Wiederverschlüsseln des Blocks bei %, % Sektoren lang." -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "Fehler bei Online-Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "Das Gerät nicht fortsetzen, außer es wird manuell durch das Fehlerziel ersetzt." -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Unerwarteter Zustand der Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "Fehlender oder ungültiger Wiederverschlüsselungs-Kontext." -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "Fehler beim Initialisieren des Gerätestapels für Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "Fehler beim Aktualisieren des Wiederverschlüsselungskontexts." -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "Die Metadaten für die Wiederverschlüsselung sind ungültig." @@ -1823,18 +1856,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Verschlüsselungsparameter für Schlüsselfach wird nur für LUKS2-Geräte unterstützt." -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "Geben Sie die PIN des Tokens ein:" +msgid "Enter token PIN: " +msgstr "Geben Sie die PIN des Tokens ein: " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "Geben Sie die PIN des Tokens %d ein:" +msgid "Enter token %d PIN: " +msgstr "Geben Sie die PIN des Tokens %d ein: " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Kein bekanntes Verschlüsselungsmuster entdeckt." @@ -1852,10 +1885,10 @@ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Gerätesignaturen auf »%s« erkannt. Wenn Sie fortfahren, könnte das bestehende Daten beschädigen." -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "Vorgang abgebrochen.\n" @@ -1904,7 +1937,7 @@ "daher ausschließlich an einem sicheren Ort und verschlüsselt\n" "aufbewahrt werden." -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1916,56 +1949,65 @@ "daher ausschließlich an einem sicheren Ort und verschlüsselt\n" "aufbewahrt werden." -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Gerät »%s« ist kein gültiges FVAULT2-Gerät." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Die Größe des Laufwerksschlüssels für FVAULT2 kann nicht ermittelt werden, bitte nutzen Sie die Option »--key-size«." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Gerät »%s« ist noch aktiv und zum verzögerten Entfernen eingeplant.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Um die Größe von aktiven Geräten zu öndern, muss der Laufwerksschlüssel im Schlüsselbund sein, aber die Option --disable-keyring wurde angegeben." -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "Benchmark unterbrochen." -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s (nicht zutreffend)\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u Iterationen pro Sekunde für %zu-Bit-Schlüssel\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s (nicht zutreffend)\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u Iterationen, %5u Speicher, %1u parallele Threads (CPUs) für %zu-Bit-Schlüssel (Zieldauer %u Millisekunden)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "Das Ergebnis des Benchmarks ist nicht zuverlässig." -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Die Tests sind nur annähernd genau, da sie nicht auf den Datenträger zugreifen.\n" # upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption". # To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators. #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Verschlüsselung »%s« (mit Schlüsselgröße %i Bits) ist nicht verfügbar." @@ -1973,15 +2015,15 @@ # upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption". # To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators. #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "N/A" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -1989,27 +2031,27 @@ "Ungeschützte LUKS2-Metadaten für die Wiederverschlüsselung entdeckt. Bitte überprüfen Sie, ob die Wiederverschlüsselungsoperation erwünscht ist (siehe luksDump-Ausgabe)\n" "und fahren Sie nur fort (Upgrade der Metadaten), wenn Sie den Vorgang als echt anerkennen." -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Geben Sie die Passphrase für den Schutz und das Aktualisieren der Metadaten für die Wiederverschlüsselung ein: " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Wirklich mit der Wiederherstellung der LUKS2-Wiederverschlüsselung fortfahren?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Geben Sie die Passphrase für das Prüfen der Metadaten für die Wiederverschlüsselung ein: " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "Geben Sie die Passphrase für die Wiederherstellung der Wiederverschlüsselung ein: " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "Wirklich versuchen, den LUKS-Geräteheader wiederherzustellen?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2017,7 +2059,7 @@ "\n" "Gründlich löschen unterbrochen." -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2026,119 +2068,128 @@ "Sie können diesen Vorgang mit Strg+C unterbrechen (der nicht gesäuberte Bereich des Geräts wird dann ungültige Prüfsummen haben).\n" # upstream: it is boring that I have to translate the newline at the end of each of these messages. Translating strings without newlines is much easier and faster. Since it is redundant anyway (all calls to log_err have a trailing newline), this newline should be written implicitly. -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Fehler beim Deaktivieren des temporären Geräts »%s«." -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "Die Integritätsoption kann nur für das LUKS2-Format verwendet werden." -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "Nicht unterstützte Optionen für Größe der LUKS-Metadaten." -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "Die Headerdatei existiert nicht, soll sie angelegt werden?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "Fehler beim Anlegen der Headerdatei »%s«." -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Kein bekanntes Integritätsspezifikationsmuster entdeckt." -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Das Gerät »%s« kann nicht als Datenträger-Header benutzt werden." -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Hiermit werden die Daten auf »%s« unwiderruflich überschrieben." -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Fehler beim Festlegen der PBKDF-Parameter." -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Verringerter Datenoffset ist nur für separaten LUKS-Header erlaubt." -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "LUKS-Datei-Container %s ist zu klein für die Aktivierung, es ist kein Platz mehr für Daten vorhanden." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Die Größe des Laufwerksschlüssels erfordert Schlüsselfächer, bitte nutzen Sie dazu die Option »--key-size«." -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "Gerät aktiviert, aber die Schalter können nicht dauerhaft gespeichert werden." -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Schlüsselfach %d zum Löschen ausgewählt." -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Dies ist das letzte Schlüsselfach. Wenn Sie diesen Schlüssel löschen, wird das Gerät unbrauchbar." -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "Geben Sie irgendeine verbleibende Passphrase ein: " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Vorgang abgebrochen, das Schlüsselfach wurde NICHT gesäubert.\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "Geben Sie die zu löschende Passphrase ein: " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Gerät »%s« ist kein gültiges LUKS2-Gerät." -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "Geben Sie die neue Passphrase für das Schlüsselfach ein: " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "WARNUNG: Der Parameter --key-slot wird für die neue Nummer des Schlüsselfachs verwendet.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Geben Sie irgendeine bestehende Passphrase ein: " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "Geben Sie die zu ändernde Passphrase ein: " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Geben Sie die neue Passphrase ein: " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "Geben Sie die Passphrase für das umzuwandelnde Schlüsselfach ein: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "Die Operation »isLuks« unterstützt nur genau ein Geräte-Argument." -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Schlüsselfach %d enthält keinen unverbundenen Schlüssel." -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2147,40 +2198,40 @@ "Dieser Dump sollte daher ausschließlich an einem sicheren Ort und\n" "verschlüsselt aufbewahrt werden." -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "%s ist kein aktives %s-Gerät." -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s ist kein aktives LUKS-Gerät, oder der Header fehlt." -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "Option »--header-backup-file« muss angegeben werden." -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s ist kein von cryptsetup verwaltetes Gerät." -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Die Geräteart »%s« kann nicht aufgefrischt werden" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Unbekannte Art »%s« des Metadaten-Geräts." -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "Dieser Befehl benötigt den Gerätenamen und den zugeordneten Namen als Argumente." -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2189,325 +2240,351 @@ "Diese Operation wird alle Schlüsselfächer auf Gerät »%s« löschen.\n" "Dadurch wird das Gerät unbrauchbar." -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Vorgang abgebrochen, die Schlüsselfächer wurden NICHT gesäubert.\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Invalid LUKS type, only luks1 and luks2 are supported." -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "Das Gerät hat bereits den Typ »%s«." -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Diese Operation wird für »%s« ins Format »%s« umwandeln.\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "Vorgang abgebrochen, das Gerät wurde NICHT konvertiert.\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "Die Option --priority, --label oder --subsystem fehlt." -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "Token %d ist ungültig." -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "Token %d ist in Benutzung." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Fehler beim Hinzufügen des LUKS2-Schlüsselring-Tokens %d." -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Token %d kann nicht dem Schlüsselfach %d zugeordnet werden." -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "Token %d wird gerade nicht verwendet." -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "Token konnte nicht aus der Datei importiert werden." -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "Auf Token %d kann nicht für den Export zugegriffen werden." -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Token %d ist nicht dem Schlüsselfach %d zugeordnet." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "Token %d kann nicht vom Schlüsselfach %d losgelöst werden." + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Die Optionen --tcrypt-hidden, --tcrypt-system und --tcrypt-backup sind nur zusammen mit einem TCRYPT-Gerät erlaubt." -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Die Optionen --veracrypt und --disable-veracrypt werden nur für TCRYPT-kompatible Geräte unterstützt." -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Die Option --veracrypt-pim wird nur für VeraCrypt-kompatible Geräte unterstützt." -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Die Option --veracrypt-query-pim wird nur für VeraCrypt-kompatible Geräte unterstützt." -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Die Optionen --veracrypt-pim und --veracrypt-query-pim schließen sich gegenseitig aus." -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Die Option --persistent ist nicht mit --test-passphrase kombinierbar." -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Die Optionen --refresh und --test-passphrase schließen sich gegenseitig aus." -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "Die Option --shared ist nur beim beim »open«-Befehl eines Plain-Gerätes erlaubt." -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Die Option --skip ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt." -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Die Option --offset mit der Aktion Öffnen wird nur für einfache und loopaes-Geräte unterstützt." -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Die Option --tcrypt-hidden kann nicht mit --allow-discards kombiniert werden." -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "Die Option \"Sektorgröße\" mit der Aktion \"Öffnen\" wird nur für einfache Geräte unterstützt." -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Die Option für große IV-Sektoren wird nur unterstützt, wenn das geöffnete Gerät Sektoren größer als 512 Bytes hat." -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Die Option --test-passphrase ist nur beim Öffnen von LUKS, TCRYPT- und BITLK-Geräten erlaubt." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "Die Option --test-passphrase ist nur beim Öffnen von LUKS-, TCRYPT-, BITLK- und FVAULT2-Geräten erlaubt." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "Die Optionen --device-size und --size können nicht kombiniert werden." -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "Die Option »--unbound« ist nur beim »open«-Befehl eines LUKS-Gerätes erlaubt." -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Die Option »--unbound« kann nur in Kombination mit »--test-passphrase« verwendet werden." -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Die Optionen --cancel-deferred und --deferred können nicht kombiniert werden." -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "Die Optionen --reduce-device-size und --data-size können nicht kombiniert werden." -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Die Option »--active-name« ist nur auf LUKS2-Geräte anwendbar." -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Die Optionen »--active-name« und »--force-offline-reencrypt« können nicht kombiniert werden." -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "Das Schlüsselfach muss angegeben werden." -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "Die Optionen --align-payload und --offset können nicht kombiniert werden." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Die Option --integrity-no-wipe ist nur für die »format«-Aktion mit Integritätserweiterung erlaubt." -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "Nur eine der Optionen --use-[u]random ist erlaubt." -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "Die Option »--unbound« erfordert die Schlüsselgröße." -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "Ungültige Token-Aktion." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "Der Parameter --key-description ist Pflicht für die Aktion »token add«." -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "Die Aktion erfordert ein bestimmtes Token. Verwenden Sie den Parameter --token-id." -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "Die Option »--unbound« kann nur zusammen mit der Aktion zum Hinzufügen eines Tokens verwendet werden." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Die Optionen --key-slot und --unbound können nicht kombiniert werden." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "Die Aktion erfordert ein bestimmtes Schlüsselfach. Verwenden Sie den Parameter --key-slot." + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr " [--type ] []" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "Gerät als öffnen" -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "Gerät schließen (Zuordnung entfernen)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "Größe des aktiven Geräts ändern" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "Gerätestatus anzeigen" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "[--cipher ]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "Verschlüsselungsalgorithmus benchmarken" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "Versuchen, die Metadaten auf dem Datenträger zu reparieren" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "LUKS2-Gerät wiederverschlüsseln" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "Alle Schlüsselfächer löschen (Verschlüsselungsschlüssel entfernen)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "Zwischen den Formaten LUKS und LUKS2 umwandeln" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "Permanente Konfigurationsoptionen für LUKS2 festlegen" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr " []" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "Ein LUKS-Gerät formatieren" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "Schlüssel zu LUKS-Gerät hinzufügen" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr " []" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "Entfernt bereitgestellten Schlüssel oder Schlüsseldatei vom LUKS-Gerät" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "Ändert den angegebenen Schlüssel oder die Schlüsseldatei des LUKS-Geräts" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "Wandelt einen Schlüssel in neue PBKDF-Parameter um" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr " " -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "Löscht Schlüssel mit Nummer vom LUKS-Gerät" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "UUID des LUKS-Geräts ausgeben" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "Testet auf Header einer LUKS-Partition" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "LUKS-Partitionsinformationen ausgeben" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "TCRYPT-Geräteinformationen ausgeben" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "BITLK-Geräteinformationen ausgeben" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "VFAULT2-Geräteinformationen ausgeben" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "LUKS-Gerät in Ruhezustand versetzen und alle Schlüssel auslöschen (alle IOs werden eingefroren)" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "LUKS-Gerät aus dem Ruhezustand aufwecken" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "Header und Schlüsselfächer eines LUKS-Geräts sichern" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "Header und Schlüsselfächer eines LUKS-Geräts wiederherstellen" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr " " -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "LUKS2-Token manipulieren" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2515,19 +2592,19 @@ "\n" " ist eine von:\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "Sie können auch die alten -Aliase benutzen:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2542,7 +2619,7 @@ " ist die Nummer des zu verändernden LUKS-Schlüsselfachs\n" " optionale Schlüsseldatei für den neuen Schlüssel der »luksAddKey«-Aktion\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2551,7 +2628,7 @@ "\n" "Vorgegebenes festeingebautes Metadatenformat ist %s (für luksFormat-Aktion).\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2560,20 +2637,20 @@ "\n" "Die Unterstützung des externen Token-Plugins LUKS2 ist %s.\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "integriert" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Pfad des Plugins für externe LUKS2-Token: %s.\n" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "deaktiviert" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2590,7 +2667,7 @@ "Vorgabe-PBKDF für LUKS2: %s\n" "\tIterationszeit: %d, benötigter Speicher: %d kB, parallele Threads: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2605,96 +2682,96 @@ "\tplain: %s, Schlüssel: %d Bits, Passphrase-Hashen: %s\n" "\tLUKS: %s, Schlüssel: %d Bits, LUKS-Header-Hashen: %s, Zufallszahlengenerator: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: Standard-Schlüsselgröße mit XTS-Modus (zwei interne Schlüssel) wird verdoppelt.\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: Benötigt %s als Argumente" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Schlüsselfach ist ungültig." -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "Die Gerätegröße muss ein Vielfaches von 512-Byte-Sektoren sein." -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "Ungültige Angabe der Maximalgröße für die Wiederverschlüsselungs-Hotzone." -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "Schlüsselgröße muss ein Vielfaches von 8 Bit sein" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "Die maximale Verkleinerungsgröße ist 1 GiB." -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Die verkleinerte Größe muss ein Vielfaches von 512-Byte-Sektoren sein." -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Die Option --priority kann nur »ignore/normal/prefer« sein." -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "Diese Hilfe anzeigen" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Kurze Aufrufsyntax anzeigen" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "Paketversion ausgeben" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "Hilfe-Optionen:" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[OPTION...] " -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "Argument fehlt." -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "Unbekannte Aktion." -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Die Option --key-file wirkt stärker als das angegebene Schlüsseldatei-Argument." -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "Die Option --key-file ist nur einmal erlaubt." -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Passwortbasierte Schlüsselableitungsfunktion (PBKDF) kann nur »pbkdf2« oder »argon2i/argon2id« sein." -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Bei PBKDF darf nur entweder die Anzahl der Durchläufe oder die Zeitbegrenzung angegeben werden." -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Die Optionen --keyslot-cipher und --keyslot-keysize können nur zusammen benutzt werden." -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Es wird keine Aktion ausgeführt. Aufgerufen mit der Option --test-args.\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "Fehler beim Deaktivieren der Metadaten-Dateisperre." @@ -2722,72 +2799,72 @@ msgid "Cannot write to root hash file %s." msgstr "Fehler beim Schreiben der Wurzel-Hashdatei »%s«." -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "Gerät »%s« ist kein gültiges VERITY-Gerät." -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "Fehler beim Anlegen der Wurzel-Hashdatei »%s«." -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "Ungültige Root-Hash-Datei »%s«." -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "Ungültiger Root-Hash-String angegeben." -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "Ungültige Signaturdatei »%s«." -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "Fehler beim Einlesen der Signaturdatei »%s«." -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "Der Befehl erfordert die Option oder --root-hash-file als Argument." -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr " " -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "Gerät formatieren" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr " []" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "Gerät verifizieren" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr " []" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "Status der aktiven Geräte anzeigen" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "Auf dem Datenträger gespeicherte Informationen anzeigen" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2802,7 +2879,7 @@ " ist das Gerät, das die Verifikationsdaten enthält\n" " ist der Hash des Rootknotens auf \n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2813,11 +2890,11 @@ "Einkompilierte Vorgabewerte für dm-verity:\n" "\tHash: %s, Datenblock (Bytes): %u, Hashblock (Bytes): %u, Salt-Größe: %u, Hashformat: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Die Optionen --ignore-corruption und --restart-on-corruption können nicht zusammen benutzt werden." -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Die Optionen --panic-on-corruption und --restart-on-corruption können nicht zusammen benutzt werden." @@ -3102,7 +3179,7 @@ msgid "Finished, time %s, %s, %s\n" msgstr "Fertiggestellt, Zeit %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "Fehler beim Prüfen der Passwortqualität: %s" @@ -3116,42 +3193,42 @@ "Passwort-Qualitätsüberprüfung fehlgeschlagen:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Passwort-Qualitätsüberprüfung fehlgeschlagen: Falsche Passphrase (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "Fehler beim Lesen der Passphrase vom Terminal." -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "Passphrase bestätigen: " -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "Passphrasen stimmen nicht überein." -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "Offset kann nicht zusammen mit Terminaleingabe benutzt werden." -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "Passphrase eingeben: " -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "Geben Sie die Passphrase für »%s« ein: " -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "Kein Schlüssel mit dieser Passphrase verfügbar." -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "Es ist kein nutzbares Schlüsselfach verfügbar." @@ -3225,41 +3302,50 @@ "Es kann zu Datenverlust kommen, wenn das Gerät gerade aktiviert ist.\n" "Um die Wiederverschlüsselung im Online-Modus durchzuführen, verwenden Sie stattdessen den Parameter --active-name.\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Gerät %s ist kein Blockgerät. Kann nicht automatisch erkennen, ob es aktiv ist oder nicht.\n" +"Verwenden Sie --force-offline-reencrypt, um die Prüfung zu umgehen und im Offline-Modus zu laufen (gefährlich!)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Die angeforderte Option »--resilience« kann nicht auf den aktuellen Wiederverschlüsselungsvorgang angewendet werden." + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "Das Gerät ist nicht der LUKS2-Verschlüsselung. Die Option »--encrypt« ist widersprüchlich." -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "Das Gerät ist nicht der LUKS2-Entschlüsselung. Die Option »--encrypt« ist widersprüchlich." -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "Das Gerät befindet sich in der Wiederverschlüsselung mit Datashift-Resilienz. Die angeforderte Option --resilience kann nicht angewendet werden." -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "Die angeforderte Option »--resilience« kann nicht auf den aktuellen Wiederverschlüsselungsvorgang angewendet werden." - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "Das Gerät erfordert die Wiederherstellung der Wiederverschlüsselung. Führen Sie zuerst die Reparatur aus." -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Gerät %s befindet sich bereits in der LUKS2-Neuverschlüsselung. Möchten Sie den zuvor begonnenen Vorgang fortsetzen?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Die veraltete LUKS2-Wiederverschlüsselung wird nicht mehr unterstützt." -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "Wiederverschlüsselung von Geräten mit Integritätsprofil wird nicht unterstützt." -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size % is incompatible with %s superblock\n" @@ -3268,98 +3354,103 @@ "Angeforderte --sector-size % ist nicht kompatibel mit dem %s-Superblock\n" "(Blockgröße: %Bytes), der auf dem Gerät %s erkannt wurde." -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Verschlüsselung ohne separaten Kopfbereich (--header) ist nur möglich, wenn die Größe des Hauptgeräts reduziert wird (--reduce-device-size)." -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:525 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Der angeforderte Datenoffset darf maximal die Hälfte des Parameters --reduce-device-size betragen." -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:535 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" msgstr "Der Wert von --reduce-device-size wird auf das Doppelte von --offset % (in Sektoren) angepasst.\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Temporäre Headerdatei »%s« existiert bereits. Wird abgebrochen." -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "Fehler beim Anlegen der temporären Headerdatei »%s«." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Die Größe der LUKS2-Metadaten ist größer als der Wert der Datenverschiebung." -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Der neue Header konnte nicht am Kopf des Geräts %s platziert werden." -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s ist jetzt aktiv und bereit für die Onlineverschlüsselung.\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "Das aktive Gerät »%s« ist kein LUKS2-Gerät." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "Wiederherstellung des ursprünglichen LUKS2-Headers." -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "Fehler beim Wiederherstellen des ursprünglichen LUKS2-Headers." -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Die Header-Datei %s existiert nicht. Möchten Sie die LUKS2-Entschlüsselung von Gerät %s initialisieren und LUKS2-Header in Datei %s exportieren?" + +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "Fehler beim Hinzufügen der Lese-/Schreibberechtigung für die exportierte Header-Datei." -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Fehler beim Initialisieren der Wiederverschlüsselung. Eine Sicherungskopie des Headers befindet sich in %s." -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:873 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "LUKS2-Entschlüsselung wird nur mit losgelöstem Headergerät unterstützt (mit Datenoffset auf 0 gesetzt)." -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "Nicht genügend freie Schlüsselfächer für Wiederverschlüsselung." -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Schlüsseldatei kann nur mit --key-slot oder mit genau einem aktiven Schlüsselfach benutzt werden." -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Geben Sie die Passphrase für Schlüsselfach %d ein: " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Geben Sie die Passphrase für Schlüsselfach %u ein: " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Der Verschlüsselungsalgorithmus wird auf %s geändert.\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Keine Datensegmentparameter geändert. Wiederverschlüsselung abgebrochen." -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3367,7 +3458,7 @@ "Die Zunahme der Größe des Verschlüsselungssektors auf einem Offline-Gerät wird nicht unterstützt.\n" "Aktivieren Sie das Gerät zuerst oder verwenden Sie die Option »--force-offline-reencrypt« (gefährlich!)." -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3376,58 +3467,58 @@ "\n" "Wiederverschlüsselung unterbrochen." -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "LUKS-Wiederverschlüsselung wird im erzwungenen Offline-Modus fortgesetzt.\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Das Gerät %s enthält fehlerhafte LUKS-Metadaten. Vorgang wird abgebrochen." -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Gerät %s ist bereits ein LUKS-Gerät. Vorgang wird abgebrochen." -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Gerät %s befindet sich bereits in der LUKS-Wiederverschlüsselung. Vorgang wird abgebrochen." -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "LUKS2-Entschlüsselung erfordert die Option »--header«." -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "Dieser Befehl benötigt den Gerätenamen als Argument." -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Widersprüchliche Versionen. Gerät %s ist LUKS1." -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Widersprüchliche Versionen. Gerät %s befindet sich in der LUKS1-Wiederverschlüsselung." -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Widersprüchliche Versionen. Gerät %s ist LUKS2." -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Widersprüchliche Versionen. Gerät %s befindet sich in LUKS2-Wiederverschlüsselung." -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Die LUKS2-Wiederverschlüsselung wurde bereits begonnen. Die Operation wird abgebrochen." -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "Derzeit läuft keine Wiederverschlüsselung." @@ -3532,28 +3623,28 @@ msgid "Provided UUID is invalid." msgstr "Die angegebene UUID ist ungültig." -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "Fehler beim Öffnen der Wiederverschlüsselungs-Logdatei." -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "Derzeit ist keine Entschlüsselung im Gange, die angegebene UUID kann nur benutzt werden, um einen unterbrochenen Entschlüsselungsvorgang fortzusetzen." -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Wiederverschlüsselung ändert: %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "Laufwerksschlüssel" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr ", Hash auf " -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr ", Verschlüsselung auf " @@ -3774,6 +3865,18 @@ msgid "Public key authentication error: " msgstr "Fehler bei der Authentifizierung mit öffentlichem Schlüssel: " +#~ msgid "WARNING: Data offset is outside of currently available data device.\n" +#~ msgstr "WARNING: Der Datenoffset ist außerhalb des derzeit verfügbaren Datengeräts.\n" + +#~ msgid "Cannot get process priority." +#~ msgstr "Fehler beim Ermitteln der Prozesspriorität." + +#~ msgid "Cannot unlock memory." +#~ msgstr "Fehler beim Entsperren des Speichers." + +#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions." +#~ msgstr "Das Verzeichnis %s/%s, das die Dateisperren enthält, wird mit den vorgegebenen, fest einprogrammierten Berechtigungen erzeugt." + #~ msgid "Failed to read BITLK signature from %s." #~ msgstr "Fehler beim Lesen der BITLK-Signatur von »%s«." @@ -4180,9 +4283,6 @@ #~ msgid "Sector size option is not supported for this command." #~ msgstr "Die Option Sektorgröße wird für diesen Befehl nicht unterstützt." -#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions." -#~ msgstr "Die Option »--unbound« kann nur zusammen mit den Aktionen »luksAddKey« und »luksDump« benutzt werden." - #~ msgid "Option --refresh may be used only with open action." #~ msgstr "Die Option --refresh kann nur zusammen mit der Aktion »open« benutzt werden." @@ -4363,9 +4463,6 @@ #~ msgid "Read new volume (master) key from file" #~ msgstr "Laufwerks-(Master-)Schlüssel aus Datei lesen" -#~ msgid "PBKDF2 iteration time for LUKS (in ms)" -#~ msgstr "PBKDF2 Iterationszeit for LUKS (in ms)" - #~ msgid "Use direct-io when accessing devices" #~ msgstr "Beim Zugriff auf die Geräte direct-io benutzen" diff -Nru cryptsetup-2.5.0/po/fr.po cryptsetup-2.6.1/po/fr.po --- cryptsetup-2.5.0/po/fr.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/fr.po 2023-02-09 16:12:17.000000000 +0000 @@ -1,16 +1,16 @@ # Messages français pour cryptsetup. -# Copyright (C) 2022 Free Software Foundation, Inc. +# Copyright (C) 2023 Free Software Foundation, Inc. # This file is put in the public domain. # # Solveig , 2009. # Nicolas Provost , 2011. -# Frédéric Marchal , 2022. +# Frédéric Marchal , 2023. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-07-16 12:31+0200\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-02 15:51+0100\n" "Last-Translator: Frédéric Marchal \n" "Language-Team: French \n" "Language: fr\n" @@ -20,67 +20,71 @@ "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n >= 2);\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Exécution comme un utilisateur non-root." -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Le module noyau dm_mod est-il chargé ?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "Le fanion différé demandé n'est pas supporté." -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "Le DM-UUID du périphérique %s a été tronqué." -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "Type de cible dm inconnu." -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "Les options de performance dm-crypt demandées ne sont pas supportées." -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Les options demandées de gestion de corruption des données dm-verity ne sont pas supportées." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "L'option dm-verity tasklets demandée n'est pas supportée." + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "Les options dm-verity FEC demandées ne sont pas supportées." -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "Les options d'intégrité de données demandées ne sont pas supportées." -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "L'option sector_size demandée n'est pas supportée." -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Le recalcule automatique des balises de sécurité demandés n'est pas supporté." -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "Discard/TRIM n'est pas supporté." -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Le mode de carte de bits d'intégrité dm demandé n'est pas supporté." -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "Échec lors de l'interrogation du segment dm-%s." -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -88,16 +92,16 @@ "Le système a manqué d'entropie lors de la génération de la clef de volume.\n" "Veuillez remuer la souris ou taper du texte dans une autre fenêtre pour générer des événements aléatoires.\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Génération de la clef (%d%% effectués).\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Fonctionne en mode FIPS." -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "Erreur fatale d'initialisation RNG." @@ -109,428 +113,438 @@ msgid "Error reading from RNG." msgstr "Erreur en lecture du générateur aléatoire RNG " -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "Impossible d'initialiser le moteur aléatoire RNG pour le chiffrement." -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "Impossible d'initialiser le moteur de chiffrement." -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "L'algorithme de hachage %s n'est pas supporté." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Erreur de traitement de clé (valeur hachage %s)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Impossible de déterminer le type de périphérique. Activation du périphérique incompatible ?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "Cette opération n'est possible que pour les périphériques LUKS." -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "Cette opération n'est possible que pour les périphériques LUKS2." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "Tous les emplacements de clés sont utilisés." -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "L'emplacement de clé %d n'est pas valide, merci d'en choisir un entre 0 et %d." -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "L'emplacement de clé %d est utilisé, merci d'en sélectionner un autre." -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "La taille du périphérique n'est pas alignée avec la taille d'un bloc logique du périphérique." -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "En-tête détecté mais le périphérique %s est trop petit." -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "Cette opération n'est pas supportée pour ce type de périphérique." -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "Opération illégale avec une re-chiffrement en cours." -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "Échec lors du retour en arrière des métadonnées LUKS2 en mémoire." + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "%s n'est pas un périphérique LUKS valide." -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "La version %d de LUKS n'est pas supportée." -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "Le périphérique %s n'est pas activé." -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Le périphérique sous-jacent pour le périphérique chiffré %s a disparu." -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "Paramètres de chiffrement non valides." -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "La taille de la clé n'est pas valide." -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "le UUID n'est pas supporté avec ce type de chiffrement." -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "Un périphérique avec des métadonnées détachées n'est pas supporté avec ce type de chiffrement." -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "Taille de secteur de chiffrement non supportée." -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "La taille du périphérique n'est pas alignée avec la taille de secteur demandée." -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "Impossible de formater en LUKS sans périphérique." -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "L'alignement de données demandé n'est pas compatible avec le décalage des données." -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "AVERTISSEMENT: L'offset des données est en dehors du périphérique de données actuellement disponible.\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 #, c-format msgid "Cannot wipe header on device %s." msgstr "Impossible d'effacer l'en-tête du périphérique %s." -#: lib/setup.c:1774 +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Le périphérique %s est trop petit pour l'activation, il ne reste pas d'espace pour les données.\n" + +#: lib/setup.c:1840 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "AVERTISSEMENT: L'activation du périphérique va échouer, dm-crypt ne supporte pas la taille de secteur de chiffrement demandée.\n" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "La clé de volume est trop petite pour chiffrer avec les extensions d'intégrité." -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Le chiffrement %s-%s (clé de %zd bits) n'est pas disponible." -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "ATTENTION: La taille des métadonnées LUKS2 est devenue % octets.\n" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "ATTENTION: La taille de la zone des emplacements de clés LUKS2 est devenue % octets.\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "Le périphérique %s est trop petit." -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "Impossible de formater le périphérique %s qui est en cours d'utilisation." -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Impossible de formater le périphérique %s. Permission refusée." -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "Impossible de formater l'intégrité du périphérique %s." -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "Impossible de formater le périphérique %s" -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "Impossible de formater LOOPAES sans périphérique." -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "Impossible de formater VERITY sans périphérique." -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Type de hachage VERITY %d non supporté." -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Taille de bloc VERITY non supportée." -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Décalage de hachage VERITY non supporté." -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "Décalage VERITY FEC non supporté." -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "La zone de données recouvre la zone de hachage." -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "La zone de hachage recouvre la zone FEC." -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "La zone de données recouvre la zone FEC." -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "ATTENTION : La taille %d demandée pour l'étiquette est différente de la taille de sortie de %s (%d octets).\n" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Type de chiffrement de périphérique demandé (%s) inconnu." -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "Paramètres non supportés sur le périphérique %s." -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "Paramètres non concordants sur le périphérique %s." -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "Désaccord entre les périphériques crypt." -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "Impossible de recharger le périphérique %s." -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "Impossible de suspendre le périphérique %s." -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "Impossible de redémarrer le périphérique %s." -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Erreur fatale en rechargeant le périphérique %s (au dessus du périphérique %s)" -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Impossible de basculer le périphérique %s en dm-error." -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "Impossible de redimensionner le périphérique loopback." -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "ATTENTION: La taille maximale est déjà définie ou le noyau ne supporte pas le redimensionnement.\n" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "Le redimensionnement a échoué, le noyau ne le supporte pas." -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "Voulez vous réellement changer l'UUID du périphérique ?" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "Le fichier de sauvegarde de l'en-tête ne contient pas d'en-tête compatible LUKS." -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "Le volume %s n'est pas actif." -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "Le volume %s est déjà suspendu." -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "Le périphérique %s ne supporte pas la suspension." -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "Erreur lors de la suspension du périphérique %s." -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "Le périphérique %s ne supporte pas la remise en service." -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "Erreur lors de la remise en service du périphérique %s." -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "Le volume %s n'est pas suspendu." -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "Ceci n'est pas la clé du volume." -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "Impossible d'ajouter un emplacement de clé, tous les emplacements sont désactivés et aucune clé n'a été fournie pour ce volume." - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "Nouvel emplacement de clé impossible à échanger." -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "L'emplacement de clé %d n'est pas valide." -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "L'emplacement de clé %d n'est pas actif." -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "L'en-tête du périphérique recouvre la zone de données." -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "Re-chiffrement en cours. Impossible d'activer le périphérique." -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "Impossible d'obtenir le verrou de re-chiffrement." -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "La récupération du rechiffrement LUKS2 a échoué." -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "Type de périphérique improprement initialisé." -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "Le périphérique %s existe déjà." -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Impossible d'utiliser le périphérique %s, le nom est invalide ou est toujours utilisé." -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "Clé de volume incorrecte pour le périphérique en clair." -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "Hachage racine incorrect spécifié pour le périphérique verity." -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "Signature de hachage racine requise." -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Le porte-clé du noyau est manquant : il est requis pour passer une signature au noyau." -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "Impossible de charger la clé dans le porte-clé du noyau." -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Impossible d'annuler la suppression différée du périphérique %s." -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Le périphérique %s est toujours occupé." -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "Le périphérique %s n'est pas valide." -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "Le tampon de la clé du volume est trop petit." -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Impossible de récupérer la clé du volume pour le périphérique LUKS2." + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Impossible de récupérer la clé du volume pour le périphérique LUKS1." + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "Impossible de récupérer la clé du volume pour ce périphérique de type « plain »." @@ -538,147 +552,151 @@ msgid "Cannot retrieve root hash for verity device." msgstr "Impossible de récupérer le hachage racine pour le périphérique verity." -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Impossible de récupérer la clé du volume pour le périphérique BITLK." + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Impossible de récupérer la clé du volume pour le périphérique FVAULT2." + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Cette opération n'est pas possible pour le périphérique chiffré %s." -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "L'opération de vidage n'est pas supportée pour ce type de périphérique." -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Le décalage des données n'est pas un multiple de %u octets." -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Impossible de convertir le périphérique %s qui est toujours en cours d'utilisation." -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Échec de l'affectation de l'emplacement de clé %u pour la nouvelle clé de volume." -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Échec de l'initialisation des paramètres par défaut des emplacement de clé LUKS2." -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Échec de l'affectation de l'emplacement de clé %d aux résumé." -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Impossible d'ajouter un emplacement de clé, tous les emplacements sont désactivés et aucune clé n'a été fournie pour ce volume." + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "Le porte-clé du noyau n'est pas supporté par ce noyau." -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Échec lors de la lecture du mot de passe depuis le porte-clé (erreur %d)." -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Erreur lors de l'acquisition du verrou global de sérialisation des accès strictes à la mémoire" -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "Impossible d'obtenir la priorité du processus." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "Impossible de déverrouiller la mémoire." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "Impossible d'ouvrir le fichier de clef." -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "Impossible de lire le fichier de clé depuis un terminal." -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "Impossible d'exécuter « stat » sur le fichier de clef." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "Impossible de sauter au décalage demandé dans le fichier de clé." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "Plus assez de mémoire lors de la lecture de la phrase secrète." -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "Erreur de lecture de la phrase secrète." -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "Rien à lire en entrée." -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "Taille max. de fichier de clé dépassée." -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "Impossible de lire la quantité de données demandée." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "Le périphérique %s n'existe pas ou l'accès y est interdit." -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "Le périphérique %s n'est pas compatible." -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "La mauvaise taille de optimal-io est ignorée pour le périphérique de données (%u octets)." -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "Le périphérique %s est trop petit. Il a besoin d'au moins % octets." -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Impossible d'utiliser le périphérique %s actuellement utilisé (déjà mappé ou monté)." -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Impossible d'utiliser le périphérique %s, permission refusée." -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "Impossible d'obtenir des informations au sujet du périphérique %s." -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "Impossible d'utiliser un périphérique loopback. Fonctionne comme un utilisateur non-root." -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Impossible d'associer le périphérique loopback (le drapeau « autoclear » est requis)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Le décalage demandé est au delà de la taille réelle du périphérique %s." -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "Le périphérique %s a une taille nulle." @@ -732,30 +750,25 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "Seul PBKDF2 est supporté en mode FIPS." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "L'étalon PBKDF est désactivé mais les itérations ne sont pas définies." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Options PBKDF2 incompatibles (en utilisant l'algorithme de hachage %s)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "Options PBKDF incompatibles." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisable (pas un répertoire ou est manquant)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "Le répertoire de verrouillage %s/%s sera créé avec les permissions par défaut fournies durant la compilation." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisable (%s n'est pas un répertoire)." @@ -788,9 +801,9 @@ msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "La spécification du chiffrement devrait être au format [chiffrement]-[mode]-[iv]." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Impossible d'écrire sur le périphérique %s. Permission refusée." @@ -803,23 +816,24 @@ msgid "Failed to access temporary keystore device." msgstr "Impossible d'accéder au périphérique de stockage temporaire de clés." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "Erreur E/S pendant le chiffrement de l'emplacement de clé." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Impossible d'ouvrir le périphérique %s." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "Erreur E/S pendant le déchiffrement de l'emplacement de clé." @@ -835,54 +849,54 @@ msgid "LUKS keyslot %u is invalid." msgstr "L'emplacement de clé LUKS %u n'est pas valide." -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "Le fichier de sauvegarde d'en-tête demandé %s existe déjà." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "Impossible de créer le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "Impossible d'écrire le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "Le fichier de sauvegarde ne contient pas d'en-tête LUKS valide." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "Impossible d'ouvrir le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "Impossible de lire le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "Le décalage des données (« offset ») ou la taille de la clé ne sont pas identiques dans le périphérique et la sauvegarde. La restauration a échouée." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "Périphérique %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "ne contient pas d'en-tête LUKS. Remplacer l'en-tête peut détruire les données de ce périphérique." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "contient déjà un en-tête LUKS. Remplacer l'en-tête détruira les emplacements de clés actuels." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -890,126 +904,130 @@ "\n" "ATTENTION : l'en-tête du périphérique a un UUID différent de celui de la sauvegarde !" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "Taille de clé non standard. Réparation manuelle requise." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "Alignement non standard des emplacements de clé. Réparation manuelle requise." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Mode de chiffrement réparé (%s -> %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Valeur hachée du chiffrement réparée vers des minuscules (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "L'algorithme de hachage LUKS demandé (%s) n'est pas supporté." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Réparation des emplacements de clé." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Emplacement de clé %i : décalage réparé (%u -> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Emplacement de clé %i : bandes réparées (%u -> %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Emplacement de clé %i : signature de partition contrefaite." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Emplacement de clé %i : aléa effacé." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "Écriture de l'en-tête LUKS sur le disque." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "Échec de la réparation." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "Le mode de chiffrement LUKS %s n'est pas valide." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "La valeur hachée LUKS %s n'est pas valide." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "Aucun problème connu détecté pour l'en-tête LUKS." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Erreur lors de la mise à jour de l'en-tête LUKS sur le périphérique %s." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Erreur lors de la relecture de l'en-tête LUKS après la mise à jour sur le périphérique %s." -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "L'offset des données d'un en-tête LUKS doit être soit 0 ou soit plus grand que la taille de l'en-tête." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "Mauvais format fourni pour le UUID LUKS." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "Impossible de créer un en-tête LUKS : échec lors de la lecture de l'aléa." -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "Impossible de créer un en-tête LUKS : le résumé (« digest ») de l'en-tête a échoué (en utilisant l'algorithme de hachage %s)." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "L'emplacement de clé %d est activé, effacez le d'abord." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Le matériel de l'emplacement de clé %d a trop peu de bandes. L'en-tête a-t-il été modifié ?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Débordement de la valeur d'itération de PBKDF2." + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Impossible d'ouvrir l'emplacement de clé (en utilisant le hachage %s)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "L'emplacement de clé %d n'est pas valide, merci de sélectionner un emplacement entre 0 et %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Impossible d'effacer de façon sécurisée le périphérique %s." @@ -1030,177 +1048,187 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "Le noyau ne supporte pas les associations de type boucle « loop-AES »." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "Erreur lors de la lecture du fichier de clé %s." -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Longueur maximum de la phrase secrète TCRYPT (%zu) dépassée." -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "L'algorithme de hachage PBKDF2 %s n'est pas supporté, ignoré." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "L'interface du noyau requise pour le chiffrement n'est pas disponible." -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Vérifiez que le module du noyau algif_skcipher est chargé." -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "L'activation n'est pas supportée pour des secteurs de taille %d." -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Le noyau ne supporte pas l'activation pour ce mode TCRYPT historique." -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Activation du chiffrement du système TCRYPT sur la partition %s." -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Le noyau ne supporte pas les associations de type TCRYPT." -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "Cette fonction n'est pas supportée sans le chargement de l'en-tête TCRYPT." -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Un type d'entrée « %u » inattendu a été trouvé dans la méta-donnée en analysant la Clé Maître du Volume supportée." -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "Chaîne texte invalide rencontrée en analysant la Clé Maître du Volume." -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Chaîne texte (« %s ») inattendue rencontrée en analysant la Clé Maître du Volume supportée." -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "La valeur « %u » pour l'entrée de la méta-donnée est inattendue en analysant la Clé Maître du Volume supportée." -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "La version 1 de BITLK n'est actuellement pas supportée." -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Signature d'amorce invalide ou inconnue pour le périphérique BITLK." -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %." msgstr "Taille de secteur % non supportée." -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Impossible de lire l'en-tête BITLK depuis %s." -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Impossible de lire les méta-données BITLK FVE depuis %s." -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Type de chiffrement inconnu ou non supporté." -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Impossible de lire les entrées des méta-données de BITLK depuis %s." -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "Échec lors de la conversion de la description du volume BITLK" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Un type d'entrée « %u » inattendu a été trouvé dans la méta-donnée en analysant la clé externe." -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "Le GUID du fichier BEK « %s » ne correspond pas au GUID du volume." -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "La valeur « %u » pour l'entrée de la méta-donnée est inattendue en analysant la clé externe." -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %" msgstr "Métadonnées BEK version % non supportées" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "La taille inattendue des métadonnées BEK % ne correspond pas à la longueur du fichier BEK" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Une entrée de méta-donnée inattendue a été trouvée en analysant la clé de démarrage." -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "Cette opération n'est pas supportée." -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "Taille inattendue pour les données de la clé." -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Ce périphérique BITLK est dans un état non supporté et ne peut pas être activé." -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Les périphériques BITLK avec le type « %s » ne peuvent pas être activés." -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "L'activation d'un périphérique BITLK partiellement déchiffré n'est pas supporté." -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "WARNING: BitLocker volume size % does not match the underlying device size %" msgstr "AVERTISSEMENT: La taille % du volume BitLocker ne correspond pas à la taille % du périphérique sous-jacent" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas BITLK IV." -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas le diffuseur BITLK Elephant." -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas une grande taille de secteur." -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Impossible d'activer le périphérique car le module dm-zero est manquant dans le noyau." +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Échec à la lecture de %u octets dans l'en-tête du volume." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "Version FVAULT2 % non supportée." + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1352,17 +1380,17 @@ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Le noyau refuse d'activer l'option de recalcul non sûre (voyez les options d'activation historique pour outrepasser)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Impossible d'acquérir un verrou en écriture sur le périphérique %s." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Tentative détectée de mettre à jour les métadonnées LUKS2 de manière concurrent. L'opération est abandonnée." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1370,49 +1398,49 @@ "Le périphérique contient une signature ambigüe, impossible de récupérer automatiquement LUKS2.\n" "Veuillez exécuter « cryptsetup repair » pour la récupération." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "Le décalage de données demandé est trop petit." -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "ATTENTION: la zone des emplacements de clés (% octets) est très petite, le nombre d'emplacements de clés LUKS2 est très limité.\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Impossible d'acquérir le verrou de lecture sur le périphérique %s." -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Des exigences LUKS2 interdites ont été détectées dans la sauvegarde %s." -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "Les décalages des données ne sont pas identiques sur le périphérique et la sauvegarde, la restauration a échoué." -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Les en-têtes binaires avec des tailles de zones d'emplacements de clés sont différents sur le périphérique et la sauvegarde, la restauration a échouée." -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "Périphérique %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "ne contient pas d'en-tête LUKS2. Remplacer l'en-tête peut détruire les données de ce périphérique." -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "contient déjà un en-tête LUKS2. Remplacer l'en-tête détruira les emplacements de clés actuels." -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1422,7 +1450,7 @@ "ATTENTION: des exigences LUKS2 inconnues ont été détectées sur l'en-tête du périphérique réel !\n" "Remplacer l'en-tête par la sauvegarde peut corrompre les données sur ce périphérique !" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1432,50 +1460,50 @@ "ATTENTION: Un rechiffrement hors-ligne non terminé a été détecté sur le périphérique !\n" "Remplacer l'en-tête par la sauvegarde peut corrompre les données." -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "Fanion inconnu %s ignoré." -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Clé manquante pour le segment %u de dm-crypt" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "Impossible de définir le segment dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "Impossible de définir le segment dm-linear." -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "Configuration d'intégrité du périphérique non supportée." -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Re-chiffrement en cours. Le périphérique ne peut être désactivé." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Échec du remplacement du périphérique suspendu %s avec la cible dm-error." -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "Échec lors de la lecture des exigences LUKS2." -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "Des exigences LUKS2 non rencontrées ont été détectées." -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement historique. Abandon." -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement LUKS2. Abandon." @@ -1487,20 +1515,21 @@ msgid "Keyslot open failed." msgstr "Échec de l'ouverture de l'emplacement de clé." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Impossible d'utiliser le chiffrement %s-%s pour le chiffrement de l'emplacement de clé" -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "Plus d'espace pour le nouvel emplacement de clé." - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "L'algorithme de hachage %s n'est pas disponible." +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "Plus d'espace pour le nouvel emplacement de clé." + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "Requête de changement du mode de résilience du rechiffrement invalide." @@ -1523,7 +1552,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Impossible de convertir un en-tête avec des métadonnées LUKSMETA supplémentaires." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Impossible d'utiliser la spécification de chiffrement %s-%s pour LUKS2." @@ -1581,241 +1610,245 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Impossible de convertir au format LUKS1 – l'emplacement de clé %u n'est pas compatible avec LUKS1." -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "La taille de la zone chaude doit être un multiple de l'alignement de zone calculé (%zu octets)." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "La taille du périphérique doit être un multiple de l'alignement de zone calculé (%zu octets)." -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "Impossible d'initialiser l'encapsulation pour le stockage de l'ancien segment." -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "Impossible d'initialiser l'encapsulation pour le stockage du nouveau segment." -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "Impossible d'initialiser la protection des zones chaudes." -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "Impossible de lire les sommes de contrôle pour la zone chaude actuelle." -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Échec de la lecture de la zone chaude démarrant à %." -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Échec lors du déchiffrement du secteur %zu." -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "Échec lors de la récupération du secteur %zu." -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Les tailles des périphériques source et cible ne correspondent pas. Source %, cible: %." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Échec de l'activation du périphérique de zone chaude %s." -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Impossible d'activer le périphérique de surcouche %s avec la table d'origine actuelle." -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Impossible de charger la nouvelle cartographie du périphérique %s." -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "Impossible de rafraîchir la pile des périphériques de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "Impossible de définir la taille de la nouvelle zone des emplacements de clés." -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "La valeur de décalage de données n'est pas alignée sur la taille de secteur de chiffrement (% octets)." -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Mode de résilience %s non supporté" -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "La taille du secteur déplacé ne peut pas être plus grande que la valeur de décalage des données." -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "Paramètres de rechiffrement de la résilience invalides." + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %, available space for: %." msgstr "Le segment déplacé est trop grand. La taille demandée est %, l'espace disponible est %" -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "Erreur lors de la suppression de la table." -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "La taille des données réduites est plus grande que la taille réelle du périphérique." -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "Le périphérique de données n'est pas aligné sur la taille de secteur de chiffrement (% octets)." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Le décalage de données (% secteurs) est plus petit que le décalage de données future (% secteurs)." -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Erreur lors de l'ouverture de %s en mode exclusif (déjà mappé ou monté)." -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "Le périphérique n'est pas marqué pour le rechiffrement LUKS2." -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "Échec du chargement du contexte de rechiffrement LUKS2" -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "Impossible d'obtenir l'état de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "Le périphérique n'est pas en rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "Le rechiffrement est déjà en cours." -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "Impossible d'acquérir le verrou de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Impossible de réaliser le rechiffrement. Exécutez d'abord la récupération du rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "La taille du périphérique actif et la taille de rechiffrement demandée ne correspondent pas." -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "Taille de périphérique illégale demandée dans les paramètres de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Rechiffrement en cours. La récupération ne peut pas être réalisée." -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Rechiffrement LUKS2 déjà initialisé dans les métadonnées." -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Échec de l'initialisation du rechiffrement LUKS2 dans les métadonnées." -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Impossible de définir les segments du périphérique pour le rechiffrement suivant de la zone chaude." -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "Échec lors de l'écriture des métadonnées de la résilience du rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "Échec du déchiffrement." -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Échec de l'écriture de la zone chaude démarrant à %." -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "Erreur lors de la synchronisation des données." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Échec de la mise à jour des métadonnées après la fin du rechiffrement de la zone chaude courante." -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "Échec lors de l'écriture des métadonnées LUKS2" -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "Impossible d'effacer la zone du périphérique contenant les données inutilisées." -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Erreur lors de la suppression de l'emplacement de clé inutilisé (unbound) %d." -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "Erreur lors de la suppression de l'emplacement de clé de re-chiffrement." -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Erreur fatale en rechiffrant le morceau commençant à % d'une longueur de % secteurs." -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "Échec du rechiffrement en-ligne." # Frédéric: Je n'ai pas la moindre idée de ce que le développeur a voulu écrire. Qu'est-ce que "error target" dans ce contexte ? -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "Ne pas redémarrer le périphérique à moins qu'il ait été remplacé manuellement par la cible en erreur." -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Impossible de réaliser le rechiffrement. Statut de rechiffrement inattendu." -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "Contexte de rechiffrement manquant ou invalide." -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "Impossible d'initialiser la pile du périphérique de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "Échec de la mise à jour du contexte de rechiffrement." -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "Les méta-données de rechiffrement sont invalides." @@ -1823,18 +1856,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Les paramètres de chiffrement des emplacement de clés peuvent uniquement être définis pour un périphérique LUKS2." -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "Entrez le code PIN du jeton :" +msgid "Enter token PIN: " +msgstr "Entrez le code PIN du jeton : " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "Entrez le code PIN du jeton %d :" +msgid "Enter token %d PIN: " +msgstr "Entrez le code PIN du jeton %d : " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté." @@ -1852,10 +1885,10 @@ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Signature(s) de périphérique détectée(s) sur %s. Continuer risque d'endommager les données existantes." -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "Opération interrompue.\n" @@ -1902,7 +1935,7 @@ "sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n" "Ce contenu devrait toujours être stocké, chiffré, en lieu sûr." -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1912,68 +1945,77 @@ "sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n" "Ce contenu devrait être stocké, chiffré, en lieu sûr." -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Le périphérique %s n'est pas un périphérique FVAULT2 valide." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Impossible de déterminer la taille de la clé de volume pour FVAULT2, veuillez utiliser l'option --key-size." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Le périphérique %s est toujours actif et prévu pour une suppression différée.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Le redimensionnement d'un périphérique actif requiert que la clé du volume soit dans le porte-clé mais l'option --disable-keyring est définie." -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "Test de performance interrompu." -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s N/A\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u itérations par seconde pour une clé de %zu bits\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s N/A\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u itérations, %5u mémoire, %1u threads parallèles (CPUs) pour une clé de %zu bits (temps de %u ms demandé)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "Le résultat de l'évaluation de performance n'est pas fiable." -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorithme | Clé | Chiffrement | Déchiffrement\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Le chiffrement %s (avec une clé de %i bits) n'est pas disponible." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorithme | Clé | Chiffrement | Déchiffrement\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "N/D" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -1982,27 +2024,27 @@ "désirable (consultez la sortie de luksDump) et continuez (mise à niveau des métadonnées) uniquement si vous constatez que\n" "l'opération est légitime." -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Entrez la phrase secrète pour protéger et mettre à niveau les métadonnées de rechiffrement : " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Réellement procéder à la récupération du rechiffrement LUKS2 ?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Entrez la phrase secrète pour vérifier le résumé des métadonnées du rechiffrement : " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "Entrez la phrase secrète pour la récupération du rechiffrement : " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "Réellement essayer de réparer l'en-tête du périphérique LUKS ?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2010,7 +2052,7 @@ "\n" "Effacement interrompu." -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2018,119 +2060,128 @@ "Effacement du périphérique pour initialiser les sommes de contrôle d'intégrité.\n" "Vous pouvez interrompre ceci en appuyant sur CTRL+c (le reste du périphérique effacé contiendra toujours des sommes de contrôle invalides).\n" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Impossible de désactiver le périphérique temporaire %s." -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "L'option d'intégrité peut uniquement être utilisée avec le format LUKS2." -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "Options de taille des métadonnées LUKS2 non supportées." -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "Le fichier d'en-tête n'existe pas, voulez-vous le créer ?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "Impossible de créer le fichier d'en-tête %s." -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Aucun motif connu de spécification d'intégrité n'a été détecté." -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Ne peut utiliser %s comme en-tête sur disque." -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Cette action écrasera définitivement les données sur %s." -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Impossible de définir les paramètres pbkdf." -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Décalage réduit de données est uniquement permis dans un en-tête LUKS détaché." -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "Le container %s du fichier LUKS est trop petit pour l'activation, il ne reste pas d'espace pour les données." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Impossible de déterminer la taille de la clé de volume pour LUKS sans emplacement de clé, veuillez utiliser l'option --key-size." -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "Le périphérique a été activé mais les fanions ne peuvent pas être rendus permanents." -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Emplacement de clé %d sélectionné pour suppression." -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Ceci est le dernier emplacement de clé. Le périphérique sera inutilisable après la suppression de cette clé." -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "Entrez toute phrase secrète restante : " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Opération interrompue, l'emplacement de clé n'a PAS été effacé.\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "Entrez la phrase secrète à effacer : " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "%s n'est pas un périphérique LUKS2 valide." -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "Entrez une nouvelle phrase secrète pour l'emplacement de clé : " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "ATTENTION: Le paramètre --key-slot est utilisé pour le nouveau numéro de l'emplacement de clé.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Entrez une phrase secrète existante : " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "Entrez la phrase secrète à changer : " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Entrez la nouvelle phrase secrète : " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "Entrez la phrase secrète pour l'emplacement de clé à convertir: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "L'opération isLuks supporte seulement un périphérique en argument." -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "L'emplacement de clé %d ne contient pas de clé non liée." -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2138,40 +2189,40 @@ "Le contenu de l'en-tête avec une clé non liée est une information sensible.\n" "Ce contenu devrait être stocké, chiffré, en lieu sûr." -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "%s n'est pas un nom de périphérique %s actif." -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s n'est pas un nom de périphérique LUKS actif ou l'en-tête est manquant." -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "L'option --header-backup-file est requise." -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s n'est pas un périphérique géré par cryptsetup." -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Le rafraîchissement n'est pas supporté pour un périphérique de type %s" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Type de métadonnée du périphérique %s non reconnu." -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "La commande exige un périphérique et un nom de correspondance comme arguments." -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2180,325 +2231,351 @@ "Cette opération va supprimer tous les emplacements de clés du périphérique %s.\n" "Le périphérique sera inutilisable après cette opération." -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Opération interrompue, les emplacements de clés n'ont PAS été effacés.\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Type LUKS invalide, seuls luks1 et luks2 sont supportés." -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "Le périphérique est déjà du type %s." -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Cette opération va convertir %s au format %s.\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "Opération interrompue, le périphérique n'a PAS été converti.\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "L'option --priority, --label ou --subsystem est manquante." -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "Le jeton %d est invalide." -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "Le jeton %d est utilisé." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Échec lors de l'ajout du jeton %d au porte-clé luks2." -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Échec lors de l'affectation du jeton %d à l'emplacement de clé %d." -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "Le jeton %d n'est pas utilisé." -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "Impossible d'importer le jeton depuis le fichier." -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "Impossible d'obtenir le jeton %d pour l'export." -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Le jeton %d n'est pas assigné à l'emplacement de clé %d." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "Impossible de dissocier le jeton %d de l'emplacement de clé %d." + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Les options --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup sont supportées seulement pour un périphérique TCRYPT." -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "L'option --veracrypt ou --disable-veracrypt est uniquement supportée pour un périphérique de type TCRYPT." -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "L'option --veracrypt-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt." -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "L'option --veracrypt-query-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt." -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Les options --veracrypt-pim et --veracrypt-query-pim sont mutuellement exclusives." -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "L'option --persistent n'est pas permise avec --test-passphrase." -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Les options --refresh et --test-passphrase sont mutuellement exclusives." -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "L'option --shared est permise uniquement pour ouvrir un périphérique ordinaire." -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "L'option --skip est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes." -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "L'option --offset avec l'action d'ouverture est supportée uniquement pour des périphériques ordinaires et loopaes." -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "L'option --tcrypt-hidden ne peut pas être combinée avec --allow-discards." -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "L'option de taille de secteur avec l'action d'ouverture est uniquement supportée pour des périphérique ordinaires." -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "L'option des secteurs IV (vecteur d'initialisation) de grande taille est supportée uniquement à l'ouverture de périphériques de type simple avec une taille de secteur supérieure à 512 octets." -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "L'option --test-passphrase est autorisée uniquement pour ouvrir des périphériques LUKS, TCRYPT et BITLK." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "L'option --test-passphrase est autorisée uniquement pour ouvrir des périphériques LUKS, TCRYPT, BITLK et FVAULT2." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "Les options --device-size et --size ne peuvent pas être combinées." -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "L'option --unbound est permise uniquement pour ouvrir un périphérique luks." -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "L'option --unbound ne peut pas être utilisée sans --test-passphrase." -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Les options --cancel-deferred et --deferred ne peuvent pas être utilisées en même temps." -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "Les options --reduce-device-size et --data-size ne peuvent pas être combinées." -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "L'option --active-name peut uniquement être définie pour un périphérique LUKS2." -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Les options --active-name et --force-offline-reencrypt ne peuvent pas être combinées." -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "Une spécification d'emplacement de clé est requise." -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "Les options --align-payload et --offset ne peuvent pas être combinées." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "L'option --integrity-no-wipe peut uniquement être utilisée pour une action de formatage avec l'extension d'intégrité." -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "Seule une des deux possibilités --use-[u]random est autorisée." -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "La taille de clé est requise avec l'option --unbound." -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "L'action de jeton est invalide." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "Le paramètre --key-description est requis pour l'action d'ajout d'un jeton." -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --token-id." -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "L'option --unbound est uniquement valable avec l'action d'ajout d'un jeton." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Les options --key-slot et --unbound ne peuvent pas être combinées." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --key-slot." + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr " [--type ] []" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "ouvrir le périphérique comme " -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "fermeture du périphérique (supprime le « mapping »)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "redimensionner le périphérique actif" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "afficher le statut du périphérique" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "[--cipher ]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "chiffrement pour test de performance" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "essayer de réparer les métadonnées sur le disque" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "rechiffrer le périphérique LUKS2" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "supprimer tous les emplacements de clés (supprime la clé de chiffrement)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "convertir LUKS depuis/vers le format LUKS2" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "définir les options de configuration permanentes pour LUKS2" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr " []" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "formater un périphérique LUKS" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "ajouter une clé au périphérique LUKS" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr " []" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "retire du périphérique LUKS la clé ou le fichier de clé fourni" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "modifie la clé ou le fichier de clé fourni pour le périphérique LUKS" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "converti une clé vers les nouveaux paramètres pbkdf" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr " " -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "efface de façon sécurisée la clé avec le numéro du périphérique LUKS" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "afficher l'UUID du périphérique LUKS" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "teste si a un en-tête de partition LUKS" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "affiche les informations LUKS de la partition" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "affiche les informations du périphérique TCRYPT" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "affiche les informations du périphérique BITLK" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "affiche les informations du périphérique FVAULT2" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Suspendre le périphérique LUKS et effacer de façon sécurisée la clé (toutes les entrées/sorties sont suspendues)" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "Remettre en service le périphérique LUKS suspendu" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "Sauvegarder l'en-tête et les emplacements de clés du périphérique LUKS" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "Restaurer l'en-tête et les emplacements de clés du périphérique LUKS" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr " " -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "Manipuler les jetons LUKS2" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2506,19 +2583,19 @@ "\n" " est l'une de :\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "Vous pouvez aussi utiliser les alias de l'ancienne syntaxe  :\n" -"\touvrir : create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tfermer : remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\touvrir : create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tfermer : remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2533,7 +2610,7 @@ " est le numéro de l'emplacement de clé LUKS à modifier\n" " est un fichier optionnel contenant la nouvelle clé pour l'action luksAddKey\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2542,7 +2619,7 @@ "\n" "Le format de métadonnées compilé par défaut est %s (pour l'action luksFormat).\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2551,20 +2628,20 @@ "\n" "Le support du greffon de jeton externe LUKS2 est %s.\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "intégré dans la compilation" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Chemin du greffon de jeton externe LUKS2 : %s.\n" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "désactivé" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2581,7 +2658,7 @@ "PBKDF par défaut pour LUKS2 : %s\n" "\tTemps d'itération: %d, Mémoire requise: %d ko, Threads parallèles: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2596,96 +2673,96 @@ "\tplain: %s, Clé: %d bits, Hachage mot de passe: %s\n" "\tLUKS: %s, Clé: %d bits, Hachage en-tête LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: La taille de clé par défaut en mode XTS (deux clés internes) sera doublée.\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s : exige %s comme arguments." -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Emplacement de clé non valide." -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "La taille du périphérique doit être un multiple d'un secteur de 512 octets." -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "La spécification de la taille maximale de la zone chaude de rechiffrement est invalide." -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "La taille de la clé doit être un multiple de 8 bits" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "La taille maximum réduite pour le périphérique est 1 GiB." -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "La taille réduite doit être un multiple d'un secteur de 512 octets." -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "L'option --priority peut uniquement être ignore/normal/prefer." -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "Afficher ce message d'aide" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Afficher, en résumé, la syntaxe d'invocation" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "Afficher la version du paquet" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "Options d'aide :" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[OPTION...] " -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "Il manque l'argument ." -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "Action inconnue." -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "L'option --key-file est prioritaire par rapport à un fichier de clé spécifié en argument." -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "Un seul argument --key-file est autorisé." -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "La fonction de dérivation d'une clé basée sur un mot de passe (PBKDF = Password-Based Key Derivation Function) peut uniquement être pbkdf2 ou argon2i/argon2id." -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Les itérations forcées de PBKDF ne peuvent pas être combinées avec l'option de temps d'itération." -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Les options --keyslot-cipher et --keyslot-key-size doivent être utilisées ensembles." -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Aucune action réalisée. Invoqué avec l'option --test-args.\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "Impossible de désactiver le verrouillage des métadonnées." @@ -2713,72 +2790,72 @@ msgid "Cannot write to root hash file %s." msgstr "Impossible d'écrire dans le fichier de hachage racine %s." -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "Le périphérique %s n'est pas un périphérique VERITY valable." -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "Impossible de lire le fichier de hachage racine %s." -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "Fichier de hachage racine %s invalide." -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "Chaîne de hachage racine invalide." -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "Fichier de signature %s invalide." -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "Impossible de lire le fichier de signature %s." -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "La commande exige ou l'option --root-hash-file comme argument." -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr " " -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "formater le périphérique" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr " []" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "vérifier le périphérique" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr " []" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "afficher le statut du périphérique actif" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "afficher les informations sur le disque" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2793,7 +2870,7 @@ " est le périphérique contenant les données de vérification\n" " hachage du nœud racine sur \n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2804,11 +2881,11 @@ "Paramètres compilés par défaut dans dm-verity :\n" "\tHachage: %s, Bloc données (octets): %u, Bloc hachage (octets): %u, Taille aléa: %u, Format hachage: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Les options --ignore-corruption et --restart-on-corruption ne peuvent être utilisées ensembles." -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Les options --panic-on-corruption et --restart-on-corruption ne peuvent être utilisées ensembles." @@ -3093,7 +3170,7 @@ msgid "Finished, time %s, %s, %s\n" msgstr "Terminé, temps %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "Ne peut vérifier la qualité du mot de passe : %s" @@ -3107,42 +3184,42 @@ "Échec de la vérification de la qualité du mot de passe :\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Échec de la vérification de la qualité du mot de passe : Mauvais mot de passe (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "Erreur de lecture de la phrase secrète depuis la console." -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "Vérifiez la phrase secrète : " -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "Les phrases secrètes ne sont pas identiques." -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "Le décalage n'est pas possible si l'entrée provient de la console." -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "Saisissez la phrase secrète : " -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "Saisissez la phrase secrète pour %s : " -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "Aucune clé disponible avec cette phrase secrète." -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "Aucun emplacement de clé utilisable est disponible." @@ -3216,41 +3293,50 @@ "Les données pourraient être corrompues si le périphérique est réellement activé.\n" "Pour exécuter le rechiffrement en mode en ligne, utilisez le paramètre --active-name.\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Le périphérique %s n'est pas un périphérique bloc. Impossible de détecter s'il est actif ou non.\n" +"Utilisez --force-offline-reencrypt pour passer outre la vérification et exécuter en mode hors-ligne (dangereux !)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "L'option --resilience demandée ne peut pas être appliquée à l'opération de rechiffrement courante." + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "Le périphérique n'est pas en cour de chiffrement LUKS2. Option --encrypt conflictuelle." -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "Le périphérique n'est pas en cours de déchiffrement LUKS2. Option --decrypt conflictuelle." -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "Le périphérique est en cours de rechiffrement en utilisant la résilience datashift. L'option --resilience demandée ne peut pas être appliquée." -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "L'option --resilience demandée ne peut pas être appliquée à l'opération de rechiffrement courante." - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "Le périphérique requiert une récupération de rechiffrement. Exécuter d'abord une réparation." -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Le périphérique %s est déjà en cours de rechiffrement LUKS2. Voulez-vous redémarrer l'opération précédemment initialisée ?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Le rechiffrement LUKS2 historique n'est plus supporté." -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "Le rechiffrement d'un périphérique avec un profil d'intégrité n'est pas supporté." -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size % is incompatible with %s superblock\n" @@ -3259,98 +3345,103 @@ "La taille de secteur demandée avec --sector-size % est incompatible avec le superbloc %s\n" "(taille de bloc : % octets) détecté sur le périphérique %s." -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Le chiffrement sans en-tête détaché (--header) n'est pas possible sans une réduction de la taille du périphérique de données (--reduce-device-size)" -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:525 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Le décalage de données demandé doit être inférieur ou égal à la moitié du paramètre --reduce-device-size." -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:535 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" msgstr "Ajustement de la valeur de --reduce-device-size à deux fois --offset % (secteurs).\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Le fichier temporaire d'en-tête %s existe déjà. Abandon." -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "Impossible de créer le fichier temporaire d'en-tête %s." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "La taille des métadonnées LUKS2 est plus grande que la valeur de décalage des données." -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Impossible de placer le nouvel en-tête au début du périphérique %s." -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s est maintenant actif et prêt pour un chiffrement en ligne.\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "Le périphérique actif %s n'est pas LUKS2." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "Restauration de l'en-tête LUKS2 original." -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "Échec de la restauration de l'en-tête LUKS2 original." -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Le fichier d'en-tête %s n'existe pas. Voulez-vous initialiser le déchiffrement LUKS2 du périphérique %s et exporter l'en-tête LUKS2 dans le fichier %s ?" + +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "Échec de l'ajout des permissions lecture/écriture pour exporter le fichier d'en-tête." -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "L'initialisation du rechiffrement a échoué. La sauvegarde de l'en-tête est disponible dans %s." -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:873 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Le déchiffrement LUKS2 est uniquement supporté avec un périphérique à l'en-tête détaché (avec l'offset de données défini à 0)." -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "Pas assez d'emplacements de clés libres pour le rechiffrement." -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Le fichier de clé peut uniquement être utilisé avec --key-slot ou avec exactement un seul emplacement de clé actif." -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Entrez la phrase secrète pour l'emplacement de clé %d : " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Entrez la phrase secrète pour l'emplacement de clé %u : " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Basculement de l'algorithme de chiffrement de données vers %s.\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Aucun paramètre de segment de donnée changé. Rechiffrement abandonné." -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3358,7 +3449,7 @@ "L'augmentation de la taille du secteur de chiffrement n'est pas supportée sur un périphérique hors-ligne.\n" "Activez d'abord le périphérique ou utilisez l'option --force-offline-reencrypt (dangereux !)." -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3367,58 +3458,58 @@ "\n" "Rechiffrement interrompu." -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Redémarrage du rechiffrement LUKS en mode hors-ligne forcé.\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Le périphérique %s contient des métadonnées LUKS endommagées. L'opération est abandonnée." -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Le périphérique %s est déjà un périphérique LUKS. L'opération est abandonnée." -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Le périphérique %s est déjà en cours de rechiffrement LUKS. L'opération est abandonnée." -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "Le déchiffrement LUKS2 requiert l'option --header." -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "La commande exige un périphérique comme argument." -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Versions conflictuelles. Le périphérique %s est LUKS1." -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Versions conflictuelles. Le périphérique %s est en cours de rechiffrement LUKS1." -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Versions conflictuelle. Le périphérique %s est LUKS2" -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Versions conflictuelles. Le périphérique %s est en cours de rechiffrement LUKS2." -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Rechiffrement LUKS2 déjà initialisé. Abandon de l'opération." -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "Le rechiffrement du périphérique n'est pas en cours." @@ -3523,28 +3614,28 @@ msgid "Provided UUID is invalid." msgstr "Le UUID fourni est invalide." -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "Impossible d'ouvrir le journal de re-chiffrement." -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "Pas de déchiffrement en cours. Le UUID fourni ne peut être utilisé que pour reprendre un déchiffrement suspendu." -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Le re-chiffrement va changer : %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "clé de volume" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr "change hachage en " -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr ", change chiffrement en " @@ -3764,6 +3855,18 @@ msgid "Public key authentication error: " msgstr "Erreur durant l'authentification par clé publique : " +#~ msgid "WARNING: Data offset is outside of currently available data device.\n" +#~ msgstr "AVERTISSEMENT: L'offset des données est en dehors du périphérique de données actuellement disponible.\n" + +#~ msgid "Cannot get process priority." +#~ msgstr "Impossible d'obtenir la priorité du processus." + +#~ msgid "Cannot unlock memory." +#~ msgstr "Impossible de déverrouiller la mémoire." + +#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions." +#~ msgstr "Le répertoire de verrouillage %s/%s sera créé avec les permissions par défaut fournies durant la compilation." + #~ msgid "Failed to read BITLK signature from %s." #~ msgstr "Impossible de lire la signature BITLK depuis %s." @@ -4167,9 +4270,6 @@ #~ msgid "Sector size option is not supported for this command." #~ msgstr "L'option de taille de secteur n'est pas supportée pour cette commande." -#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions." -#~ msgstr "L'option --unbound peut uniquement être utilisée avec les actions luksAddKey et luksDump." - #~ msgid "Option --refresh may be used only with open action." #~ msgstr "L'option --refresh peut uniquement être utilisée avec l'action open." @@ -4350,9 +4450,6 @@ #~ msgid "Read new volume (master) key from file" #~ msgstr "Lire la nouvelle clé (maîtresse) du volume depuis un fichier" -#~ msgid "PBKDF2 iteration time for LUKS (in ms)" -#~ msgstr "Temps d'itération de PBKDF2 pour LUKS (en ms)" - #~ msgid "Use direct-io when accessing devices" #~ msgstr "Utiliser direct-io pour accéder aux périphériques" diff -Nru cryptsetup-2.5.0/po/ja.po cryptsetup-2.6.1/po/ja.po --- cryptsetup-2.5.0/po/ja.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/ja.po 2023-02-09 16:12:17.000000000 +0000 @@ -1,14 +1,14 @@ # Japanese messages for cryptsetup. # Copyright (C) 2019, 2020 Free Software Foundation, Inc. # This file is put in the public domain, to the extent permitted under applicable law. -# Hiroshi Takekawa , , 2019, 2020, 2021, 2022 +# Hiroshi Takekawa , , 2019, 2020, 2021, 2022, 2023 # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-07-15 13:37+0900\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-02 20:52+0900\n" "Last-Translator: Hiroshi Takekawa \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -17,67 +17,71 @@ "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "device-mapper を初期化できません、non-root で実行します。" -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "device-mapper を初期化できません。dm_mod モジュールはロードされてますか?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "指定された延期フラグはサポートされていません。" -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "デバイス %s の DM-UUID は短縮されています。" -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "不明な dm target タイプです。" -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "指定された dm-crypt パフォーマンスオプションはサポートされていません。" -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "指定された dm-verity のデータ破壊時の対応についてのオプションはサポートされていません。" -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "指定された dm-verity のタスクレットオプションはサポートされていません。" + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "指定された dm-verity の誤り訂正(FEC)オプションはサポートされていません。" -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "指定されたデータの無改ざん確認のオプションはサポートされていません。" -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "指定された sector_size オプションはサポートされていません。" -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "指定された改ざん確認タグの自動再計算はサポートされていません。" -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "Discard/TRIM はサポートしていません。" -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "要求された dm-integrity のビットマップモードはサポートされていません。" -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "dm-%s のクエリーに失敗しました。" -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -85,16 +89,16 @@ "ボリュームキーを生成するためのエントロピー(この文脈では乱数の乱れ度合)が足りません。\n" "マウスを動かしたり、他のウィンドウで文字を入力したりしてみてください。\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "キー生成中 (%d%% 完了)。\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "FIPS モードで実行中。" -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "RNG(乱数生成器)初期化中に重大なエラーが発生しました。" @@ -106,428 +110,438 @@ msgid "Error reading from RNG." msgstr "RNG(乱数生成器)から読み込み中にエラー。" -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "暗号向けRNG(乱数生成器)バックエンドの初期化ができません。" -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "暗号バックエンドの初期化ができません。" -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "ハッシュアルゴリズム %s がサポートされていません。" -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "鍵の処理でエラー (ハッシュ %s を使用)。" -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "デバイスタイプがわかりません。互換性のないデバイスのアクティベーションをしようとしていませんか?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "この操作は LUKS デバイスでしかサポートされていません。" -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "この操作は LUKS2 デバイスでしかサポートされていません。" -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "キースロットがいっぱいです。" -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "キースロット %d は不正です。0 から %d の間を選んでください。" -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "キースロット %d は使われています。別の番号を選んでください。" -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "デバイスサイズが論理ブロックサイズのアライメントに合いません。" -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "ヘッダが検出されましたがデバイス %s が小さすぎます。" -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "この操作はこのデバイスタイプではサポートされていません。" -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "オフラインでの再暗号化中です。中止します。" -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "メモリ上の LUKS2 メタデータのロールバックに失敗しました。" + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "デバイス %s は有効な LUKS デバイスではありません。" -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "LUKS バージョン %d はサポートされていません。" -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "デバイス %s はアクティブではありません。" -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "暗号化されたデバイス %s の元になるデバイスが消滅しました。" -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "不正な plain crypt のパラメータ。" -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "不正なキーサイズ。" -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "UUID はこの暗号タイプではサポートされていません。" -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "分離したメタデータデバイスはこの暗号タイプではサポートされていません。" -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "サポートされていない暗号化セクタサイズです。" -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "デバイスサイズが要求されたセクタサイズのアライメントに合いません。" -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "デバイスなしには LUKS 形式にフォーマットできません。" -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "要求されたデータアライメントとデータオフセットが合いません。" -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "警告: データオフセットが現在利用可能なデータの外にあります。\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 #, c-format msgid "Cannot wipe header on device %s." msgstr "デバイス %s のヘッダを消し去れません。" -#: lib/setup.c:1774 +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "デバイス %s はアクティベートするのに小さすぎます。データ用のスペースがありません。\n" + +#: lib/setup.c:1840 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "警告: デバイスアクティベーションが失敗しました。dm-crypt が要求された暗号セクタサイズをサポートしていません。\n" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "ボリュームキーは改ざん耐性拡張のため暗号には鍵長が小さすぎます。" -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "暗号 %s-%s (キーサイズ %zd ビット) は利用できません。" -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "警告: LUKS2 メタデータサイズが % バイトに変更されました。\n" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "警告: LUKS2 キースロット領域サイズが % バイトに変更されました。\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "デバイス %s のサイズが小さすぎます。" -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "デバイス %s は使用中のためフォーマットできません。" -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "デバイス %s は権限がないためフォーマットできません。" -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "デバイス %s を改ざん耐性がつくようフォーマットできません。" -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "デバイス %s をフォーマットできません。" -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "LOOPAES としてフォーマットするにはデバイスが必要です。" -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "VERITY としてフォーマットするにはデバイスが必要です。" -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "VERITY ハッシュタイプ %d はサポートしていません。" -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "サポートしていない VERITY ブロックサイズです。" -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "サポートしていない VERITY ハッシュオフセットです。" -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "サポートしていない VERITY FEC オフセットです。" -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "データ領域がハッシュ領域と重なっています。" -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "ハッシュ領域が FEC 領域と重なっています。" -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "データ領域が FEC 領域と重なっています。" -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "警告: 指定されたタグのサイズ %d バイトが %s の出力サイズと異なります (%d バイト)。\n" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "不明な暗号デバイスタイプ %s が指定されました。" -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "デバイス %s のパラメータはサポートしていません。" -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "デバイス %s のパラメータがミスマッチしています。" -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "Crypt デバイスが一致しません。" -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "デバイス %s のリロードに失敗しました。" -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "デバイス %s のサスペンドに失敗しました。" -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "デバイス %s のリジュームに失敗しました。" -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "デバイス %s のリロード中に致命的なエラー(デバイス %s の上で)。" -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "デバイス %s を dm-error にスイッチできません。" -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "ループデバイスはリサイズできません。" -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "警告: 最大サイズが既に設定済かカーネルがリサイズをサポートしていません。\n" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "リサイズに失敗しました。カーネルがサポートしていません。" -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "デバイスの UUID を本当に変更してもいいですか?" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "ヘッダのバックアップファイルの中味が LUKS ヘッダと互換性がありません。" -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "ボリューム %s はアクティブではありません。" -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "ボリューム %s は既に停止されています。" -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "デバイス %s の停止はサポートされていません。" -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "デバイス %s 停止中にエラー。" -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "デバイス %s は再開をサポートしていません。" -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "デバイス %s の再開中にエラー。" -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "ボリューム %s は停止されていません。" -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "ボリュームキーがボリュームに合いません。" -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "キースロットを追加できません。全てのスロットが無効でボリュームキーが渡されませんでした。" - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "新しいキースロットを交換できませんでした。" -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "キースロット %d は不正です。" -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "キースロット %d は非アクティブです。" -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "デバイスヘッダがデータ領域に重なっています。" -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "既に再暗号化中です。デバイスをアクティベートできません。" -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "再暗号化ロックを取得できません。" -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "LUKS2 の再暗号化は既に初期化されました。" -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "デバイスタイプが正しく初期化されていません。" -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "デバイス %s は既に存在します。" -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "デバイス %s を使えません。名前が不正か使用中です。" -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "正しくないボリュームキーがプレーンデバイスに指定されました。" -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "正しくないルートハッシュが verity デバイスに指定されました。" -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "ルートハッシュ署名が必要です。" -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "署名をカーネルに渡すのに必要なカーネルキーリングをカーネルがサポートしていません。" -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "キーをカーネルキーリングにロードできません。" -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "デバイス %s からの遅延削除をキャンセルできませんでした。" -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "デバイス %s は使用中です。" -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "デバイス %s は不正です。" -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "ボリュームキーのバッファが小さすぎます。" -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "LUKS2 デバイス向けのボリュームキーが取得できません。" + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "LUKS1 デバイス向けのボリュームキーが取得できません。" + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "プレーンデバイス向けのボリュームキーが取得できません。" @@ -535,147 +549,151 @@ msgid "Cannot retrieve root hash for verity device." msgstr "verity デバイスのルートハッシュが読み出せません。" -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "BITLK デバイス向けのボリュームキーが取得できません。" + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "FVAULT2 デバイス向けのボリュームキーが取得できません。" + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "この操作は %s 暗号化デバイスではサポートされていません。" -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "このデバイスタイプはダンプ操作をサポートしていません。" -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "データオフセットが %u バイトの倍数である必要があります。" -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "使用中のデバイス %s を変換できません。" -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "新しいボリュームキー向けのキースロット %u を確保できません。" -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "デフォルト LUKS2 キースロットパラメータを初期化できません。" -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "ダイジェストするためのキースロット %d が確保できません。" -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "キースロットを追加できません。全てのスロットが無効でボリュームキーが渡されませんでした。" + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "カーネルがカーネルキーリングをサポートしていません。" -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "キーリングからパスフレーズが読み出せません (エラー %d)。" -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "グローバル memory-hard アクセス直列化ロックが取れません。" -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "プロセス優先度を取得できません。" - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "メモリをアンロックできません。" - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "キーファイルがオープンできません。" -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "ターミナルからキーファイルを読みこめません。" -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "キーファイルを stat() できません。" -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "指定されたキーファイルオフセットにシークできません。" -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "パスフレーズ読み込み中にメモリが不足しました。" -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "パスフレーズの読み込みでエラー。" -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "読もうとしたら入力が空です。" -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "キーファイルが最大サイズを超えています。" -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "指定されたサイズのデータを読み込めません。" -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "デバイス %s は存在しないかアクセスが拒否されました。" -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "デバイス %s は互換性がありません。" -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "データデバイスのおかしな(bogus) optimal-io サイズ (%u バイト) は無視します。" -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "デバイス %s が小さすぎます。少なくとも % バイト必要です。" -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "デバイス %s は使用中で使えません (既にマップされているかマウントされています)。" -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "デバイス %s が使えません、拒否されました。" -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "デバイス %s についての情報が取得できません。" -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "ループバックデバイスが使えません、非 root ユーザで実行していませんか。" -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "ループデバイスのアタッチできません (autoclear 付きのループデバイスが必要です)。" -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "指定されたオフセットはデバイス %s の実際のサイズを超えています。" -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "デバイス %s のサイズが 0 です。" @@ -729,30 +747,25 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "FIPS モードでは PBKDF2 しかサポートしていません。" -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "PBKDF ベンチマークが無効ですが繰り返し回数が設定されていません。" -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "PBKDF2 と互換性のないオプションです (ハッシュアルゴリズム %s)。" -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "互換性のない PBKDF オプションです。" -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "ロックを中止します。ロックに使うパス %s/%s が使用できません (ディレクトリでないか存在していません)。" -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "ロックディレクトリ %s/%s がコンパイル時に指定されたパーミッションで作成されます。" - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "ロックを中止します。ロックに使うパス %s/%s が使用できません (%s はディレクトリではありません)。" @@ -784,9 +797,9 @@ msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "暗号の指定は [暗号]-[モード]-[初期ベクタ] という形式であるべきです。" -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "デバイス %s に書き込めません。パーミッションがありません。" @@ -799,23 +812,24 @@ msgid "Failed to access temporary keystore device." msgstr "一時的なキーストアデバイスにアクセスできません。" -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "キースロットを暗号化中にI/Oエラーが発生しました。" -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "デバイス %s を開けません。" -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "キースロットを復号化中にI/Oエラーが発生しました。" @@ -831,54 +845,54 @@ msgid "LUKS keyslot %u is invalid." msgstr "LUKS キースロット %u は不正です。" -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "要求されたヘッダバックアップファイル %s は既に存在しています。" -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "ヘッダバックアップファイル %s が作成できません。" -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "ヘッダバックアップファイル %s に書き込めません。" -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "バックアップファイルが有効な LUKS ヘッダを含んでいません。" -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "ヘッダバックアップファイル %s をオープンできません。" -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "ヘッダバックアップファイル %s を読めません。" -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "データオフセットかキーサイズがデバイスとバックアップで異なるのでリストアできません。" -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "デバイス %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "LUKS ヘッダが含まれていません。ヘッダを置き換えるとデバイスのデータを破壊する恐れがあります。" -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "LUKS ヘッダを既に含んでいます。ヘッダを置き換えると既にあるキースロットを破壊します。" -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -886,126 +900,130 @@ "\n" "警告: 実デバイスのヘッダはバックアップとUUIDが異なります!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "標準的でないキーサイズなので、手動の修復が必要です。" -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "標準的でないキースロットアライメントなので、手動の修復が必要です。" -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "暗号モードを修復しました (%s -> %s)。" -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "暗号ハッシュを小文字に修復しました (%s)。" -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "要求された LUKS ハッシュ %s はサポートしていません。" -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "キースロットを修復中です。" -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "キースロット %i: オフセットを修復 (%u -> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "キースロット %i: のストライプを修復 (%u -> %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "キースロット %i: パーティションの印(signature)がおかしいです。" -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "キースロット %i: ソルトを消しました。" -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "LUKS ヘッダを書きこんでいます。" -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "修復に失敗しました。" -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "LUKS 暗号モード %s は不正です。" -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "LUKS ハッシュ %s は不正です。" -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "LUKS ヘッダに既知の不具合は検出されませんでした。" -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "デバイス %s の LUKS ヘッダを更新中にエラーが発生しました。" -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "デバイス %s の LUKS ヘッダを更新後の再読み込み中にエラーが発生しました。" -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "LUKS ヘッダのデータへのオフセットは 0 かヘッダサイズより大きくなければいけません。" -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "LUKS UUID の形式が間違っています。" -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "LUKS ヘッダを作成できません: ランダムなソルトを読み込めません。" -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "LUKS ヘッダを作成できません: ヘッダのハッシュが求められません (ハッシュには %s を使用)。" -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "キースロット %d が使用中なので、パージしてください。" -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "キースロット %d のストライプが少なすぎます。ヘッダを細工でもしましたか?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "PBKDF2 イテレーション回数がオーバーフローしました。" + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "キースロットをオープンできません (ハッシュ %s を使用)。" -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "キースロット %d は不正です。0 から %d の間を選んでください。" -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "デバイス %s をワイプできません。" @@ -1026,177 +1044,187 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "カーネルが loop-AES 互換マッピングをサポートしていません。" -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "キーファイル %s を読み込み中にエラー。" -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "TCRYPT パスフレーズの最大長 (%zu) を超えました。" -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "PBKDF2 ハッシュアルゴリズム %s が利用できないのでスキップします。" -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "必要なカーネル crypto インターフェースが使用できません。" -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "algif_skcipher カーネルモジュールをロードしてください。" -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "アクティベーションは %d セクタサイズではサポートしていません。" -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "カーネルが TCRYPT レガシーモードのアクティベーションをサポートしていません。" -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "TCRYPT システム暗号をパーティション %s に対してアクティベーションしました。" -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "カーネルが TCRYPT 互換のマッピングをサポートしていません。" -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "この機能は TCRYPT ヘッダの読み込みなしではサポートしません。" -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "ボリュームマスターキーを解釈中に予期しないメタデータエントリタイプ '%u' が見つかりました。" -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "ボリュームマスターキーを解釈中に不正な文字列が見つかりました。" -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "ボリュームマスターキーを解釈中に予期しない文字列 ('%s') が見つかりました。" -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "ボリュームマスターキーを解釈中に予期しないメタデータエントリー値 '%u' が見つかりました。" -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "BITLK version 1 はサポートされていません。" -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "BITLK デバイスのブートシグネチャが不正また不明です。" -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %." msgstr "サポートされていないセクタサイズ % です。" -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "%s から BITLK ヘッダを読み出すのに失敗しました。" -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "%s から BITLK FVE メタデータを読み込めませんでした。" -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "不明かサポートされていない暗号化タイプです。" -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "%s から BITLK メタデータエントリを読み込めませんでした。" -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "BITLKボリュームの description を変換できません。" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "外部キーを解釈中に予期しないメタデータエントリタイプ '%u' が見つかりました。" -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "BEK ファイル GUID '%s' がボリュームの GUID と一致しません。" -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "外部キーを解釈中に予期しないメタデータエントリー値 '%u' が見つかりました。" -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %" msgstr "サポートされていない BEK メタデータバージョン % です。" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "予期しない BEK メタデータサイズ % は BEK ファイルサイズと合いません" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "スタートアップキーを解釈中に予期しないメタデータエントリが見つかりました。" -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "この操作はサポートされていません。" -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "予期しないキーデータサイズです。" -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "この BITLK デバイスはサポートされてない状態にあるためアクティベートできません。" -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "タイプ '%s' の BITLK デバイスはアクティベートできません。" -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "部分的に復号された BITLK デバイスのアクティベーションはサポートされていません。" -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "WARNING: BitLocker volume size % does not match the underlying device size %" msgstr "警告: BitLocker ボリュームサイズ % がデバイスサイズ % と一致しません" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "カーネルの dm-crypt が BITLK IV をサポートしていないためデバイスをアクティベートできません。" -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "カーネルの dm-crypt が BITLK Elephant diffuser をサポートしていないためデバイスをアクティベートできません。" -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "カーネルの dm-crypt がラージセクタサイズをサポートしていないためデバイスをアクティベートできません。" -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "カーネルの dm-zero モジュールがないためデバイスをアクティベートできません。" +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "ボリュームヘッダの %u バイトを読みこめませんでした。" + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "FVAULT2 のバージョン % はサポートされていません。" + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1348,17 +1376,17 @@ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "カーネルが安全でない再計算オプションを拒否しました (レガジーアクティベーションオプションでオーバーライドできます)。" -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "デバイス %s の書き込みのためのロックを取得できませんでした。" -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "LUKS2 メタデータの更新の並列実行をしそうになりました。実行を中止します。" -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1366,49 +1394,49 @@ "デバイスのシグネチャが曖昧なので、LUKS2 の自動修復ができません。.\n" "修復するには \"cryptsetup repair\" を実行してください。" -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "要求されたデータオフセットが小さすぎます。" -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "警告: キースロット領域 (% バイト) がとても小さいため、利用可能な LUKS2 キースロット数が制限されます。\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "デバイス %s の読み込みのためのロックを取得できませんでした。" -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "禁止された LUKS2 要求がバックアップ %s に検出されました。" -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "データオフセットがデバイスとバックアップと異なるため修復できません。" -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "キースロット領域のあるバイナリヘッダのサイズがデバイスとバックアップで異なるため修復できません。" -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "デバイス %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "LUKS2 ヘッダが含まれていません。ヘッダを置き換えるとデータを破壊しかねません。" -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "既に LUKS2 ヘッダがあります。ヘッダを置き換えると既にあるキースロットを破壊します。" -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1418,7 +1446,7 @@ "警告: 不明な LUKS2 への要求がリアルデバイスヘッダにあります!\n" "ヘッダをバックアップで置き換えるとデータを破壊する恐れがあります!" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1428,50 +1456,50 @@ "警告: オフラインの再暗号化が終了していません!\n" "ヘッダを置き換えるとデータを破壊しかねません。" -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "不明なフラグ %s を無視しました。" -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "dm-crypt セグメント %u にキーがありません" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "dm-crypt セグメントの設定に失敗しました。" -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "dm-linear セグメントの設定に失敗しました。" -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "サポートしていないデバイス整合性設定です。" -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "再暗号化が実行中なのでデバイスのデアクティベートできません。. Cannot deactivate device." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "サスペンドされたデバイス %s を dm-error ターゲットで置き換えられません。" -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "LUKS2 の必要条件を読み込めませんでした。" -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "満たせない LUKS2 の必要条件があります。" -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "操作がレガシー再暗号化とマークされたデバイスと互換性がありません。中止します。" -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "操作が LUKS2 再暗号化とマークされたデバイスと互換性がありません。中止します。" @@ -1483,20 +1511,21 @@ msgid "Keyslot open failed." msgstr "キースロットのオープンに失敗しました。" -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "キースロットの暗号化に %s- %s 暗号は使えません。" -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "新しいキースロット用の領域がありません。" - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "ハッシュアルゴリズム %s が利用できません。" +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "新しいキースロット用の領域がありません。" + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "不正な再暗号化耐性モード変更を要求されました。" @@ -1519,7 +1548,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "LUKSMETA メタデータ付きのヘッダは変換できません。" -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "暗号スペック %s-%s は LUKS2 に使えません。" @@ -1577,240 +1606,244 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "LUKS1 形式に変換できません - キースロット %u が LUKS1 と互換ではありません。" -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "ホットゾーンサイズは計算されたゾーンアライメントの倍数である必要がありす (%zu バイト)." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "デバイスサイズが計算ゾーンアライメント (%zu バイト) に合っていません。" -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "古いセグメントのストレージラッパの初期化に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "新しいセグメントのストレージラッパの初期化に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "ホットゾーン保護の初期化に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "現在のホットゾーンのチェックサムを読み込めません。" -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "% から始めるホットゾーンエリアを読み込めません。" -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "セクタ %zu を復号できません。" -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "セクタ %zu を復元できません。" -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "ソースとターゲットデバイスのサイズが一致しません。ソース %, ターゲット: %." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "ホットゾーンデバイス %s がアクティベートできません。" -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "実際の origin table があるオーバーレイデバイス %s をアクティベートできません。" -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "デバイス %s の新しいマッピングをロードできません。" -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "再暗号化デバイススタックのリフレッシュに失敗しました。" -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "新しいキースロットエリアサイズを設定できません。" -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "データシフト値が要求された暗号化セクタサイズにアラインされていません(% バイト)。" -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "耐性(resilience)モード %s はサポートしていません" -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "移動されるセグメントサイズはデータシフト値より大きくできません。" -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "不正な再暗号化耐性パラメータを要求されました。" + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %, available space for: %." msgstr "移動されるセグメントが大きすぎます。要求されているサイズは % ですが、使えるサイズは % です。" -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "テーブルをクリアできません。" -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "小さくしたデータサイズが実際のデバイスサイズより大きいです。" -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "データデバイスが暗号化セクタサイズにアラインされていません(% バイト)." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "データシフト (% セクタ) が今後のデータオフセットより少ないです (% セクタ)。" -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "デバイス %s を排他モードでオープンでません (既にマップされているかマウントされています)。" -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "デバイスは LUKS2 再暗号化向けにマークされていません。" -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "LUKS2 再暗号化コンテキストをロードできません。" -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "再暗号化状態を取得できません。" -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "デバイス %s は再暗号化中ではありません。" -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "既に再暗号化中です。" -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "再暗号化ロックを取得できません。" -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "再暗号化を開始できません。再暗号化のリカバリを先にしてください。" -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "実際のデバイスサイズと要求された再暗号化サイズが一致しません。" -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "再暗号化のパラメータとして不正なデバイスサイズが要求されました。" -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "既に再暗号化中です。復元を実行できません。" -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "メタデータの LUKS2 の再暗号化は既に初期化されました。" -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "メタデータの LUKS2 再暗号化に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "デバイスセグメントの次の再暗号化ホットゾーンの設定に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "再暗号化した耐性用メタデータを書き込めません。" -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "復号に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "% から始まるホットゾーンエリアに書き込めません。" -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "データを sync できません。" -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "現在のホットゾーンの再暗号化完了後にメタデータが更新できません。" -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "LUKS2 メタデータが書き込めません。" -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "未使用データデバイス領域を消せません。" -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "未使用のキースロット %d を削除できませんでした。" -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "再暗号化キースロットが削除できません。" -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "% から % セクタのチャンクの再暗号化中に致命的なエラー。" -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "オンライン再暗号化に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "手動でエラーターゲットに置き換えた場合以外はデバイスのレジュームをしないでください。" -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "再暗号化を開始できません。予期しない再暗号化状態です。" -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "ないか不正な再暗号化コンテキストです。" -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "再暗号化デバイススタックの初期化に失敗しました。" -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "再暗号化コンテキストが更新できません。" -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "再暗号化メタデータが不正です。" @@ -1818,18 +1851,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "キースロットの暗号化パラメータは LUKS2 デバイスでしか設定できません。" -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "トークンPINを入力してください:" +msgid "Enter token PIN: " +msgstr "トークンPINを入力してください: " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "トークン %d PINを入力してください:" +msgid "Enter token %d PIN: " +msgstr "トークン %d PINを入力してください: " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "未知の暗号スペックです。" @@ -1847,10 +1880,10 @@ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "%s にデバイス署名が検出されました。既にあるデータを破壊しかねません。" -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "中止されました。\n" @@ -1897,7 +1930,7 @@ "暗号化されたパーティションにパスフレーズなしでアクセス可能にます。\n" "このダンプは暗号化された安全な所に保存してください。" -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1907,68 +1940,77 @@ "暗号化されたパーティションにパスフレーズなしでアクセス可能になります。\n" "このダンプは暗号化された安全な所に保存してください。" -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "デバイス %s は有効な FVAULT2 デバイスではありません。" + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "FVAULT2 のボリュームキーサイズが決定できないので、--key-size を使ってください。" + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "デバイス %s はまたアクティブで後から削除される予定になっています。.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "アクティブなデバイスをリサイズするにはボリュームキーがキーリングに必要ですが、--disable-keyring が指定されています。" -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "ベンチマークが中止されました。" -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s 計測値なし\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u 回/秒 (%zu ビットの鍵)\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s 計測値なし\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u 回, %5u KB使用, %1u スレッド (%zu のビットの鍵) (%u ms 計測)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "ベンチマークの結果は信頼できません。" -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# テストはストレージI/Oがなくメモリ上のもののため目安です。\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorithm | キー | 暗号化 | 復号化\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "暗号 %s (キーサイズ %i ビット) は利用できません。" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorithm | キー | 暗号化 | 復号化\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "計測値なし" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -1976,27 +2018,27 @@ "保護されていない LUKS2 再暗号化メタデータが検出されました。再暗号化操作が望ましいものか確認してください。(luksDump の出力を見てください)\n" "そのうえで、この操作が問題ないと確認できたら継続(メタデータのアップグレード)してください。" -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "再暗号化メタデータの保護とアップグレードのためのパスフレーズを入力してください: " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "本当に LUKS2 再暗号化リカバリを行いますか?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "再暗号化メタデータダイジェストを検証するためのパスフレーズを入力してください: " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "再暗号化のリカバリのためのパスフレーズを入力してください: " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "本当に LUKS デバイスヘッダの復元を試みていいですか?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2004,7 +2046,7 @@ "\n" "ワイプが中断されました。" -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2012,119 +2054,128 @@ "整合性チェックサムの初期化のためにデバイスのデータを消去しています。\n" "CTRL+c で中止できます (初期化されなかったデバイスのチェックサムは正しくなくなります)。\n" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "一時的デバイス %s を非アクティブにできません。" -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "整合性オプションは LUKS2 形式でしか使えません。" -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "サポートされていない LUKS2 メタデータのサイズオプションです。" -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "ヘッダファイルがありません。作成しますか?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "ヘッダファイル %s を作成できません。" -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "サポートしている整合性確認方式が検出されませんでした。" -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "%s を on-disk ヘッダとして使えません。" -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "%s のデータを上書きします。戻せません。" -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "pbkdf パラメータを設定できません。" -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "分離された LUKS ヘッダでのみ少ないデータオフセットが使えます。" -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "LUKS ファイルコンテナ %s がアクティベートするには小さすぎます。データ用の領域に空きがありません。" + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "キースロットのない LUKS のボリュームキーサイズが決定できないので、--key-size を使ってください。" -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "デバイスはアクティベートされましたが、フラグを恒常的なものにできません。" -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "キースロット %d は削除対象として選択されました。" -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "これは最後のキースロットです。このキーがなくなるとデバイスは使用不能になります。" -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "残っているパスフレーズを入力してください: " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "操作は中止されました。キースロットは消去されていません。\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "削除するキーのパスフレーズを入力してください: " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "デバイス %s は有効な LUKS2 デバイスではありません。" -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "キースロットの新しいパスフレーズを入力してください: " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "警告: --key-slot パラメータは新しいキースロット番号に使われます。\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "有効なパスフレーズをどれか入力してください: " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "変更するキーのパスフレーズを入力してください: " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "新しいキーのパスフレーズを入力してください: " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "変換されるキースロットのパスフレーズを入力してください: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "isLuks は一つのデバイス引数しかサポートしていません。" -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "キースロット %d は unbound キーを含んでいません。" -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2132,40 +2183,40 @@ "unbound キーを使ったヘッダダンプは取り扱いに注意すべき情報です。\n" "このダンプは暗号化された安全な所に保存してください。" -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "%s はアクティブな %s デバイスではありません。" -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s はアクティブな LUKS デバイス名ではないか、ヘッダがありません。" -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "オプション --header-backup-file が必要です。" -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s は cryptsetup で管理されているデバイスではありません。" -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "リフレッシュはデバイスタイプ %s ではサポートされていません。" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "%s は認識できないメタデータデータタイプです。" -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "コマンドはデバイスとマップされた名前を引数として必要とします。" -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2174,325 +2225,351 @@ "この処理はデバイス %s の全てのキースロットを消去します。\n" "デバイスのデータは使用できなくなります。" -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "処理は中止されました。キースロットは消去されません。\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "不正な LUKS タイプです。luks1 と luks2 しかサポートしていません。" -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "デバイスは既にタイプ %s です。" -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "この処理は %s から %s フォーマットに変換します。\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "処理は中止されました。デバイスは変換されませんでした。\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "オプション --priority, --label か --subsystem がありません。" -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "トークン %d は不正です。" -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "トークン %d は使用中です。" -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "luks2-キーリングトークン %d を追加できませんでした。" -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "トークン %d をキースロット %d に割りあてられませんでした。" -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "トークン %d は使われていません。" -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "ファイルからトークンをインポートできません。" -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "トークン %d をエクスポートのために取得できませんでした。" -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "トークン %d をキースロット %d に割りあてられませんでした。" + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "トークン %d をキースロット %d の割り当てから解除できませんでした。" + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "--tcrypt-hidden と --tcrypt-system と --tcrypt-backup は TCRYPT デバイスしか使えません。" -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "--veracrypt や --disable-veracrypt は TCRYPT デバイスでしか使えません。" -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "--veracrypt-pim は VeraCrypt 互換デバイスにしか使えません。" -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "--veracrypt-query-pim は VeraCrypt 互換デバイスにしか使えません。" -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "--veracrypt-pim と --veracrypt-query-pim はどちらかしか使えません。" -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "--persistent は --test-passphrase と一緒には使えません。" -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "--refresh と --test-passphrase は同時には使えません。" -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "--shared は plain デバイスの open にしか使えません。" -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "--skip は plain か loopaes デバイスの open にしか使えません。" -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "--offset は plain か loopaes デバイスの open にしか使えません。" -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "--tcrypt-hidden は --allow-discards と一緒に使えません。" -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "オープン時のセクタサイズオプションは plain デバイスでしかサポートされていません。" -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "大きな IV セクタオプションは plain タイプでセクタサイズが 512 バイトより大きいものをオープンする時しかサポートしていません。" -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "--test-passphrase は LUKS か TCRYPT か BITLK デバイスの open にしか使えません。." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "--test-passphrase は LUKS か TCRYPT か BITLK か FVAULT2 デバイスの open にしか使えません。." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "--device-size と --size は一緒に使えません。" -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "オプション --unbound は luks デバイスの open にしか使えません。" -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "オプション --unbound は --test-passphrase がないと使えません。" -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "オプション --cancel-deferred と --deferred は同時に使えません。" -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "オプション --reduce-device-size と --data-size は一緒に使えません。" -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "オプション --active-nameは LUKS2 デバイスでしか設定できません。" -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "オプション --active-name と --force-offline-reencrypt は一緒に使えません。" -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "キースロットの指定が必要です。" -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "--align-payload と --offset は一緒に使えません。" -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "--integrity-no-wipe は format で integrity extension 付きの時しか使えません。" -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "--use-[u]random は一つしか使えません。" -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "--unbound にはキーサイズが必要です。" -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "不正なトークンアクションです。" -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "--key-description はトークン追加には必須です。" -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "トークンを必要としています。--token-id を使用してください。" -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "オプション --unbound はトークンの追加にしか使えません。" + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "--key-slot と --unbound は一緒に使えません。" + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "特定のキースロットを必要としています。--key-slot を使用してください。" + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr "<デバイス> [--type <タイプ>] [<名前>]" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "デバイスを <名前> としてオープン" -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "<名前>" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "デバイスをクローズします (マッピングを削除します)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "アクティブデバイスをリサイズ" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "デバイスステータスを表示" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "[--cipher <暗号>]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "暗号ベンチマーク" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "<デバイス>" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "on-disk メタデータを修復しようとしています" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "LUKS2 デバイスを再暗号化" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "全てのキースロットを消去します (暗号鍵も削除します)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "LUKS2 から LUKS もしくは LUKS から LUKS2 形式に変換します" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "LUKS2 の permanent configuration オプションを設定します" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr "<デバイス> [<新しいキーファイル>]" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "LUKS デバイスをフォーマットします" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "LUKS デバイスにキーを追加します" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr "<デバイス> [<キーファイル>]" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "与えられたキーかキーファイルを LUKS デバイスから削除します。" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "与えられた LUKS デバイスのキーかキーファイルを変更します" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "キーを新しい pbkdf パラメータに変換します" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr "<デバイス> <キースロット>" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "<キースロット>のキーを LUKS デバイスから削除します" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "LUKS デバイスの UUID を表示" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "<デバイス> の LUKS パーティションヘッダをテストします" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "LUKS パーティション情報をダンプします" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "TCRYPT デバイス情報をダンプします" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "BITLK デバイス情報をダンプします" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "FVAULT2 デバイス情報をダンプします" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "LUKS デバイスを停止してキーを削除します (全てのI/Oは停止します)" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "停止していた LUKS デバイスを再開します" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "LUKS デバイスヘッダとキースロットをバックアップします" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "LUKS デバイスヘッダとキースロットをリストアします" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr " <デバイス>" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "LUKS2 トークンを操作します" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2500,19 +2577,19 @@ "\n" " は以下のうちの一つです:\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "古い <アクション> という形式も使えます:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2527,7 +2604,7 @@ "<キースロット> は変更する LUKS キースロット番号\n" "<キーファイル> は luskAddKey でオプションで与えられる新しいキーのキーファイル\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2536,7 +2613,7 @@ "\n" "デフォルトのコンパイル時に決められたメタデータ形式は %s です(luksFormat で使われます)。\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2545,20 +2622,20 @@ "\n" "LUKS2 外部トークンプラグインサポート: %s\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "本体に内蔵" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "LUKS2 外部トークンプラグインパス: %s.\n" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "利用不可" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2575,7 +2652,7 @@ "デフォルト LUKS2 向け PBKDF: %s\n" "\t繰り返す時間: %d, 使うメモリ: %dkB, 並列スレッド: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2590,96 +2667,96 @@ "\tplain: %s, キー: %d ビット, パスワードハッシュ: %s\n" "\tLUKS: %s, キー: %d ビット, LUKS ヘッダハッシュ: %s, 乱数生成: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: XTS モードのデフォルトキーサイズは (2つの内部キーがあるため) 倍になります。\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: は %s を引数で与える必要があります" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "キースロットは不正です。" -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "デバイスサイズは 512 バイトセクタの倍数である必要があります。" -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "再暗号化ホットゾーン最大サイズの指定が不正です。" -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "キーサイズは 8bit の倍数でなければなりません" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "デバイスを減らせる最大値は 1 GiB です。" -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "減らすサイズは 512 バイトセクタの倍数である必要があります。" -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "--priority の引数は ignore/normal/prefer のいずれかのみです。" -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "このヘルプを表示します" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "コンパクトな使用法表示をします" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "パッケージのバージョンを表示" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "ヘルプオプション:" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[オプション...] <アクション> <アクション特有>" -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "<アクション> がありません。" -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "未知のアクションです。" -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "--key-file は他で指定されたキーファイルを上書きします。" -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "--key-file は一つしか使えません。" -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "パスワードからキーを作る関数 (PBKDF) は pbkdf2 argon2i argon2id のいずれかのみです。" -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "PBKDF の繰り返し回数の強制と繰り返し時間指定オプションは共存できません。" -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "--keyslot-cipher と --keyslot-key-size は同時に使う必要があります。" -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "--test-args オプションつきだったため、何もしません。\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "メタデータロックを禁止できません。" @@ -2707,72 +2784,72 @@ msgid "Cannot write to root hash file %s." msgstr "ルートハッシュファイル %s に書き込めません。" -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "デバイス %s が有効な VERITY デバイスではありません。" -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "ルートハッシュファイル %s を読み込めません。" -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "不正なルートハッシュファイル %s です。" -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "不正なルートハッシュ文字列が指定されました。" -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "署名ファイル %s が不正です。" -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "署名ファイル %s を読み込めませんでした。" -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "コマンドは か --root-hash-file オプションを引数として必要とします。" -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr "<データデバイス> <ハッシュデバイス>" -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "デバイスをフォーマット" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr "<データデバイス> <ハッシュデバイス> [<ルートハッシュ>]" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "デバイスを検証" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr "<データデバイス> <名前> <ハッシュデバイス> [<ルートハッシュ>]" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "アクティブデバイスのステータスを表示" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "<ハッシュデバイス>" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "ディスク上の情報を表示" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2787,7 +2864,7 @@ "<ハッシュデバイス> は検証用データが入るデバイス\n" "<ルートハッシュ> は <ハッシュデバイス> のルートノードのハッシュ\n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2798,11 +2875,11 @@ "コンパイル時に決めた dm-verity のデフォルトパラメータ:\n" "\tハッシュ: %s, データブロック (バイト): %u, ハッシュブロック (バイト): %u, ソルトサイズ: %u, ハッシュフォーマット: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "--ignore-corruption と --restart-on-corruption は同時に使えません。" -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "--panic-on-corruption と --restart-on-corruption は同時に使えません。" @@ -3087,7 +3164,7 @@ msgid "Finished, time %s, %s, %s\n" msgstr "終了。所要時間 %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "パスワードの質を確認できません: %s" @@ -3101,42 +3178,42 @@ "パスワードの質の確認に失敗:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "パスワードの質が確認できません: 質の悪いパスフレーズ (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "端末からパスフレーズを読み込めません。" -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "同じパスフレーズを入力してください: " -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "パスフレーズが一致しません。" -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "端末からの入力でオフセットは使用できません。" -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "パスフレーズを入力してください: " -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "%s のパスフレーズを入力してください: " -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "このパスフレーズで使用可能なキーはありません。" -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "使用可能なキースロットがありません。" @@ -3210,41 +3287,50 @@ "アクティベートされていたらデータが破壊されるかもしれません。\n" "再暗号化をオンラインで行う場合は --active-name を代わりに使ってください。\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"デバイス %s はブロックデバイスではありません。アクティブであろうとなかろうと自動検出できません。\n" +"このチェックをバイパスしてオフラインモードで動作するには --force-offline-reencrypt を使ってください。(ただし危険です!)。" + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "要求された --resilience オプションは現在の再暗号化処理に適用できません。" + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "デバイスは LUKS2 暗号化状態にありません。オプション --encrypt と競合します。" -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "デバイスは LUKS2 復号状態にありません。オプション --decrypt と競合します。" -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "デバイスはデータシフト耐性を使った再暗号化状態にあります。--resilience オプションは適用できません。" -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "要求された --resilience オプションは現在の再暗号化処理に適用できません。" - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "デバイスは再暗号化リカバリが必要です。先に修復してください。" -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "デバイス %s は既に LUKS2 再暗号化状態にあります。以前に初期化された処理に復帰しますか?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "古い LUKS2 再暗号化はサポートされなくなりました。" -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "整合性プロファイルつきのデバイスの再暗号化はサポートされていません。" -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size % is incompatible with %s superblock\n" @@ -3253,98 +3339,103 @@ "要求された --sector-size % は %s superblock\n" "(ブロックサイズ: % バイト、デバイス %s)と互換性がありません。" -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "データデバイスサイズの縮小(--reduce-device-size)なしに分離ヘッダ(--header)による暗号化はできません。" -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:525 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "要求されたデータオフセットは --reduce-device-size パラメータの半分以下である必要があります。" -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:535 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" msgstr "--reduce-device-size の値を --offset % (セクタ) の倍にします。\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "テンポラリヘッダファイル %s は既に存在しているので、中止します。" -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "テンポラリヘッダファイル %s を作成できません。" -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "LUKS2 メタデータサイズがデータシフト値より大きいです。" -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "デバイス %s の先頭に新しいヘッダを置けません。" -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s がアクティブでオンライン暗号化可能です。\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "アクティブなデバイス %s は LUKS2 ではありません。" -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "オリジナルの LUKS2 ヘッダを復元しています。" -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "オリジナルの LUKS ヘッダの復元に失敗しました。" -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "ヘッダファイル %s が存在しません。デバイス %s の復号化をして LUKS2 ヘッダをファイル %s に出力しますか?" + +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "エクスポートされたヘッダファイルに読み書き権限を付与できません。" -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "再暗号化の初期化に失敗しました。ヘッダのバックアップは %s にあります。" -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:873 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "LUKS2 復号は分離(detached)ヘッダデバイスしかサポートしていません(データへのオフセットが0)。" -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "再暗号化に必要な空きキースロットがありません。" -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "キーファイルは --key-slot と使うか、1 つのキースロットだけアクティブの時にしか使えません。" -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "キースロット %d のパスフレーズを入力してください: " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "キースロット %u のパスフレーズを入力してください: " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "データの暗号化用の暗号アルゴリズムを %s にします。\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "データセグメントのパラメータが変わっていません。再暗号化を中止します。" -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3352,7 +3443,7 @@ "オフラインデバイスの暗号化セクタサイズの増加はサポートしていません。\n" "まずデバイスをアクティベートするか、--force-offline-reencrypt オプションを使ってください (ただし危険です!)。" -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3361,58 +3452,58 @@ "\n" "再暗号化が中断されました。" -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "LUKS 再暗号化を強制オフラインモードで再開します。\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "デバイス %s は壊れた LUKS メタデータを含んでいます。処理を中止します。" -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "デバイス %s は既に LUKS デバイスです。処理を中止します。" -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "デバイス %s は既に LUKS 再暗号化状態にあります。処理を中止します。" -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "LUKS2 復号には --header オプションが必要です。" -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "コマンドはデバイスを引数として必要とします。" -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "バージョンが衝突しています。デバイス %s は LUKS1 です。" -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "バージョンが衝突しています。デバイス %s は LUKS1 再暗号化状態にあります。" -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "バージョンが衝突しています。デバイス %s は LUKS2 です。" -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "バージョンが衝突しています。デバイス %s は LUKS2 再暗号化状態にあります。" -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "LUKS2 再暗号化が既に初期化済なので操作を中止します。" -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "再暗号化処理を実行中ではありません。" @@ -3517,28 +3608,28 @@ msgid "Provided UUID is invalid." msgstr "与えられた UUID が不正です。" -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "再暗号化ログファイルを開けません。" -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "復号を実行中ではありません。与えられた UUID は中止された復号を再開するためだけに使えます。" -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "再暗号化で以下が変わります: %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "ボリュームキー" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr "ハッシュ" -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr "暗号(cipher)" @@ -3757,75 +3848,3 @@ #: tokens/ssh/ssh-utils.c:171 msgid "Public key authentication error: " msgstr "公開鍵認証エラー: " - -#~ msgid "Failed to read BITLK signature from %s." -#~ msgstr "%s から BITLK シグネチャを読み込めませんでした。" - -#~ msgid "Invalid or unknown signature for BITLK device." -#~ msgstr "BITLK デバイスのシグネチャが不正また不明です。" - -#~ msgid "Failed to wipe backup segment data." -#~ msgstr "バックアップセグメントデータを消せません。" - -#~ msgid "Encryption is supported only for LUKS2 format." -#~ msgstr "暗号化は LUKS2 形式でしか使えません。" - -#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" -#~ msgstr "LUKS デバイスが %s に検出されました。もう一度 LUKS デバイスを暗号化したいのですか?" - -#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." -#~ msgstr "現在 LUKS2 形式しかサポートされていません。LUKS1 には cryptsetup-reencrypt を使ってください。" - -#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." -#~ msgstr "古いオフライン再暗号化が実行中です。cryptsetup-reencrypt を使ってください。" - -#~ msgid "LUKS2 device is not in reencryption." -#~ msgstr "LUKS2 デバイスは再暗号化中ではありません。" - -#~ msgid "Setting LUKS2 offline reencrypt flag on device %s." -#~ msgstr "LUKS2 offline reencrypt フラグをデバイス %s に設定します。" - -#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." -#~ msgstr "このバージョンの cryptsetup-reencrypt は新しい内部トークンタイプ %s を扱えません。" - -#~ msgid "Failed to read activation flags from backup header." -#~ msgstr "アクティベーションフラグをバックアップヘッダから読み込めません。" - -#~ msgid "Failed to read requirements from backup header." -#~ msgstr "バックアップヘッダから要求(requirements)を読み込めません。" - -#~ msgid "Changed pbkdf parameters in keyslot %i." -#~ msgstr "キースロット %i の pbkdf パラメータを変更しました。" - -#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." -#~ msgstr "再暗号化のブロックサイズは 1 MiB から 64 MiB までの値しか使えません。" - -#~ msgid "Maximum device reduce size is 64 MiB." -#~ msgstr "デバイスを減らせる最大値は 64 MiB です。" - -#~ msgid "[OPTION...] " -#~ msgstr "[オプション...] <デバイス>" - -#~ msgid "Argument required." -#~ msgstr "引数が必要です。" - -#~ msgid "Option --new must be used together with --reduce-device-size or --header." -#~ msgstr "--new は --reduce-device-size か --header と一緒に使う必要があります" - -#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." -#~ msgstr "--keep-key は --hash か --iter-time か --pbkdf-force-iterations と使う必要があります。" - -#~ msgid "Option --new cannot be used together with --decrypt." -#~ msgstr "--new は --decrypt と一緒に使えません。" - -#~ msgid "Option --decrypt is incompatible with specified parameters." -#~ msgstr "--decrypt は指定されたパラメータと互換性がありません。" - -#~ msgid "Option --uuid is allowed only together with --decrypt." -#~ msgstr "--uuid は --decrypt と一緒にしか使えません。" - -#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." -#~ msgstr "不正な luks タイプです。'luks', 'luks1', 'luks2' のいずれかを使ってください。" - -#~ msgid "Device %s is in use. Cannot proceed with format operation." -#~ msgstr "デバイス %s は使用中です。フォーマットを続けられません。" diff -Nru cryptsetup-2.5.0/po/ka.po cryptsetup-2.6.1/po/ka.po --- cryptsetup-2.5.0/po/ka.po 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/po/ka.po 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,3756 @@ +# Georgian translation for cryptsetup. +# Copyright (C) 2022 Free Software Foundation, Inc. +# This file is distributed under the same license as the cryptsetup package. +# Temuri Doghonadze , 2022. +# +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup 2.6.0-rc1\n" +"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" +"POT-Creation-Date: 2022-11-20 12:38+0100\n" +"PO-Revision-Date: 2022-12-28 18:51+0100\n" +"Last-Translator: Temuri Doghonadze \n" +"Language-Team: Georgian <(nothing)>\n" +"Language: ka\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 3.2.2\n" + +#: lib/libdevmapper.c:419 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "" + +#: lib/libdevmapper.c:422 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "" + +#: lib/libdevmapper.c:1102 +msgid "Requested deferred flag is not supported." +msgstr "" + +#: lib/libdevmapper.c:1171 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "" + +#: lib/libdevmapper.c:1501 +msgid "Unknown dm target type." +msgstr "უცნობი dm სამიზნის ტიპი." + +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 +msgid "Requested dm-crypt performance options are not supported." +msgstr "" + +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "" + +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "" + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-verity FEC options are not supported." +msgstr "" + +#: lib/libdevmapper.c:1659 +msgid "Requested data integrity options are not supported." +msgstr "" + +#: lib/libdevmapper.c:1663 +msgid "Requested sector_size option is not supported." +msgstr "" + +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "" + +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 +msgid "Discard/TRIM is not supported." +msgstr "Discard/TRIM მხარდაუჭერელია." + +#: lib/libdevmapper.c:1688 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "" + +#: lib/libdevmapper.c:2724 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "" + +#: lib/random.c:73 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" + +#: lib/random.c:77 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "გასაღების გენერაცია (%d%% მზადაა).\n" + +#: lib/random.c:163 +msgid "Running in FIPS mode." +msgstr "FIPS რეჟიმში მუშაობა." + +#: lib/random.c:169 +msgid "Fatal error during RNG initialisation." +msgstr "ფატალური შეცდომა RNG-ის ინიციალიზაციისას." + +#: lib/random.c:207 +msgid "Unknown RNG quality requested." +msgstr "RNG-ის მოთხოვნილი ხარისხი უცნობია." + +#: lib/random.c:212 +msgid "Error reading from RNG." +msgstr "RNG-დან წაკითხვის შეცდომა." + +#: lib/setup.c:231 +msgid "Cannot initialize crypto RNG backend." +msgstr "კრიპტოს RNG უკანაბოლოს ინიციალიზაციის შეცდომა." + +#: lib/setup.c:237 +msgid "Cannot initialize crypto backend." +msgstr "კრიპტო უკანაბოლოს ინიციალიზაციის შეცდომა." + +#: lib/setup.c:268 lib/setup.c:2139 lib/verity/verity.c:122 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "" + +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "გასაღების დამუშავების შეცდომა (გამოყენებული ჰეში %s)." + +#: lib/setup.c:342 lib/setup.c:369 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "" + +#: lib/setup.c:348 lib/setup.c:3308 +msgid "This operation is supported only for LUKS device." +msgstr "" + +#: lib/setup.c:375 +msgid "This operation is supported only for LUKS2 device." +msgstr "" + +#: lib/setup.c:430 lib/luks2/luks2_reencrypt.c:3010 +msgid "All key slots full." +msgstr "გასაღების ყველა სლოტი სავსეა." + +#: lib/setup.c:441 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "" + +#: lib/setup.c:447 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "" + +#: lib/setup.c:532 lib/setup.c:3030 +msgid "Device size is not aligned to device logical block size." +msgstr "" + +#: lib/setup.c:630 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "" + +#: lib/setup.c:671 lib/setup.c:2930 lib/setup.c:4275 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +msgid "This operation is not supported for this device type." +msgstr "" + +#: lib/setup.c:676 +msgid "Illegal operation with reencryption in-progress." +msgstr "" + +#: lib/setup.c:762 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "" + +#: lib/setup.c:849 lib/luks1/keymanage.c:247 lib/luks1/keymanage.c:525 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1433 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "" + +#: lib/setup.c:852 lib/luks1/keymanage.c:528 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "LUKS-ის მხარდაუჭერელი ვერსია %d." + +#: lib/setup.c:1479 lib/setup.c:2679 lib/setup.c:2761 lib/setup.c:2773 +#: lib/setup.c:2940 lib/setup.c:4752 +#, c-format +msgid "Device %s is not active." +msgstr "მოწყობილობა %s აქტიური არაა." + +#: lib/setup.c:1496 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "ქვეშმყოფი მოწყობილობა დაშიფრული მოწყობილობისთვის %s სადღაც აორთქლდა." + +#: lib/setup.c:1578 +msgid "Invalid plain crypt parameters." +msgstr "უბრალოდ შიფრაციის არასწორი პარამეტრები." + +#: lib/setup.c:1583 lib/setup.c:2042 +msgid "Invalid key size." +msgstr "გასაღების არასწორი ზომა." + +#: lib/setup.c:1588 lib/setup.c:2047 lib/setup.c:2250 +msgid "UUID is not supported for this crypt type." +msgstr "" + +#: lib/setup.c:1593 lib/setup.c:2052 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "" + +#: lib/setup.c:1603 lib/setup.c:1819 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +msgid "Unsupported encryption sector size." +msgstr "" + +#: lib/setup.c:1611 lib/setup.c:1947 lib/setup.c:3024 +msgid "Device size is not aligned to requested sector size." +msgstr "" + +#: lib/setup.c:1663 lib/setup.c:1787 +msgid "Can't format LUKS without device." +msgstr "" + +#: lib/setup.c:1669 lib/setup.c:1793 +msgid "Requested data alignment is not compatible with data offset." +msgstr "" + +#: lib/setup.c:1744 lib/setup.c:1964 lib/setup.c:1985 lib/setup.c:2262 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "" + +#: lib/setup.c:1757 lib/setup.c:2024 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "" + +#: lib/setup.c:1828 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "" + +#: lib/setup.c:1851 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "" + +#: lib/setup.c:1911 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "" + +#: lib/setup.c:1937 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1941 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1967 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#, c-format +msgid "Device %s is too small." +msgstr "მოწყობილობა ძალიან პატარაა %s." + +#: lib/setup.c:1978 lib/setup.c:2004 +#, c-format +msgid "Cannot format device %s in use." +msgstr "" + +#: lib/setup.c:1981 lib/setup.c:2007 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "" + +#: lib/setup.c:1993 lib/setup.c:2322 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "" + +#: lib/setup.c:2011 +#, c-format +msgid "Cannot format device %s." +msgstr "მოწყობილობის ფორმატირების (%s) შეცდომა." + +#: lib/setup.c:2037 +msgid "Can't format LOOPAES without device." +msgstr "" + +#: lib/setup.c:2082 +msgid "Can't format VERITY without device." +msgstr "" + +#: lib/setup.c:2093 lib/verity/verity.c:101 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "" + +#: lib/setup.c:2099 lib/verity/verity.c:109 +msgid "Unsupported VERITY block size." +msgstr "" + +#: lib/setup.c:2104 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "" + +#: lib/setup.c:2109 +msgid "Unsupported VERITY FEC offset." +msgstr "" + +#: lib/setup.c:2133 +msgid "Data area overlaps with hash area." +msgstr "" + +#: lib/setup.c:2158 +msgid "Hash area overlaps with FEC area." +msgstr "" + +#: lib/setup.c:2165 +msgid "Data area overlaps with FEC area." +msgstr "" + +#: lib/setup.c:2301 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" + +#: lib/setup.c:2380 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "" + +#: lib/setup.c:2687 lib/setup.c:2766 lib/setup.c:2779 +#, c-format +msgid "Unsupported parameters on device %s." +msgstr "" + +#: lib/setup.c:2693 lib/setup.c:2786 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "" + +#: lib/setup.c:2810 +msgid "Crypt devices mismatch." +msgstr "" + +#: lib/setup.c:2847 lib/setup.c:2852 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#, c-format +msgid "Failed to reload device %s." +msgstr "" + +#: lib/setup.c:2858 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#, c-format +msgid "Failed to suspend device %s." +msgstr "" + +#: lib/setup.c:2870 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 +#, c-format +msgid "Failed to resume device %s." +msgstr "" + +#: lib/setup.c:2885 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:2888 lib/setup.c:2890 +#, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "" + +#: lib/setup.c:2972 +msgid "Cannot resize loop device." +msgstr "Loop მოწყობილობის ზომის შეცვლა შეუძლებელია." + +#: lib/setup.c:3015 +msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" +msgstr "" + +#: lib/setup.c:3076 +msgid "Resize failed, the kernel doesn't support it." +msgstr "" + +#: lib/setup.c:3108 +msgid "Do you really want to change UUID of device?" +msgstr "" + +#: lib/setup.c:3200 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "" + +#: lib/setup.c:3316 +#, c-format +msgid "Volume %s is not active." +msgstr "ტომი %s აქტიური არაა." + +#: lib/setup.c:3327 +#, c-format +msgid "Volume %s is already suspended." +msgstr "" + +#: lib/setup.c:3340 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "" + +#: lib/setup.c:3342 +#, c-format +msgid "Error during suspending device %s." +msgstr "" + +#: lib/setup.c:3377 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "" + +#: lib/setup.c:3379 +#, c-format +msgid "Error during resuming device %s." +msgstr "" + +#: lib/setup.c:3413 lib/setup.c:3461 lib/setup.c:3532 lib/setup.c:3577 +#: src/cryptsetup.c:2479 +#, c-format +msgid "Volume %s is not suspended." +msgstr "" + +#: lib/setup.c:3547 lib/setup.c:4528 lib/setup.c:4541 lib/setup.c:4549 +#: lib/setup.c:4562 lib/setup.c:6145 lib/setup.c:6167 lib/setup.c:6216 +#: src/cryptsetup.c:2011 +msgid "Volume key does not match the volume." +msgstr "ტომის გასაღები ტომს არ ემთხვევა." + +#: lib/setup.c:3725 +msgid "Failed to swap new key slot." +msgstr "" + +#: lib/setup.c:3823 +#, c-format +msgid "Key slot %d is invalid." +msgstr "გასაღების სლოტი %d არასწორია." + +#: lib/setup.c:3829 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#, c-format +msgid "Keyslot %d is not active." +msgstr "გასაღების სლოტი %d აქტიური არაა." + +#: lib/setup.c:3848 +msgid "Device header overlaps with data area." +msgstr "" + +#: lib/setup.c:4153 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "" + +#: lib/setup.c:4155 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 +msgid "Failed to get reencryption lock." +msgstr "" + +#: lib/setup.c:4168 lib/luks2/luks2_reencrypt.c:3609 +msgid "LUKS2 reencryption recovery failed." +msgstr "" + +#: lib/setup.c:4340 lib/setup.c:4606 +msgid "Device type is not properly initialized." +msgstr "" + +#: lib/setup.c:4388 +#, c-format +msgid "Device %s already exists." +msgstr "მოწყობლობა %s უკვე არსებობს." + +#: lib/setup.c:4395 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "" + +#: lib/setup.c:4515 +msgid "Incorrect volume key specified for plain device." +msgstr "" + +#: lib/setup.c:4632 +msgid "Incorrect root hash specified for verity device." +msgstr "" + +#: lib/setup.c:4642 +msgid "Root hash signature required." +msgstr "" + +#: lib/setup.c:4651 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "" + +#: lib/setup.c:4668 lib/setup.c:6411 +msgid "Failed to load key in kernel keyring." +msgstr "" + +#: lib/setup.c:4724 +#, c-format +msgid "Could not cancel deferred remove from device %s." +msgstr "" + +#: lib/setup.c:4731 lib/setup.c:4747 lib/luks2/luks2_json_metadata.c:2756 +#: src/utils_reencrypt.c:116 +#, c-format +msgid "Device %s is still in use." +msgstr "მოწყობილობა %s ჯერ კიდევ გამოიყენება." + +#: lib/setup.c:4756 +#, c-format +msgid "Invalid device %s." +msgstr "არასწორი მოწყობილობა '%s'." + +#: lib/setup.c:4896 +msgid "Volume key buffer too small." +msgstr "ტომის გასაღების ბუფერი ძალიან პატარაა." + +#: lib/setup.c:4913 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "" + +#: lib/setup.c:4922 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "" + +#: lib/setup.c:4932 +msgid "Cannot retrieve volume key for plain device." +msgstr "უბრალო მოწყობილობისთვის ტომის გასაღების მიღების შეცდომა." + +#: lib/setup.c:4940 +msgid "Cannot retrieve root hash for verity device." +msgstr "" + +#: lib/setup.c:4947 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "" + +#: lib/setup.c:4952 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "" + +#: lib/setup.c:4954 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "" + +#: lib/setup.c:5135 lib/setup.c:5146 +msgid "Dump operation is not supported for this device type." +msgstr "" + +#: lib/setup.c:5488 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "" + +#: lib/setup.c:5776 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "" + +#: lib/setup.c:6086 lib/setup.c:6225 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "" + +#: lib/setup.c:6110 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "" + +#: lib/setup.c:6116 +#, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "" + +#: lib/setup.c:6341 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "" + +#: lib/setup.c:6478 +msgid "Kernel keyring is not supported by the kernel." +msgstr "" + +#: lib/setup.c:6488 lib/luks2/luks2_reencrypt.c:3807 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "" + +#: lib/setup.c:6512 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "" + +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +msgid "Failed to open key file." +msgstr "გასაღების ფაილის გახსნის შეცდომა." + +#: lib/utils.c:163 +msgid "Cannot read keyfile from a terminal." +msgstr "" + +#: lib/utils.c:179 +msgid "Failed to stat key file." +msgstr "გასაღების ფაილის აღმოჩენის შეცდომა." + +#: lib/utils.c:187 lib/utils.c:208 +msgid "Cannot seek to requested keyfile offset." +msgstr "" + +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:227 +#: src/utils_password.c:239 +msgid "Out of memory while reading passphrase." +msgstr "არასაკმარისი მეხსიერება საკვანძო ფრაზის წაკითხვისას." + +#: lib/utils.c:237 +msgid "Error reading passphrase." +msgstr "საკვანძო ფრაზის წაკითხვის შეცდომა." + +#: lib/utils.c:254 +msgid "Nothing to read on input." +msgstr "" + +#: lib/utils.c:261 +msgid "Maximum keyfile size exceeded." +msgstr "" + +#: lib/utils.c:266 +msgid "Cannot read requested amount of data." +msgstr "" + +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1408 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "" + +#: lib/utils_device.c:217 +#, c-format +msgid "Device %s is not compatible." +msgstr "" + +#: lib/utils_device.c:561 +#, c-format +msgid "Ignoring bogus optimal-io size for data device (%u bytes)." +msgstr "" + +#: lib/utils_device.c:722 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "" + +#: lib/utils_device.c:803 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "" + +#: lib/utils_device.c:807 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "" + +#: lib/utils_device.c:810 +#, c-format +msgid "Cannot get info about device %s." +msgstr "" + +#: lib/utils_device.c:833 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "" + +#: lib/utils_device.c:844 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "" + +#: lib/utils_device.c:892 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "" + +#: lib/utils_device.c:900 +#, c-format +msgid "Device %s has zero size." +msgstr "" + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "" + +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "" + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "" + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "" + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "" + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:174 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "" + +#: lib/utils_benchmark.c:193 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "" + +#: lib/utils_benchmark.c:213 +msgid "Not compatible PBKDF options." +msgstr "" + +#: lib/utils_device_locking.c:101 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "" + +#: lib/utils_device_locking.c:118 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "" + +#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: src/utils_reencrypt_luks1.c:832 +msgid "Cannot seek to device offset." +msgstr "" + +#: lib/utils_wipe.c:247 +#, c-format +msgid "Device wipe error, offset %." +msgstr "" + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "" + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "" + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 +#: lib/luks1/keymanage.c:675 lib/luks1/keymanage.c:1126 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "" + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "" + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "" + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:61 +#: lib/luks2/luks2_keyslot_luks2.c:79 lib/luks2/luks2_keyslot_reenc.c:192 +msgid "IO error while encrypting keyslot." +msgstr "" + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 +#: lib/luks1/keymanage.c:628 lib/luks1/keymanage.c:678 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 +#, c-format +msgid "Cannot open device %s." +msgstr "მოწყობილობის გახსნის შეცდომა: '%s'." + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:138 +msgid "IO error while decrypting keyslot." +msgstr "" + +#: lib/luks1/keymanage.c:129 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "" + +#: lib/luks1/keymanage.c:150 lib/luks1/keymanage.c:158 +#: lib/luks1/keymanage.c:170 lib/luks1/keymanage.c:181 +#: lib/luks1/keymanage.c:193 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "" + +#: lib/luks1/keymanage.c:265 lib/luks2/luks2_json_metadata.c:1353 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "" + +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1355 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "" + +#: lib/luks1/keymanage.c:274 lib/luks2/luks2_json_metadata.c:1362 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "" + +#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1399 +msgid "Backup file does not contain valid LUKS header." +msgstr "" + +#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:591 +#: lib/luks2/luks2_json_metadata.c:1420 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "" + +#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1428 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "" + +#: lib/luks1/keymanage.c:337 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "" + +#: lib/luks1/keymanage.c:345 +#, c-format +msgid "Device %s %s%s" +msgstr "მოწყობილობა %s %s%s" + +#: lib/luks1/keymanage.c:346 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "" + +#: lib/luks1/keymanage.c:347 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "" + +#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1462 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" + +#: lib/luks1/keymanage.c:396 +msgid "Non standard key size, manual repair required." +msgstr "" + +#: lib/luks1/keymanage.c:406 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "" + +#: lib/luks1/keymanage.c:415 +#, c-format +msgid "Cipher mode repaired (%s -> %s)." +msgstr "" + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Cipher hash repaired to lowercase (%s)." +msgstr "" + +#: lib/luks1/keymanage.c:428 lib/luks1/keymanage.c:534 +#: lib/luks1/keymanage.c:790 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "" + +#: lib/luks1/keymanage.c:442 +msgid "Repairing keyslots." +msgstr "" + +#: lib/luks1/keymanage.c:461 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "" + +#: lib/luks1/keymanage.c:469 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "" + +#: lib/luks1/keymanage.c:478 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "" + +#: lib/luks1/keymanage.c:483 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "" + +#: lib/luks1/keymanage.c:500 +msgid "Writing LUKS header to disk." +msgstr "" + +#: lib/luks1/keymanage.c:505 +msgid "Repair failed." +msgstr "შეკეთების შეცდომა." + +#: lib/luks1/keymanage.c:560 +#, c-format +msgid "LUKS cipher mode %s is invalid." +msgstr "" + +#: lib/luks1/keymanage.c:565 +#, c-format +msgid "LUKS hash %s is invalid." +msgstr "" + +#: lib/luks1/keymanage.c:572 src/cryptsetup.c:1281 +msgid "No known problems detected for LUKS header." +msgstr "" + +#: lib/luks1/keymanage.c:700 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "" + +#: lib/luks1/keymanage.c:708 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "" + +#: lib/luks1/keymanage.c:784 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "" + +#: lib/luks1/keymanage.c:795 lib/luks1/keymanage.c:864 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:514 +msgid "Wrong LUKS UUID format provided." +msgstr "" + +#: lib/luks1/keymanage.c:817 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "" + +#: lib/luks1/keymanage.c:843 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "" + +#: lib/luks1/keymanage.c:887 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "" + +#: lib/luks1/keymanage.c:893 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "" + +#: lib/luks1/keymanage.c:1034 +#, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "" + +#: lib/luks1/keymanage.c:1112 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "" + +#: lib/luks1/keymanage.c:1130 lib/luks2/luks2_keyslot.c:718 +#, c-format +msgid "Cannot wipe device %s." +msgstr "" + +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "" + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "" + +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "" + +#: lib/tcrypt/tcrypt.c:508 +#, c-format +msgid "Error reading keyfile %s." +msgstr "გასაღების ფაილის %s წაკითხვის შეცდომა." + +#: lib/tcrypt/tcrypt.c:558 +#, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "" + +#: lib/tcrypt/tcrypt.c:600 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "" + +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +msgid "Required kernel crypto interface not available." +msgstr "" + +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "" + +#: lib/tcrypt/tcrypt.c:762 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "" + +#: lib/tcrypt/tcrypt.c:768 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "" + +#: lib/tcrypt/tcrypt.c:799 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "" + +#: lib/tcrypt/tcrypt.c:882 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "" + +#: lib/tcrypt/tcrypt.c:1095 +msgid "This function is not supported without TCRYPT header load." +msgstr "" + +#: lib/bitlk/bitlk.c:275 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:328 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:332 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:349 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:451 +msgid "BITLK version 1 is currently not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:457 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:469 +#, c-format +msgid "Unsupported sector size %." +msgstr "" + +#: lib/bitlk/bitlk.c:477 +#, c-format +msgid "Failed to read BITLK header from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:502 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:554 +msgid "Unknown or unsupported encryption type." +msgstr "" + +#: lib/bitlk/bitlk.c:587 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:681 +msgid "Failed to convert BITLK volume description" +msgstr "" + +#: lib/bitlk/bitlk.c:841 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing external key." +msgstr "" + +#: lib/bitlk/bitlk.c:860 +#, c-format +msgid "BEK file GUID '%s' does not match GUID of the volume." +msgstr "" + +#: lib/bitlk/bitlk.c:864 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing external key." +msgstr "" + +#: lib/bitlk/bitlk.c:903 +#, c-format +msgid "Unsupported BEK metadata version %" +msgstr "" + +#: lib/bitlk/bitlk.c:908 +#, c-format +msgid "Unexpected BEK metadata size % does not match BEK file length" +msgstr "" + +#: lib/bitlk/bitlk.c:933 +msgid "Unexpected metadata entry found when parsing startup key." +msgstr "" + +#: lib/bitlk/bitlk.c:1029 +msgid "This operation is not supported." +msgstr "ეს ოპერაცია მხარდაუჭერელია." + +#: lib/bitlk/bitlk.c:1037 +msgid "Unexpected key data size." +msgstr "გასაღების მონაცემების მოულოდნელი ზომა." + +#: lib/bitlk/bitlk.c:1163 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1168 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1175 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:1216 +#, c-format +msgid "WARNING: BitLocker volume size % does not match the underlying device size %" +msgstr "" + +#: lib/bitlk/bitlk.c:1343 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" + +#: lib/bitlk/bitlk.c:1347 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" + +#: lib/bitlk/bitlk.c:1351 +msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." +msgstr "" + +#: lib/bitlk/bitlk.c:1355 +msgid "Cannot activate device, kernel dm-zero module is missing." +msgstr "" + +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "" + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "" + +#: lib/verity/verity.c:68 lib/verity/verity.c:182 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "" + +#: lib/verity/verity.c:96 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "" + +#: lib/verity/verity.c:131 +msgid "VERITY header corrupted." +msgstr "VERITY თავსართი დაზიანებულია." + +#: lib/verity/verity.c:176 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "" + +#: lib/verity/verity.c:220 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "" + +#: lib/verity/verity.c:278 +msgid "Root hash signature verification is not supported." +msgstr "" + +#: lib/verity/verity.c:290 +msgid "Errors cannot be repaired with FEC device." +msgstr "" + +#: lib/verity/verity.c:292 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "" + +#: lib/verity/verity.c:335 +msgid "Kernel does not support dm-verity mapping." +msgstr "" + +#: lib/verity/verity.c:339 +msgid "Kernel does not support dm-verity signature option." +msgstr "" + +#: lib/verity/verity.c:350 +msgid "Verity device detected corruption after activation." +msgstr "" + +#: lib/verity/verity_hash.c:66 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "" + +#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300 +#: lib/verity/verity_hash.c:311 +msgid "Device offset overflow." +msgstr "მოწყობილობის წანაცვლების გადავსება." + +#: lib/verity/verity_hash.c:218 +#, c-format +msgid "Verification failed at position %." +msgstr "გადამოწმების შეცდომა მდებარეობაზე %." + +#: lib/verity/verity_hash.c:307 +msgid "Hash area overflow." +msgstr "ჰეშის ფართის გადავსება." + +#: lib/verity/verity_hash.c:380 +msgid "Verification of data area failed." +msgstr "მონაცემების რეგიონის გადამოწმების შეცდომა." + +#: lib/verity/verity_hash.c:385 +msgid "Verification of root hash failed." +msgstr "" + +#: lib/verity/verity_hash.c:391 +msgid "Input/output error while creating hash area." +msgstr "" + +#: lib/verity/verity_hash.c:393 +msgid "Creation of hash area failed." +msgstr "" + +#: lib/verity/verity_hash.c:428 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "" + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "" + +#: lib/verity/verity_fec.c:149 +msgid "Failed to allocate buffer." +msgstr "ბუფერის გამოყოფის შეცდომა." + +#: lib/verity/verity_fec.c:159 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "" + +#: lib/verity/verity_fec.c:172 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "" + +#: lib/verity/verity_fec.c:180 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "" + +#: lib/verity/verity_fec.c:192 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "" + +#: lib/verity/verity_fec.c:208 +msgid "Block sizes must match for FEC." +msgstr "" + +#: lib/verity/verity_fec.c:214 +msgid "Invalid number of parity bytes." +msgstr "" + +#: lib/verity/verity_fec.c:248 +msgid "Invalid FEC segment length." +msgstr "" + +#: lib/verity/verity_fec.c:316 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "" + +#: lib/integrity/integrity.c:57 +#, c-format +msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." +msgstr "" + +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +msgid "Kernel does not support dm-integrity mapping." +msgstr "" + +#: lib/integrity/integrity.c:283 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "" + +#: lib/integrity/integrity.c:292 +msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." +msgstr "" + +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "" + +#: lib/luks2/luks2_disk_metadata.c:400 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" + +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" + +#: lib/luks2/luks2_json_format.c:229 +msgid "Requested data offset is too small." +msgstr "" + +#: lib/luks2/luks2_json_format.c:274 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:93 +#: lib/luks2/luks2_keyslot_luks2.c:115 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1405 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1446 +msgid "Data offset differ on device and backup, restore failed." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1452 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1459 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "მოწყობილობა %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1460 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1461 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1463 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1465 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1562 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "უცნობი ალამი იგნორირებულია %s." + +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +msgid "Failed to set dm-crypt segment." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +msgid "Failed to set dm-linear segment." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2615 +msgid "Unsupported device integrity configuration." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2701 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2792 +msgid "Failed to read LUKS2 requirements." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2799 +msgid "Unmet LUKS2 requirements detected." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2807 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2809 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +msgid "Not enough available memory to open a keyslot." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +msgid "Keyslot open failed." +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:54 lib/luks2/luks2_keyslot_luks2.c:109 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:281 lib/luks2/luks2_keyslot_luks2.c:390 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#, c-format +msgid "Hash algorithm %s is not available." +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:506 +msgid "No space for new keyslot." +msgstr "" + +#: lib/luks2/luks2_keyslot_reenc.c:593 +msgid "Invalid reencryption resilience mode change requested." +msgstr "" + +#: lib/luks2/luks2_keyslot_reenc.c:714 +#, c-format +msgid "Can not update resilience type. New type only provides % bytes, required space is: % bytes." +msgstr "" + +#: lib/luks2/luks2_keyslot_reenc.c:724 +msgid "Failed to refresh reencryption verification digest." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:512 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:538 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#, c-format +msgid "Unable to use cipher specification %s-%s for LUKS2." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:584 +msgid "Unable to move keyslot area. Not enough space." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:619 +msgid "Cannot convert to LUKS2 format - invalid metadata." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:636 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +msgid "Unable to move keyslot area." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:732 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:740 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:752 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:757 +msgid "Cannot convert to LUKS1 format - device uses more segments." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:765 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:779 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:784 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:789 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1152 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1157 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 +msgid "Failed to initialize old segment storage wrapper." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +msgid "Failed to initialize new segment storage wrapper." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +msgid "Failed to initialize hotzone protection." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1578 +msgid "Failed to read checksums for current hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1604 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1610 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2174 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2272 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2289 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2296 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2367 +msgid "Failed to refresh reencryption devices stack." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2550 +msgid "Failed to set new keyslots area size." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2686 +#, c-format +msgid "Data shift value is not aligned to encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2760 +msgid "Moved segment size can not be greater than data shift value." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2824 +#, c-format +msgid "Moved segment too large. Requested size %, available space for: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2911 +msgid "Failed to clear table." +msgstr "ცხრილის გასუფთავება შეუძლებელია." + +#: lib/luks2/luks2_reencrypt.c:2997 +msgid "Reduced data size is larger than real device size." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3004 +#, c-format +msgid "Data device is not aligned to encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3234 +msgid "Device not marked for LUKS2 reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +msgid "Failed to load LUKS2 reencryption context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3331 +msgid "Failed to get reencryption state." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +msgid "Device is not in reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +msgid "Reencryption process is already running." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +msgid "Failed to acquire reencryption lock." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3362 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3497 +msgid "Active device size and requested reencryption size don't match." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3511 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3588 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3757 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3764 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3859 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3911 +msgid "Failed to write reencryption resilience metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3918 +msgid "Decryption failed." +msgstr "გაშიფვრის შეცდომა." + +#: lib/luks2/luks2_reencrypt.c:3923 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3928 +msgid "Failed to sync data." +msgstr "მონაცემების სინქრონიზაციის შეცდომა." + +#: lib/luks2/luks2_reencrypt.c:3936 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4025 +msgid "Failed to write LUKS2 metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4048 +msgid "Failed to wipe unused data device area." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4054 +#, c-format +msgid "Failed to remove unused (unbound) keyslot %d." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4064 +msgid "Failed to remove reencryption keyslot." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4074 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4078 +msgid "Online reencryption failed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4083 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4137 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4143 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4150 +msgid "Failed to initialize reencryption device stack." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +msgid "Failed to update reencryption context." +msgstr "" + +#: lib/luks2/luks2_reencrypt_digest.c:405 +msgid "Reencryption metadata is invalid." +msgstr "" + +#: src/cryptsetup.c:85 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "" + +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#, c-format +msgid "Enter token PIN: " +msgstr "შეიყვანეთ კოდის PIN კოდი: " + +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#, c-format +msgid "Enter token %d PIN: " +msgstr "" + +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1097 src/utils_reencrypt_luks1.c:517 +#: src/utils_reencrypt_luks1.c:580 +msgid "No known cipher specification pattern detected." +msgstr "" + +#: src/cryptsetup.c:167 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "" + +#: src/cryptsetup.c:175 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "" + +#: src/cryptsetup.c:215 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "" + +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:724 +msgid "Operation aborted.\n" +msgstr "ოპერაცია გაუქმდა.\n" + +#: src/cryptsetup.c:294 +msgid "Option --key-file is required." +msgstr "" + +#: src/cryptsetup.c:345 +msgid "Enter VeraCrypt PIM: " +msgstr "" + +#: src/cryptsetup.c:354 +msgid "Invalid PIM value: parse error." +msgstr "" + +#: src/cryptsetup.c:357 +msgid "Invalid PIM value: 0." +msgstr "" + +#: src/cryptsetup.c:360 +msgid "Invalid PIM value: outside of range." +msgstr "" + +#: src/cryptsetup.c:383 +msgid "No device header detected with this passphrase." +msgstr "" + +#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "" + +#: src/cryptsetup.c:464 +msgid "Cannot determine volume key size for BITLK, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:506 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" + +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "" + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "" + +#: src/cryptsetup.c:835 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "" + +#: src/cryptsetup.c:982 +msgid "Benchmark interrupted." +msgstr "" + +#: src/cryptsetup.c:1003 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s N/A\n" + +#: src/cryptsetup.c:1005 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "" + +#: src/cryptsetup.c:1019 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s N/A\n" + +#: src/cryptsetup.c:1021 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "" + +#: src/cryptsetup.c:1045 +msgid "Result of benchmark is not reliable." +msgstr "" + +#: src/cryptsetup.c:1095 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:1115 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s ალგორითმი | გასაღები | დაშიფვრა | გაშიფვრა\n" + +#: src/cryptsetup.c:1119 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:1138 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# ალგორითმი | გასაღები | დაშიფვრა | გაშიფვრა\n" + +#: src/cryptsetup.c:1149 +msgid "N/A" +msgstr "N/A" + +#: src/cryptsetup.c:1174 +msgid "" +"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" +"and continue (upgrade metadata) only if you acknowledge the operation as genuine." +msgstr "" + +#: src/cryptsetup.c:1180 +msgid "Enter passphrase to protect and upgrade reencryption metadata: " +msgstr "" + +#: src/cryptsetup.c:1224 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1233 +msgid "Enter passphrase to verify reencryption metadata digest: " +msgstr "" + +#: src/cryptsetup.c:1235 +msgid "Enter passphrase for reencryption recovery: " +msgstr "" + +#: src/cryptsetup.c:1290 +msgid "Really try to repair LUKS device header?" +msgstr "" + +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" + +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" + +#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "" + +#: src/cryptsetup.c:1392 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "" + +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +msgid "Unsupported LUKS2 metadata size options." +msgstr "" + +#: src/cryptsetup.c:1406 +msgid "Header file does not exist, do you want to create it?" +msgstr "" + +#: src/cryptsetup.c:1414 +#, c-format +msgid "Cannot create header file %s." +msgstr "თავსართის ფაილის (%s) შექმნის შეცდომა." + +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 +#: src/integritysetup.c:333 +msgid "No known integrity specification pattern detected." +msgstr "" + +#: src/cryptsetup.c:1450 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "" + +#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "" + +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +msgid "Failed to set pbkdf parameters." +msgstr "" + +#: src/cryptsetup.c:1593 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "" + +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "" + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1658 +msgid "Device activated but cannot make flags persistent." +msgstr "" + +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "" + +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "" + +#: src/cryptsetup.c:1750 +msgid "Enter any remaining passphrase: " +msgstr "" + +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:1787 +msgid "Enter passphrase to be deleted: " +msgstr "" + +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 +#, c-format +msgid "Device %s is not a valid LUKS2 device." +msgstr "" + +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +msgid "Enter new passphrase for key slot: " +msgstr "" + +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "" + +#: src/cryptsetup.c:2152 +msgid "Enter passphrase to be changed: " +msgstr "" + +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +msgid "Enter new passphrase: " +msgstr "შეიყვანეთ ახალი საკვანძო ფრაზა: " + +#: src/cryptsetup.c:2218 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "" + +#: src/cryptsetup.c:2242 +msgid "Only one device argument for isLuks operation is supported." +msgstr "" + +#: src/cryptsetup.c:2350 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "" + +#: src/cryptsetup.c:2355 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#, c-format +msgid "%s is not active %s device name." +msgstr "" + +#: src/cryptsetup.c:2465 +#, c-format +msgid "%s is not active LUKS device name or header is missing." +msgstr "" + +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +msgid "Option --header-backup-file is required." +msgstr "" + +#: src/cryptsetup.c:2577 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "" + +#: src/cryptsetup.c:2588 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "" + +#: src/cryptsetup.c:2638 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "" + +#: src/cryptsetup.c:2640 +msgid "Command requires device and mapped name as arguments." +msgstr "" + +#: src/cryptsetup.c:2661 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" + +#: src/cryptsetup.c:2668 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:2707 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "" + +#: src/cryptsetup.c:2723 +#, c-format +msgid "Device is already %s type." +msgstr "" + +#: src/cryptsetup.c:2730 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "" + +#: src/cryptsetup.c:2733 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "" + +#: src/cryptsetup.c:2773 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "" + +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#, c-format +msgid "Token %d is invalid." +msgstr "კოდი %d არასწორია." + +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#, c-format +msgid "Token %d in use." +msgstr "კოდი %d გამოიყენება." + +#: src/cryptsetup.c:2822 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "" + +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "" + +#: src/cryptsetup.c:2850 +#, c-format +msgid "Token %d is not in use." +msgstr "კოდი %d არ გამოიყენება." + +#: src/cryptsetup.c:2887 +msgid "Failed to import token from file." +msgstr "" + +#: src/cryptsetup.c:2912 +#, c-format +msgid "Failed to get token %d for export." +msgstr "" + +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "" + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "" + +#: src/cryptsetup.c:2983 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "" + +#: src/cryptsetup.c:2986 +msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." +msgstr "" + +#: src/cryptsetup.c:2989 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "" + +#: src/cryptsetup.c:2993 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "" + +#: src/cryptsetup.c:2995 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3004 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "" + +#: src/cryptsetup.c:3007 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3010 +msgid "Option --shared is allowed only for open of plain device." +msgstr "" + +#: src/cryptsetup.c:3013 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "" + +#: src/cryptsetup.c:3016 +msgid "Option --offset with open action is only supported for plain and loopaes devices." +msgstr "" + +#: src/cryptsetup.c:3019 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "" + +#: src/cryptsetup.c:3023 +msgid "Sector size option with open action is supported only for plain devices." +msgstr "" + +#: src/cryptsetup.c:3027 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "" + +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +msgid "Options --device-size and --size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3038 +msgid "Option --unbound is allowed only for open of luks device." +msgstr "" + +#: src/cryptsetup.c:3041 +msgid "Option --unbound cannot be used without --test-passphrase." +msgstr "" + +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +msgid "Options --cancel-deferred and --deferred cannot be used at the same time." +msgstr "" + +#: src/cryptsetup.c:3066 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3069 +msgid "Option --active-name can be set only for LUKS2 device." +msgstr "" + +#: src/cryptsetup.c:3072 +msgid "Options --active-name and --force-offline-reencrypt cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +msgid "Keyslot specification is required." +msgstr "" + +#: src/cryptsetup.c:3088 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3091 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "" + +#: src/cryptsetup.c:3094 +msgid "Only one of --use-[u]random options is allowed." +msgstr "" + +#: src/cryptsetup.c:3102 +msgid "Key size is required with --unbound option." +msgstr "" + +#: src/cryptsetup.c:3122 +msgid "Invalid token action." +msgstr "არასწორი კოდის ქმედება." + +#: src/cryptsetup.c:3125 +msgid "--key-description parameter is mandatory for token add action." +msgstr "" + +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "" + +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "" + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "" + +#: src/cryptsetup.c:3156 +msgid " [--type ] []" +msgstr "<მოწყობილობა> [--type <ტიპი>] [<სახელი>]" + +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +msgid "open device as " +msgstr "" + +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 +#: src/integritysetup.c:537 src/integritysetup.c:539 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +msgid "close device (remove mapping)" +msgstr "" + +#: src/cryptsetup.c:3158 src/integritysetup.c:539 +msgid "resize active device" +msgstr "აქტიური მოწყობილობის ზომის შეცვლა" + +#: src/cryptsetup.c:3159 +msgid "show device status" +msgstr "მოწყობილობის მდგომარეობის ჩვენება" + +#: src/cryptsetup.c:3160 +msgid "[--cipher ]" +msgstr "[--cipher <შიფრი>]" + +#: src/cryptsetup.c:3160 +msgid "benchmark cipher" +msgstr "" + +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +msgid "" +msgstr "<მოწყობილობა>" + +#: src/cryptsetup.c:3161 +msgid "try to repair on-disk metadata" +msgstr "" + +#: src/cryptsetup.c:3162 +msgid "reencrypt LUKS2 device" +msgstr "" + +#: src/cryptsetup.c:3163 +msgid "erase all keyslots (remove encryption key)" +msgstr "" + +#: src/cryptsetup.c:3164 +msgid "convert LUKS from/to LUKS2 format" +msgstr "" + +#: src/cryptsetup.c:3165 +msgid "set permanent configuration options for LUKS2" +msgstr "" + +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +msgid " []" +msgstr "" + +#: src/cryptsetup.c:3166 +msgid "formats a LUKS device" +msgstr "" + +#: src/cryptsetup.c:3167 +msgid "add key to LUKS device" +msgstr "" + +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +msgid " []" +msgstr "<მოწყობილობა> [<გასაღების ფაილი>]" + +#: src/cryptsetup.c:3168 +msgid "removes supplied key or key file from LUKS device" +msgstr "" + +#: src/cryptsetup.c:3169 +msgid "changes supplied key or key file of LUKS device" +msgstr "" + +#: src/cryptsetup.c:3170 +msgid "converts a key to new pbkdf parameters" +msgstr "" + +#: src/cryptsetup.c:3171 +msgid " " +msgstr "" + +#: src/cryptsetup.c:3171 +msgid "wipes key with number from LUKS device" +msgstr "" + +#: src/cryptsetup.c:3172 +msgid "print UUID of LUKS device" +msgstr "" + +#: src/cryptsetup.c:3173 +msgid "tests for LUKS partition header" +msgstr "" + +#: src/cryptsetup.c:3174 +msgid "dump LUKS partition information" +msgstr "" + +#: src/cryptsetup.c:3175 +msgid "dump TCRYPT device information" +msgstr "" + +#: src/cryptsetup.c:3176 +msgid "dump BITLK device information" +msgstr "" + +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "" + +#: src/cryptsetup.c:3178 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "" + +#: src/cryptsetup.c:3179 +msgid "Resume suspended LUKS device" +msgstr "" + +#: src/cryptsetup.c:3180 +msgid "Backup LUKS device header and keyslots" +msgstr "" + +#: src/cryptsetup.c:3181 +msgid "Restore LUKS device header and keyslots" +msgstr "" + +#: src/cryptsetup.c:3182 +msgid " " +msgstr "" + +#: src/cryptsetup.c:3182 +msgid "Manipulate LUKS2 tokens" +msgstr "" + +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +"<ქმედება> შეიძლება იყოს:\n" + +#: src/cryptsetup.c:3207 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" +msgstr "" + +#: src/cryptsetup.c:3211 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" + +#: src/cryptsetup.c:3218 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" + +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 +#, c-format +msgid "" +"\n" +"LUKS2 external token plugin support is %s.\n" +msgstr "" + +#: src/cryptsetup.c:3223 +msgid "compiled-in" +msgstr "" + +#: src/cryptsetup.c:3224 +#, c-format +msgid "LUKS2 external token plugin path: %s.\n" +msgstr "" + +#: src/cryptsetup.c:3226 +msgid "disabled" +msgstr "გამორთულია" + +#: src/cryptsetup.c:3230 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" + +#: src/cryptsetup.c:3241 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" + +#: src/cryptsetup.c:3250 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "" + +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "" + +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +msgid "Key slot is invalid." +msgstr "გასაღების სლოტი არასწორია." + +#: src/cryptsetup.c:3335 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "" + +#: src/cryptsetup.c:3340 +msgid "Invalid max reencryption hotzone size specification." +msgstr "" + +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +msgid "Key size must be a multiple of 8 bits" +msgstr "" + +#: src/cryptsetup.c:3371 +msgid "Maximum device reduce size is 1 GiB." +msgstr "" + +#: src/cryptsetup.c:3374 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "" + +#: src/cryptsetup.c:3391 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "" + +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +msgid "Show this help message" +msgstr "დახმარების ამ შეტყობინების ჩვენება" + +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +msgid "Display brief usage" +msgstr "გამოყენების მოკლე შეტყობინება" + +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +msgid "Print package version" +msgstr "პაკეტის ვერსიის გამოტანა" + +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +msgid "Help options:" +msgstr "დახმარების პარამეტრები:" + +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +msgid "[OPTION...] " +msgstr "" + +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +msgid "Argument missing." +msgstr "" + +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +msgid "Unknown action." +msgstr "უცნობი ქმედება." + +#: src/cryptsetup.c:3546 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "" + +#: src/cryptsetup.c:3552 +msgid "Only one --key-file argument is allowed." +msgstr "" + +#: src/cryptsetup.c:3557 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "" + +#: src/cryptsetup.c:3562 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "" + +#: src/cryptsetup.c:3573 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "" + +#: src/cryptsetup.c:3581 +msgid "No action taken. Invoked with --test-args option.\n" +msgstr "" + +#: src/cryptsetup.c:3594 +msgid "Cannot disable metadata locking." +msgstr "" + +#: src/veritysetup.c:54 +msgid "Invalid salt string specified." +msgstr "მარილის მითითებული სტრიქონი არასწორია." + +#: src/veritysetup.c:87 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "" + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "" + +#: src/veritysetup.c:136 +#, c-format +msgid "Cannot create root hash file %s for writing." +msgstr "" + +#: src/veritysetup.c:143 +#, c-format +msgid "Cannot write to root hash file %s." +msgstr "" + +#: src/veritysetup.c:198 src/veritysetup.c:476 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "" + +#: src/veritysetup.c:215 src/veritysetup.c:232 +#, c-format +msgid "Cannot read root hash file %s." +msgstr "" + +#: src/veritysetup.c:220 +#, c-format +msgid "Invalid root hash file %s." +msgstr "" + +#: src/veritysetup.c:241 +msgid "Invalid root hash string specified." +msgstr "" + +#: src/veritysetup.c:249 +#, c-format +msgid "Invalid signature file %s." +msgstr "" + +#: src/veritysetup.c:256 +#, c-format +msgid "Cannot read signature file %s." +msgstr "" + +#: src/veritysetup.c:279 src/veritysetup.c:293 +msgid "Command requires or --root-hash-file option as argument." +msgstr "" + +#: src/veritysetup.c:489 +msgid " " +msgstr "" + +#: src/veritysetup.c:489 src/integritysetup.c:534 +msgid "format device" +msgstr "მოწყობილობის ფორმატირება" + +#: src/veritysetup.c:490 +msgid " []" +msgstr "" + +#: src/veritysetup.c:490 +msgid "verify device" +msgstr "მოწყობილობის გადამოწმება" + +#: src/veritysetup.c:491 +msgid " []" +msgstr "" + +#: src/veritysetup.c:493 src/integritysetup.c:537 +msgid "show active device status" +msgstr "აქტიურ მოწყობილობის სტატუსის ჩვენება" + +#: src/veritysetup.c:494 +msgid "" +msgstr "<ჰეშის მოწყობილობა>" + +#: src/veritysetup.c:494 src/integritysetup.c:538 +msgid "show on-disk information" +msgstr "" + +#: src/veritysetup.c:513 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" + +#: src/veritysetup.c:520 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" + +#: src/veritysetup.c:658 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "" + +#: src/veritysetup.c:663 +msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." +msgstr "" + +#: src/integritysetup.c:177 +#, c-format +msgid "" +"This will overwrite data on %s and %s irrevocably.\n" +"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)." +msgstr "" + +#: src/integritysetup.c:212 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "" + +#: src/integritysetup.c:289 +msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." +msgstr "" + +#: src/integritysetup.c:364 src/integritysetup.c:521 +#, c-format +msgid "Device %s is not a valid INTEGRITY device." +msgstr "" + +#: src/integritysetup.c:534 src/integritysetup.c:538 +msgid "" +msgstr "" + +#: src/integritysetup.c:535 +msgid " " +msgstr "" + +#: src/integritysetup.c:558 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" + +#: src/integritysetup.c:563 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +"\tMaximum keyfile size: %dkB\n" +msgstr "" + +#: src/integritysetup.c:620 +#, c-format +msgid "Invalid --%s size. Maximum is %u bytes." +msgstr "" + +#: src/integritysetup.c:720 +msgid "Both key file and key size options must be specified." +msgstr "" + +#: src/integritysetup.c:724 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "" + +#: src/integritysetup.c:727 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "" + +#: src/integritysetup.c:731 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "" + +#: src/integritysetup.c:734 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "" + +#: src/integritysetup.c:738 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "" + +#: src/integritysetup.c:745 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" + +#: src/integritysetup.c:750 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "" + +#: src/utils_tools.c:118 +msgid "" +"\n" +"WARNING!\n" +"========\n" +msgstr "" +"\n" +"გაფრთხილება!\n" +"========\n" + +#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word. +#: src/utils_tools.c:120 +#, c-format +msgid "" +"%s\n" +"\n" +"Are you sure? (Type 'yes' in capital letters): " +msgstr "" + +#: src/utils_tools.c:126 +msgid "Error reading response from terminal." +msgstr "ტერმინალიდან მიღებული პასუხის წაკითხვის შეცდომა." + +#: src/utils_tools.c:158 +msgid "Command successful." +msgstr "ბრძანება წარმატებულია." + +#: src/utils_tools.c:166 +msgid "wrong or missing parameters" +msgstr "ნაკლული ან არასწორი პარამეტრები" + +#: src/utils_tools.c:168 +msgid "no permission or bad passphrase" +msgstr "აკრძალული წვდომა ან არასწორი საკვანძო ფრაზა" + +#: src/utils_tools.c:170 +msgid "out of memory" +msgstr "მეხსიერებას გარეთ" + +#: src/utils_tools.c:172 +msgid "wrong device or file specified" +msgstr "მითითებული მოწყობილობა ან ფაილი არასწორია" + +#: src/utils_tools.c:174 +msgid "device already exists or device is busy" +msgstr "მოწყობილობა უკვე არსებობს ან დაკავებულია" + +#: src/utils_tools.c:176 +msgid "unknown error" +msgstr "უცნობი შეცდომა" + +#: src/utils_tools.c:178 +#, c-format +msgid "Command failed with code %i (%s)." +msgstr "" + +#: src/utils_tools.c:256 +#, c-format +msgid "Key slot %i created." +msgstr "" + +#: src/utils_tools.c:258 +#, c-format +msgid "Key slot %i unlocked." +msgstr "" + +#: src/utils_tools.c:260 +#, c-format +msgid "Key slot %i removed." +msgstr "" + +#: src/utils_tools.c:269 +#, c-format +msgid "Token %i created." +msgstr "" + +#: src/utils_tools.c:271 +#, c-format +msgid "Token %i removed." +msgstr "" + +#: src/utils_tools.c:281 +msgid "No token could be unlocked with this PIN." +msgstr "" + +#: src/utils_tools.c:283 +#, c-format +msgid "Token %i requires PIN." +msgstr "" + +#: src/utils_tools.c:285 +#, c-format +msgid "Token (type %s) requires PIN." +msgstr "" + +#: src/utils_tools.c:288 +#, c-format +msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." +msgstr "" + +#: src/utils_tools.c:290 +#, c-format +msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." +msgstr "" + +#: src/utils_tools.c:293 +#, c-format +msgid "Token %i requires additional missing resource." +msgstr "" + +#: src/utils_tools.c:295 +#, c-format +msgid "Token (type %s) requires additional missing resource." +msgstr "" + +#: src/utils_tools.c:298 +#, c-format +msgid "No usable token (type %s) is available." +msgstr "" + +#: src/utils_tools.c:300 +msgid "No usable token is available." +msgstr "" + +#: src/utils_tools.c:393 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "" + +#: src/utils_tools.c:398 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "" + +#: src/utils_tools.c:423 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "" + +#: src/utils_tools.c:430 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "" + +#: src/utils_progress.c:74 +#, c-format +msgid "%02m%02s" +msgstr "%02m%02s" + +#: src/utils_progress.c:76 +#, c-format +msgid "%02h%02m%02s" +msgstr "%02სთ%02წთ%02წმ" + +#: src/utils_progress.c:78 +#, c-format +msgid "%02 days" +msgstr "%02 დღე" + +#: src/utils_progress.c:105 src/utils_progress.c:138 +#, c-format +msgid "%4 %s written" +msgstr "%4 %s ჩაწერილია" + +#: src/utils_progress.c:109 src/utils_progress.c:142 +#, c-format +msgid "speed %5.1f %s/s" +msgstr "სიჩქარე %5.1f %s/წმ" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. 'eol' is always new-line or empty. +#. See above. +#. +#: src/utils_progress.c:118 +#, c-format +msgid "Progress: %5.1f%%, ETA %s, %s, %s%s" +msgstr "მიმდინარეობა: %5.1f%%, დარჩენილია %s, %s, %s%s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. See above +#. +#: src/utils_progress.c:150 +#, c-format +msgid "Finished, time %s, %s, %s\n" +msgstr "დასრულდა. დრო: %s, %s, %s\n" + +#: src/utils_password.c:41 src/utils_password.c:74 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "" + +#: src/utils_password.c:49 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" + +#: src/utils_password.c:81 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "" + +#: src/utils_password.c:232 src/utils_password.c:246 +msgid "Error reading passphrase from terminal." +msgstr "" + +#: src/utils_password.c:244 +msgid "Verify passphrase: " +msgstr "გადაამოწმეთ საკვანძო ფრაზა: " + +#: src/utils_password.c:251 +msgid "Passphrases do not match." +msgstr "საკვანძო ფრაზები არ ემთხვევა." + +#: src/utils_password.c:289 +msgid "Cannot use offset with terminal input." +msgstr "" + +#: src/utils_password.c:293 +#, c-format +msgid "Enter passphrase: " +msgstr "შეიყვანეთ საკვანძო ფრაზა: " + +#: src/utils_password.c:296 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "შეიყვანეთ საკვანძო ფრაზა \"%s\"-სთვის: " + +#: src/utils_password.c:330 +msgid "No key available with this passphrase." +msgstr "" + +#: src/utils_password.c:332 +msgid "No usable keyslot is available." +msgstr "" + +#: src/utils_luks.c:67 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "" + +#: src/utils_luks.c:182 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "" + +#: src/utils_luks.c:195 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "" + +#: src/utils_luks.c:202 +msgid "Failed to read JSON file." +msgstr "JSON ფაილის წაკითხვის შეცდომა." + +#: src/utils_luks.c:207 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"წაკითხვა შეწყდა." + +#: src/utils_luks.c:248 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "" + +#: src/utils_luks.c:257 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"ჩაწერა შეწყდა." + +#: src/utils_luks.c:261 +msgid "Failed to write JSON file." +msgstr "JSON ფაილი ჩაწერის შეცდომა." + +#: src/utils_reencrypt.c:120 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/utils_reencrypt.c:124 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "" + +#: src/utils_reencrypt.c:130 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "" + +#: src/utils_reencrypt.c:132 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "" + +#: src/utils_reencrypt.c:203 +msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." +msgstr "" + +#: src/utils_reencrypt.c:208 +msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." +msgstr "" + +#: src/utils_reencrypt.c:215 +msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." +msgstr "" + +#: src/utils_reencrypt.c:293 +msgid "Device requires reencryption recovery. Run repair first." +msgstr "" + +#: src/utils_reencrypt.c:307 +#, c-format +msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" +msgstr "" + +#: src/utils_reencrypt.c:353 +msgid "Legacy LUKS2 reencryption is no longer supported." +msgstr "" + +#: src/utils_reencrypt.c:418 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "" + +#: src/utils_reencrypt.c:449 +#, c-format +msgid "" +"Requested --sector-size % is incompatible with %s superblock\n" +"(block size: % bytes) detected on device %s." +msgstr "" + +#: src/utils_reencrypt.c:494 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/utils_reencrypt.c:500 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/utils_reencrypt.c:510 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/utils_reencrypt.c:540 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "" + +#: src/utils_reencrypt.c:542 src/utils_reencrypt.c:549 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "" + +#: src/utils_reencrypt.c:574 +msgid "LUKS2 metadata size is larger than data shift value." +msgstr "" + +#: src/utils_reencrypt.c:611 +#, c-format +msgid "Failed to place new header at head of device %s." +msgstr "" + +#: src/utils_reencrypt.c:621 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/utils_reencrypt.c:657 +#, c-format +msgid "Active device %s is not LUKS2." +msgstr "" + +#: src/utils_reencrypt.c:685 +msgid "Restoring original LUKS2 header." +msgstr "" + +#: src/utils_reencrypt.c:693 +msgid "Original LUKS2 header restore failed." +msgstr "" + +#: src/utils_reencrypt.c:719 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "" + +#: src/utils_reencrypt.c:767 +msgid "Failed to add read/write permissions to exported header file." +msgstr "" + +#: src/utils_reencrypt.c:820 +#, c-format +msgid "Reencryption initialization failed. Header backup is available in %s." +msgstr "" + +#: src/utils_reencrypt.c:848 +msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." +msgstr "" + +#: src/utils_reencrypt.c:983 src/utils_reencrypt.c:992 +msgid "Not enough free keyslots for reencryption." +msgstr "" + +#: src/utils_reencrypt.c:1013 src/utils_reencrypt_luks1.c:1100 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "" + +#: src/utils_reencrypt.c:1022 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt_luks1.c:1158 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "" + +#: src/utils_reencrypt.c:1034 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "" + +#: src/utils_reencrypt.c:1086 +#, c-format +msgid "Switching data encryption cipher to %s.\n" +msgstr "" + +#: src/utils_reencrypt.c:1140 +msgid "No data segment parameters changed. Reencryption aborted." +msgstr "" + +#: src/utils_reencrypt.c:1242 +msgid "" +"Encryption sector size increase on offline device is not supported.\n" +"Activate the device first or use --force-offline-reencrypt option (dangerous!)." +msgstr "" + +#: src/utils_reencrypt.c:1282 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt_luks1.c:798 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"თავიდან დაშიფვრა შეწყვეტილია." + +#: src/utils_reencrypt.c:1287 +msgid "Resuming LUKS reencryption in forced offline mode.\n" +msgstr "" + +#: src/utils_reencrypt.c:1304 +#, c-format +msgid "Device %s contains broken LUKS metadata. Aborting operation." +msgstr "" + +#: src/utils_reencrypt.c:1320 src/utils_reencrypt.c:1342 +#, c-format +msgid "Device %s is already LUKS device. Aborting operation." +msgstr "" + +#: src/utils_reencrypt.c:1348 +#, c-format +msgid "Device %s is already in LUKS reencryption. Aborting operation." +msgstr "" + +#: src/utils_reencrypt.c:1421 +msgid "LUKS2 decryption requires --header option." +msgstr "" + +#: src/utils_reencrypt.c:1469 +msgid "Command requires device as argument." +msgstr "" + +#: src/utils_reencrypt.c:1482 +#, c-format +msgid "Conflicting versions. Device %s is LUKS1." +msgstr "" + +#: src/utils_reencrypt.c:1488 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS1 reencryption." +msgstr "" + +#: src/utils_reencrypt.c:1494 +#, c-format +msgid "Conflicting versions. Device %s is LUKS2." +msgstr "" + +#: src/utils_reencrypt.c:1500 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS2 reencryption." +msgstr "" + +#: src/utils_reencrypt.c:1506 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/utils_reencrypt.c:1513 +msgid "Device reencryption not in progress." +msgstr "" + +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "" + +#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945 +msgid "Allocation of aligned memory failed." +msgstr "" + +#: src/utils_reencrypt_luks1.c:150 +#, c-format +msgid "Cannot read device %s." +msgstr "" + +#: src/utils_reencrypt_luks1.c:161 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "" + +#: src/utils_reencrypt_luks1.c:177 +#, c-format +msgid "Cannot write device %s." +msgstr "" + +#: src/utils_reencrypt_luks1.c:226 +msgid "Cannot write reencryption log file." +msgstr "" + +#: src/utils_reencrypt_luks1.c:282 +msgid "Cannot read reencryption log file." +msgstr "" + +#: src/utils_reencrypt_luks1.c:293 +msgid "Wrong log format." +msgstr "ჟურნალის არასწორი ფორმატი." + +#: src/utils_reencrypt_luks1.c:320 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "" + +#: src/utils_reencrypt_luks1.c:369 +msgid "Activating temporary device using old LUKS header." +msgstr "" + +#: src/utils_reencrypt_luks1.c:379 +msgid "Activating temporary device using new LUKS header." +msgstr "" + +#: src/utils_reencrypt_luks1.c:389 +msgid "Activation of temporary devices failed." +msgstr "" + +#: src/utils_reencrypt_luks1.c:449 +msgid "Failed to set data offset." +msgstr "" + +#: src/utils_reencrypt_luks1.c:455 +msgid "Failed to set metadata size." +msgstr "" + +#: src/utils_reencrypt_luks1.c:463 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "" + +#: src/utils_reencrypt_luks1.c:500 +#, c-format +msgid "%s header backup of device %s created." +msgstr "" + +#: src/utils_reencrypt_luks1.c:556 +msgid "Creation of LUKS backup headers failed." +msgstr "" + +#: src/utils_reencrypt_luks1.c:685 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "" + +#: src/utils_reencrypt_luks1.c:687 +#, c-format +msgid "%s header on device %s restored." +msgstr "" + +#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923 +msgid "Cannot open temporary LUKS device." +msgstr "" + +#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933 +msgid "Cannot get device size." +msgstr "მოწყობილობის ზომის მიღების შეცდომა." + +#: src/utils_reencrypt_luks1.c:968 +msgid "IO error during reencryption." +msgstr "" + +#: src/utils_reencrypt_luks1.c:998 +msgid "Provided UUID is invalid." +msgstr "მითითებული UUID არასწორია." + +#: src/utils_reencrypt_luks1.c:1224 +msgid "Cannot open reencryption log file." +msgstr "" + +#: src/utils_reencrypt_luks1.c:1230 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "" + +#: src/utils_reencrypt_luks1.c:1286 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "" + +#: src/utils_reencrypt_luks1.c:1287 +msgid "volume key" +msgstr "ტომის გასაღები" + +#: src/utils_reencrypt_luks1.c:1289 +msgid "set hash to " +msgstr "ჰეშის დაყენება " + +#: src/utils_reencrypt_luks1.c:1290 +msgid ", set cipher to " +msgstr "" + +#: src/utils_blockdev.c:189 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "" + +#: src/utils_blockdev.c:197 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "" + +#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +msgid "Failed to initialize device signature probes." +msgstr "" + +#: src/utils_blockdev.c:274 +#, c-format +msgid "Failed to stat device %s." +msgstr "" + +#: src/utils_blockdev.c:289 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "" + +#: src/utils_blockdev.c:307 +#, c-format +msgid "Existing '%s' partition signature on device %s will be wiped." +msgstr "" + +#: src/utils_blockdev.c:310 +#, c-format +msgid "Existing '%s' superblock signature on device %s will be wiped." +msgstr "" + +#: src/utils_blockdev.c:313 +msgid "Failed to wipe device signature." +msgstr "" + +#: src/utils_blockdev.c:320 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "" + +#: src/utils_args.c:65 +#, c-format +msgid "Invalid size specification in parameter --%s." +msgstr "" + +#: src/utils_args.c:125 +#, c-format +msgid "Option --%s is not allowed with %s action." +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:110 +msgid "Failed to write ssh token json." +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:128 +msgid "" +"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" +"\n" +"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n" +"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n" +"\n" +"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext." +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:138 +msgid " " +msgstr "<ქმედება> <მოწყობილობა>" + +#: tokens/ssh/cryptsetup-ssh.c:141 +msgid "Options for the 'add' action:" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:142 +msgid "IP address/URL of the remote server for this token" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:143 +msgid "Username used for the remote server" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:144 +msgid "Path to the key file on the remote server" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:145 +msgid "Path to the SSH key for connecting to the remote server" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:146 +msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:148 +msgid "Generic options:" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:149 +msgid "Shows more detailed error messages" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:150 +msgid "Show debug messages" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:151 +msgid "Show debug messages including JSON metadata" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:262 +msgid "Failed to open and import private key:\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:266 +msgid "Failed to import private key (password protected?).\n" +msgstr "" + +#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " +#: tokens/ssh/cryptsetup-ssh.c:268 +#, c-format +msgid "%s@%s's password: " +msgstr "%s@%s-ის პაროლი: " + +#: tokens/ssh/cryptsetup-ssh.c:357 +#, c-format +msgid "Failed to parse arguments.\n" +msgstr "არგუმენტების დამუშავების შეცდომა.\n" + +#: tokens/ssh/cryptsetup-ssh.c:368 +#, c-format +msgid "An action must be specified\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:374 +#, c-format +msgid "Device must be specified for '%s' action.\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:379 +#, c-format +msgid "SSH server must be specified for '%s' action.\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:384 +#, c-format +msgid "SSH user must be specified for '%s' action.\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:389 +#, c-format +msgid "SSH path must be specified for '%s' action.\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:394 +#, c-format +msgid "SSH key path must be specified for '%s' action.\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:401 +#, c-format +msgid "Failed open %s using provided credentials.\n" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:417 +#, c-format +msgid "Only 'add' action is currently supported by this plugin.\n" +msgstr "" + +#: tokens/ssh/ssh-utils.c:46 +msgid "Cannot create sftp session: " +msgstr "SFTP სესიის შექმნის შეცდომა: " + +#: tokens/ssh/ssh-utils.c:53 +msgid "Cannot init sftp session: " +msgstr "SFTP სესიის ინიციალიზაციის შეცდომა: " + +#: tokens/ssh/ssh-utils.c:59 +msgid "Cannot open sftp session: " +msgstr "SFTP სესიის გახსნის შეცდომა: " + +#: tokens/ssh/ssh-utils.c:66 +msgid "Cannot stat sftp file: " +msgstr "SFTP ფაილის აღმოჩენის შეცდომა: " + +#: tokens/ssh/ssh-utils.c:74 +msgid "Not enough memory.\n" +msgstr "არასაკმარისი მეხსიერება.\n" + +#: tokens/ssh/ssh-utils.c:81 +msgid "Cannot read remote key: " +msgstr "დაშორებული გასაღების წაკითხვის შეცდომა: " + +#: tokens/ssh/ssh-utils.c:122 +msgid "Connection failed: " +msgstr "მიერთების შეცდომა: " + +#: tokens/ssh/ssh-utils.c:132 +msgid "Server not known: " +msgstr "სერვერი უცნობია: " + +#: tokens/ssh/ssh-utils.c:160 +msgid "Public key auth method not allowed on host.\n" +msgstr "" + +#: tokens/ssh/ssh-utils.c:171 +msgid "Public key authentication error: " +msgstr "" diff -Nru cryptsetup-2.5.0/po/LINGUAS cryptsetup-2.6.1/po/LINGUAS --- cryptsetup-2.5.0/po/LINGUAS 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/LINGUAS 2023-02-09 16:12:17.000000000 +0000 @@ -7,9 +7,11 @@ id it ja +ka nl pl pt_BR +ro ru sr sv diff -Nru cryptsetup-2.5.0/po/pl.po cryptsetup-2.6.1/po/pl.po --- cryptsetup-2.5.0/po/pl.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/pl.po 2023-02-09 16:12:17.000000000 +0000 @@ -5,10 +5,10 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Project-Id-Version: cryptsetup 2.6.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-07-14 18:45+0200\n" +"POT-Creation-Date: 2022-11-20 12:38+0100\n" +"PO-Revision-Date: 2022-11-20 20:45+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -18,67 +18,71 @@ "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Nie można zainicjować device-mappera w czasie działania jako nie-root." -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Nie można zainicjować device-mappera. Czy moduł jądra dm_mod jest wczytany?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "Żądana flaga odroczona nie jest obsługiwana." -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID dla urządzenia %s został skrócony." -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "Nieznany typ celu dm." -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "Żądane opcje dm-crypta dotyczące wydajności nie są obsługiwane." -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Żądane opcje dm-verity dotyczące obsługi uszkodzenia danych nie są obsługiwane." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "Żądana opcja taskletów dm-verity nie jest obsługiwana." + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "Żądane opcje FEC dm-verity nie są obsługiwane." -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "Żądane opcje integralności danych nie są obsługiwane." -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "Żądana opcja sector_size nie jest obsługiwana." -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Żądane automatyczne przeliczenie znaczników integralności nie jest obsługiwane." -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "Porzucenie/TRIM nie jest obsługiwane." -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Żądany tryb bitmapy dm-integrity nie jest obsługiwany." -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "Nie udało się odpytać segmentu dm-%s." -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -86,16 +90,16 @@ "Entropia w systemie wyczerpała się w trakcie generowania klucza wolumenu.\n" "Proszę poruszać myszą albo wpisać trochę tekstu w innym oknie w celu zebrania zdarzeń losowych.\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Generowanie klucza (gotowe %d%%).\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Działanie w trybie FIPS." -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "Błąd krytyczny w trakcie inicjalizacji RNG." @@ -107,576 +111,590 @@ msgid "Error reading from RNG." msgstr "Błąd odczytu z RNG." -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "Nie można zainicjować backendu kryptograficznego RNG." -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "Nie można zainicjować backendu kryptograficznego." -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2139 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Algorytm skrótu %s nie jest obsługiwany." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Błąd przetwarzania klucza (użyto algorytmu skrótu %s)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Nie można określić rodzaju urządzenia. Niezgodny sposób uaktywniania urządzenia?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3308 msgid "This operation is supported only for LUKS device." msgstr "Ta operacja jest obsługiwana tylko dla urządzeń LUKS." -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "Ta operacja jest obsługiwana tylko dla urządzeń LUKS2." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:430 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "Wszyskie miejsca na klucze są pełne." -#: lib/setup.c:431 +#: lib/setup.c:441 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Numer klucza %d jest błędny, proszę wybrać wartość między 0 a %d." -#: lib/setup.c:437 +#: lib/setup.c:447 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Miejsce na klucz %d jest pełne, proszę wybrać inne." -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:532 lib/setup.c:3030 msgid "Device size is not aligned to device logical block size." msgstr "Rozmiar urządzenia nie jest wyrównany do rozmiaru bloku logicznego urządzenia." -#: lib/setup.c:620 +#: lib/setup.c:630 #, c-format msgid "Header detected but device %s is too small." msgstr "Wykryto nagłówek, ale urządzenie %s jest zbyt małe." -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:671 lib/setup.c:2930 lib/setup.c:4275 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "Ta operacja nie jest obsługiwana dla tego rodzaju urządzenia." -#: lib/setup.c:666 +#: lib/setup.c:676 msgid "Illegal operation with reencryption in-progress." msgstr "Niedozwolona operacja w trakcie ponownego szyfrowania." -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:762 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "Nie udało się wycofać zmian w metadanych LUKS2 w pamięci." + +#: lib/setup.c:849 lib/luks1/keymanage.c:247 lib/luks1/keymanage.c:525 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1433 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Urządzenie %s nie jest prawidłowym urządzeniem LUKS." -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:852 lib/luks1/keymanage.c:528 #, c-format msgid "Unsupported LUKS version %d." msgstr "Nieobsługiwana wersja LUKS %d." -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1479 lib/setup.c:2679 lib/setup.c:2761 lib/setup.c:2773 +#: lib/setup.c:2940 lib/setup.c:4752 #, c-format msgid "Device %s is not active." msgstr "Urządzenie %s nie jest aktywne." -#: lib/setup.c:1448 +#: lib/setup.c:1496 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Urządzenie stojące za urządzeniem szyfrowanym %s zniknęło." -#: lib/setup.c:1528 +#: lib/setup.c:1578 msgid "Invalid plain crypt parameters." msgstr "Błędne parametry szyfru plain." -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1583 lib/setup.c:2042 msgid "Invalid key size." msgstr "Błędny rozmiar klucza." -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1588 lib/setup.c:2047 lib/setup.c:2250 msgid "UUID is not supported for this crypt type." msgstr "UUID nie jest obsługiwany dla tego rodzaju szyfrowania." -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1593 lib/setup.c:2052 msgid "Detached metadata device is not supported for this crypt type." msgstr "Osobne urządzenie metadanych nie jest obsługiwane dla tego rodzaju szyfrowania." -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1603 lib/setup.c:1819 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "Nieobsługiwany rozmiar sektora szyfrowania." -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1611 lib/setup.c:1947 lib/setup.c:3024 msgid "Device size is not aligned to requested sector size." msgstr "Rozmiar urządzenia nie jest wyrównany do żądanego rozmiaru sektura." -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1663 lib/setup.c:1787 msgid "Can't format LUKS without device." msgstr "Nie można sformatować LUKS-a bez urządzenia." -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1669 lib/setup.c:1793 msgid "Requested data alignment is not compatible with data offset." msgstr "Żądane wyrównanie metadanych nie jest zgodne z offsetem danych." -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "UWAGA: offset danych leży poza obecnie dostępnym urządzeniem danych.\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1744 lib/setup.c:1964 lib/setup.c:1985 lib/setup.c:2262 #, c-format msgid "Cannot wipe header on device %s." msgstr "Nie można wymazać nagłówka na urządzeniu %s." -#: lib/setup.c:1774 +#: lib/setup.c:1757 lib/setup.c:2024 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Urządzenie %s jest zbyt małe do uaktywnienia, nie ma miejsca pozostałego na dane.\n" + +#: lib/setup.c:1828 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "UWAGA: uaktywnienie urządzenia się nie powiedzie, dm-crypt nie ma obsługi żądanego rozmiaru sektora szyfrowania.\n" -#: lib/setup.c:1797 +#: lib/setup.c:1851 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Klucz wolumenu jest zbyt mały do szyfrowania z rozszerzeniami integralności." -#: lib/setup.c:1857 +#: lib/setup.c:1911 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Szyfr %s-%s (rozmiar klucza w bitach: %zd) nie jest dostępny." -#: lib/setup.c:1886 +#: lib/setup.c:1937 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "UWAGA: rozmiar metadanych LUKS2 zmienił się na % (w bajtach).\n" -#: lib/setup.c:1890 +#: lib/setup.c:1941 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "UWAGA: rozmiar obszaru kluczy LUKS2 zmienił się na % (w bajtach).\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1967 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "Urządzenie %s jest zbyt małe." -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1978 lib/setup.c:2004 #, c-format msgid "Cannot format device %s in use." msgstr "Nie można sformatować urządzenia %s, które jest w użyciu." -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1981 lib/setup.c:2007 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Nie można sformatować urządzenia %s, brak uprawnień." -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:1993 lib/setup.c:2322 #, c-format msgid "Cannot format integrity for device %s." msgstr "Nie można sformatować integralności dla urządzenia %s." -#: lib/setup.c:1960 +#: lib/setup.c:2011 #, c-format msgid "Cannot format device %s." msgstr "Nie można sformatować urządzenia %s." -#: lib/setup.c:1978 +#: lib/setup.c:2037 msgid "Can't format LOOPAES without device." msgstr "Nie można sformatować urządzenia LUKSAES bez urządzenia." -#: lib/setup.c:2023 +#: lib/setup.c:2082 msgid "Can't format VERITY without device." msgstr "Nie można sformatować VERITY bez urządzenia." -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2093 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Nieobsługiwany typ hasza VERITY %d." -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2099 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Nieobsługiwany rozmiar bloku VERITY." -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2104 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Nieobsługiwany offset hasza VERITY." -#: lib/setup.c:2050 +#: lib/setup.c:2109 msgid "Unsupported VERITY FEC offset." msgstr "Nieobsługiwany offset FEC VERITY." -#: lib/setup.c:2074 +#: lib/setup.c:2133 msgid "Data area overlaps with hash area." msgstr "Obszar danych zachodzi na obszar skrótów." -#: lib/setup.c:2099 +#: lib/setup.c:2158 msgid "Hash area overlaps with FEC area." msgstr "Obszar skrótu zachodzi na obszar FEC." -#: lib/setup.c:2106 +#: lib/setup.c:2165 msgid "Data area overlaps with FEC area." msgstr "Obszar danych zachodzi na obszar FEC." -#: lib/setup.c:2242 +#: lib/setup.c:2301 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "UWAGA: żądany rozmiar znacznika %d B różni się od rozmiaru wyjścia %s (%d B).\n" -#: lib/setup.c:2321 +#: lib/setup.c:2380 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Nieznany typ żądanego urządzenia szyfrującego %s." -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2687 lib/setup.c:2766 lib/setup.c:2779 #, c-format msgid "Unsupported parameters on device %s." msgstr "Nieobsługiwane parametry urządzenia %s." -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2693 lib/setup.c:2786 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "Niezgodne parametry dla urządzenia %s." -#: lib/setup.c:2731 +#: lib/setup.c:2810 msgid "Crypt devices mismatch." msgstr "Urządzenia szyfrowane nie zgadzają się." -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2847 lib/setup.c:2852 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "Nie udało się przeładować urządzenia %s." -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2858 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "Nie udało się wstrzymać urządzenia %s." -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2870 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "Nie udało wznowić urządzenia %s." -#: lib/setup.c:2806 +#: lib/setup.c:2885 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Błąd krytyczny przy przeładowywaniu urządzenia %s (w oparciu o urządzenie %s)." -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2888 lib/setup.c:2890 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Nie udało się przełączyć urządzenia %s na dm-error." -#: lib/setup.c:2891 +#: lib/setup.c:2972 msgid "Cannot resize loop device." msgstr "Nie można zmienić rozmiaru urządzenia loopback." -#: lib/setup.c:2931 +#: lib/setup.c:3015 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "UWAGA: maksymalny rozmiar jest już ustawiony lub jądro nie obsługuje zmiany rozmiaru.\n" -#: lib/setup.c:2989 +#: lib/setup.c:3076 msgid "Resize failed, the kernel doesn't support it." msgstr "Zmiana rozmiaru nie powiodła się, jądro tego nie obsługuje." -#: lib/setup.c:3021 +#: lib/setup.c:3108 msgid "Do you really want to change UUID of device?" msgstr "Czy na pewno zmienić UUID urządzenia?" -#: lib/setup.c:3113 +#: lib/setup.c:3200 msgid "Header backup file does not contain compatible LUKS header." msgstr "Plik nagłówka kopii zapasowej nie zawiera zgodnego nagłówka LUKS." -#: lib/setup.c:3229 +#: lib/setup.c:3316 #, c-format msgid "Volume %s is not active." msgstr "Wolumen %s nie jest aktywny." -#: lib/setup.c:3240 +#: lib/setup.c:3327 #, c-format msgid "Volume %s is already suspended." msgstr "Wolumen %s już został wstrzymany." -#: lib/setup.c:3253 +#: lib/setup.c:3340 #, c-format msgid "Suspend is not supported for device %s." msgstr "Wstrzymywanie nie jest obsługiwane dla urządzenia %s." -#: lib/setup.c:3255 +#: lib/setup.c:3342 #, c-format msgid "Error during suspending device %s." msgstr "Błąd podczas wstrzymywania urządzenia %s." -#: lib/setup.c:3290 +#: lib/setup.c:3377 #, c-format msgid "Resume is not supported for device %s." msgstr "Wznawianie nie jest obsługiwane dla urządzenia %s." -#: lib/setup.c:3292 +#: lib/setup.c:3379 #, c-format msgid "Error during resuming device %s." msgstr "Błąd podczas wznawiania urządzenia %s." -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3413 lib/setup.c:3461 lib/setup.c:3532 lib/setup.c:3577 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "Wolumen %s nie jest wstrzymany." -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3547 lib/setup.c:4528 lib/setup.c:4541 lib/setup.c:4549 +#: lib/setup.c:4562 lib/setup.c:6145 lib/setup.c:6167 lib/setup.c:6216 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "Klucz wolumenu nie pasuje do wolumenu." -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "Nie można dodać klucza, wszystkie miejsca na klucze wyłączone i nie podano klucza wolumenu." - -#: lib/setup.c:3697 +#: lib/setup.c:3725 msgid "Failed to swap new key slot." msgstr "Nie udało się podstawić nowego klucza." -#: lib/setup.c:3883 +#: lib/setup.c:3823 #, c-format msgid "Key slot %d is invalid." msgstr "Numer klucza %d jest nieprawidłowy." -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3829 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "Klucz %d nie jest aktywny." -#: lib/setup.c:3908 +#: lib/setup.c:3848 msgid "Device header overlaps with data area." msgstr "Nagłówek urządzenia zachodzi na obszar danych." -#: lib/setup.c:4213 +#: lib/setup.c:4153 msgid "Reencryption in-progress. Cannot activate device." msgstr "Ponowne szyfrowanie trwa. Nie można uaktywnić urządzenia." -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4155 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "Nie udało się uzyskać blokady ponownego szyfrowania." -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4168 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "Odtwarzanie ponownego szyfrowania LUKS2 nie powiodło się." -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4340 lib/setup.c:4606 msgid "Device type is not properly initialized." msgstr "Typ urządzenia nie został właściwie zainicjalizowany." -#: lib/setup.c:4444 +#: lib/setup.c:4388 #, c-format msgid "Device %s already exists." msgstr "Urządzenie %s już istnieje." -#: lib/setup.c:4451 +#: lib/setup.c:4395 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Nie można użyć urządzenia %s, nazwa jest nieprawidłowa lub nadal w użyciu." -#: lib/setup.c:4571 +#: lib/setup.c:4515 msgid "Incorrect volume key specified for plain device." msgstr "Podano niewłaściwy klucz wolumenu dla zwykłego urządzenia." -#: lib/setup.c:4687 +#: lib/setup.c:4632 msgid "Incorrect root hash specified for verity device." msgstr "Podano niewłaściwy hasz główny dla urządzenia VERITY." -#: lib/setup.c:4697 +#: lib/setup.c:4642 msgid "Root hash signature required." msgstr "Wymagany podpis hasza głównego." -#: lib/setup.c:4706 +#: lib/setup.c:4651 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Brak pęku kluczy w jądrze: wymagany do przekazania podpisu do jądra." -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4668 lib/setup.c:6411 msgid "Failed to load key in kernel keyring." msgstr "Nie udało się załadować klucza do pęku kluczy w jądrze." -#: lib/setup.c:4779 +#: lib/setup.c:4724 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Nie udało się anulować opóźnionego usuwania z urządzenia %s." -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4731 lib/setup.c:4747 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Urządzenie %s jest nadal w użyciu." -#: lib/setup.c:4811 +#: lib/setup.c:4756 #, c-format msgid "Invalid device %s." msgstr "Błędne urządzenie %s." -#: lib/setup.c:4927 +#: lib/setup.c:4896 msgid "Volume key buffer too small." msgstr "Bufor klucza wolumenu zbyt mały." -#: lib/setup.c:4935 +#: lib/setup.c:4913 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia LUKS2." + +#: lib/setup.c:4922 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia LUKS1." + +#: lib/setup.c:4932 msgid "Cannot retrieve volume key for plain device." msgstr "Nie można odtworzyć klucza wolumenu dla zwykłego urządzenia." -#: lib/setup.c:4952 +#: lib/setup.c:4940 msgid "Cannot retrieve root hash for verity device." msgstr "Nie można odtworzyć hasza głównego dla urządzenia VERITY." -#: lib/setup.c:4956 +#: lib/setup.c:4947 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia BITLK." + +#: lib/setup.c:4952 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia FVAULT2." + +#: lib/setup.c:4954 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Ta operacja nie jest obsługiwana dla urządzenia szyfrującego %s." -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5135 lib/setup.c:5146 msgid "Dump operation is not supported for this device type." msgstr "Operacja zrzutu nie jest obsługiwana dla tego rodzaju urządzenia." -#: lib/setup.c:5471 +#: lib/setup.c:5488 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Offset danych nie jest wielokrotnością liczby bajtów %u." -#: lib/setup.c:5756 +#: lib/setup.c:5776 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Nie można przekonwertować urządzenia %s, które jest nadal w użyciu." -#: lib/setup.c:6075 +#: lib/setup.c:6086 lib/setup.c:6225 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Nie udało się przypisać klucza %u jako nowego klucza wolumenu." -#: lib/setup.c:6148 +#: lib/setup.c:6110 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Nie udało się zainicjować domyślnych parametrów klucza LUKS2." -#: lib/setup.c:6154 +#: lib/setup.c:6116 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Nie udało się przypisać klucza %d do skrótu." -#: lib/setup.c:6285 +#: lib/setup.c:6341 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Nie można dodać klucza, wszystkie miejsca na klucze wyłączone i nie podano klucza wolumenu." + +#: lib/setup.c:6478 msgid "Kernel keyring is not supported by the kernel." msgstr "Pęk kluczy w jądrze nie jest obsługiwany przez jądro." -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6488 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Nie udało się odczytać hasła z pęku kluczy (błąd %d)." -#: lib/setup.c:6319 +#: lib/setup.c:6512 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Nie udało się uzyskać globalnej blokady serializacji dostępu ciężkiego pamięciowo." -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "Nie można odczytać priorytetu procesu." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "Nie można odblokować pamięci." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "Nie udało się otworzyć pliku klucza." -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "Nie można odczytać pliku klucza z terminala." -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "Nie udało się wykonać stat na pliku klucza." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "Nie można przemieścić się do żądanego położenia pliku klucza." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:227 +#: src/utils_password.c:239 msgid "Out of memory while reading passphrase." msgstr "Brak pamięci podczas odczytu hasła." -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "Błąd podczas odczytu hasła." -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "Na wejściu nie ma nic do odczytu." -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "Przekroczono maksymalny rozmiar pliku klucza." -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "Nie można odczytać żądanej ilości danych." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1408 #, c-format msgid "Device %s does not exist or access denied." msgstr "Urządzenie %s nie istnieje lub dostęp jest zabroniony." -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "Urządzenie %s nie jest zgodne." -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Zignorowano niewłaściwy rozmiar optimal-io dla urządzenia danych (%u bajtów)." -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "Urządzenie %s jest zbyt małe. Wymagane przynajmniej % bajtów." -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Nie można użyć urządzenia %s, które jest w użyciu (już podmapowane lub zamontowane)." -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Nie można użyć urządzenia %s, brak uprawnień." -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "Nie można uzyskać informacji o urządzeniu %s." -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "Nie można użyć urządzenia loopback w czasie działania jako nie-root." -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Nie udało się podłączyć urządzenia loopback (wymagane urządzenie loop z flagą autoclear)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Żądany offset jest poza rzeczywistym rozmiarem urządzenia %s." -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "Urządzenie %s ma zerowy rozmiar." @@ -730,30 +748,25 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "W trybie FIPS obsługiwana jest tylko PBKDF2." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:174 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Test wydajności PBKDF jest wyłączony, ale nie ustawiono liczby iteracji." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:193 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Niekompatybilne opcje PBKDF2 (przy użyciu algorytmu skrótu %s)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:213 msgid "Not compatible PBKDF options." msgstr "Niekompatybilne opcje PBKDF." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Blokowanie nie powiodło się. Ścieżka blokady %s/%s jest nieużywalna (brak lub nie jest katalogiem)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "Katalog blokujący %s/%s zostanie utworzony z domyślnymi wkompilowanymi uprawnieniami." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Blokowanie przerwane. Ścieżka blokady %s/%s jest nieużywalna (%s nie jest katalogiem)." @@ -786,8 +799,8 @@ msgstr "Określenie szyfru powinno być w formacie [szyfr]-[tryb]-[iv]." #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keymanage.c:675 lib/luks1/keymanage.c:1126 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Nie można zapisać na urządzenie %s, brak uprawnień." @@ -800,64 +813,65 @@ msgid "Failed to access temporary keystore device." msgstr "Nie udało się uzyskać dostępu do urządzenia do tymczasowego przechowywania kluczy." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:61 +#: lib/luks2/luks2_keyslot_luks2.c:79 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "Błąd we/wy podczas szyfrowania klucza." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keymanage.c:628 lib/luks1/keymanage.c:678 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Nie można otworzyć urządzenia %s." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:138 msgid "IO error while decrypting keyslot." msgstr "Błąd we/wy podczas odszyfrowywania klucza." -#: lib/luks1/keymanage.c:130 +#: lib/luks1/keymanage.c:129 #, c-format msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" msgstr "Urządzenie %s jest zbyt małe (LUKS1 wymaga przynajmniej % bajtów)." -#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159 -#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182 -#: lib/luks1/keymanage.c:194 +#: lib/luks1/keymanage.c:150 lib/luks1/keymanage.c:158 +#: lib/luks1/keymanage.c:170 lib/luks1/keymanage.c:181 +#: lib/luks1/keymanage.c:193 #, c-format msgid "LUKS keyslot %u is invalid." msgstr "Numer klucza LUKS %u jest nieprawidłowy." -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:265 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "Żądany plik kopii zapasowej nagłówka %s już istnieje." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "Nie można utworzyć pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:274 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "Nie można zapisać pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "Plik kopii zapasowej nie zawiera prawidłowego nagłówka LUKS." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:591 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "Nie można otworzyć pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "Nie można odczytać pliku kopii zapasowej nagłówka %s." @@ -879,7 +893,7 @@ msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "już zawiera nagłówek LUKS. Nadpisanie nagłówka zniszczy istniejące klucze." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -887,126 +901,126 @@ "\n" "UWAGA: nagłówek prawdziwego urządzenia ma inny UUID niż kopia zapasowa!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:396 msgid "Non standard key size, manual repair required." msgstr "Niestandardowy rozmiar klucza, wymagana ręczna naprawa." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:406 msgid "Non standard keyslots alignment, manual repair required." msgstr "Niestandardowe wyrównanie kluczy, wymagana ręczna naprawa." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:415 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Tryb szyfru poprawiony (%s -> %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:426 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Skrót szyfru poprawiony na małe litery (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:428 lib/luks1/keymanage.c:534 +#: lib/luks1/keymanage.c:790 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "Żądany skrót LUKS %s nie jest obsługiwany." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:442 msgid "Repairing keyslots." msgstr "Naprawianie kluczy." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:461 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Klucz %i: naprawiono offset (%u -> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:469 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Klucz %i: naprawiono pasy (%u -> %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:478 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Klucz %i: błędna sygnatura partycji." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:483 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Klucz %i: zarodek wymazany." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:500 msgid "Writing LUKS header to disk." msgstr "Zapis nagłówka LUKS na dysk." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:505 msgid "Repair failed." msgstr "Naprawa nie powiodła się." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:560 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "Tryb szyfru LUKS %s jest nieprawidłowy." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:565 #, c-format msgid "LUKS hash %s is invalid." msgstr "Skrót LUKS %s jest nieprawidłowy." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:572 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "W nagłówku LUKS nie wykryto żadnych znanych problemów." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:700 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Błąd podczas uaktualniania nagłówka LUKS na urządzeniu %s." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:708 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Błęd podczas ponownego odczytu nagłówka LUKS po uaktualnieniu na urządzeniu %s." -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:784 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Offset danych dla nagłówka LUKS musi wynosić 0 lub więcej niż rozmiar nagłówka." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:795 lib/luks1/keymanage.c:864 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:514 msgid "Wrong LUKS UUID format provided." msgstr "Podano zły format LUKS UUID." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:817 msgid "Cannot create LUKS header: reading random salt failed." msgstr "Nie można utworzyć nagłówka LUKS: odczyt losowego zarodka nie powiódł się." -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:843 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "Nie można utworzyć nagłówka LUKS: uzyskanie skrótu nagłówka nie powiodło się (przy użyciu algorytmu %s)." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:887 #, c-format msgid "Key slot %d active, purge first." msgstr "Klucz numer %d jest aktywny, należy go najpierw wyczyścić." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:893 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Klucz %d zawiera zbyt mało pasów. Zmieniony nagłówek?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:1034 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Nie można otworzyć klucza (przy użyciu skrótu %s)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1112 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Numer klucza %d jest błędny, proszę wybrać numer od 0 do %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1130 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Nie można wymazać urządzenia %s." @@ -1027,48 +1041,48 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "Jądro nie obsługuje odwzorowań zgodnych z loop-AES." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "Błąd odczytu pliku klucza %s." -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Przekroczono maksymalną długość hasła TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Algorytm skrótu PBKDF2 %s nie jest dostępny, pominięto." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "Wymagany interfejs kryptograficzny jądra nie jest dostępny." -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Proszę upewnić się, że moduł jądra algif_skcipher został załadowany." -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Uaktywnianie nie jest obsługiwane dla rozmiaru sektora %d." -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Jądro nie obsługuje uaktywniania dla tego starego trybu TCRYPT." -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Włączanie szyfrowania systemu TCRYPT dla partycji %s." -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Jądro nie obsługuje odwzorowań zgodnych z TCRYPT." -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "Ta funkcja nie jest obsługiwana bez załadowanego nagłówka TCRYPT." @@ -1198,6 +1212,16 @@ msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Nie można uaktywnić urządzenia, brak modułu jądra dm-zero." +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Nie można odczytać %u bajtów nagłówka wolumenu." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "Nieobsługiwana wersja FVAULT2 %." + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1349,17 +1373,17 @@ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Jądro odmawia uaktywnienia niebezpiecznej opcji przeliczenia (p. stare opcje aktywacji, aby wymusić)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Nie udało się uzyskać blokady dla zapisu na urządzeniu %s." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Wykryto próbę jednoczesnego uaktualnienia metadanych LUKS2. Przerywanie operacji." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1367,49 +1391,49 @@ "Urządzenie zawiera niejednoznaczne sygnatury, nie można automatycznie odtworzyć LUKS2.\n" "W celu odtworzenia należy uruchomić \"cryptsetup repair\"." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "Żądany offset danych jest zbyt mały." -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "UWAGA: obszar kluczy (% bajtów) bardzo mały, dostępna liczba kluczy LUKS2 jest bardzo ograniczona.\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:93 +#: lib/luks2/luks2_keyslot_luks2.c:115 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Nie udało się uzyskać blokady do odczytu na urządzeniu %s." -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Wykryto zabronione wymagania LUKS2 w kopii zapasowej %s." -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "Offset danych różni się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się." -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Nagłówek binarny z rozmiarem obszarów kluczy różni się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się." -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "Urządzenie %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "nie zawiera nagłówka LUKS2. Nadpisanie nagłówka może zniszczyć dane na tym urządzeniu." -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "już zawiera nagłówek LUKS2. Nadpisanie nagłówka zniszczy istniejące klucze." -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1419,7 +1443,7 @@ "UWAGA: wykryto nieznane wymagania LUKS2 w nagłówku prawdziwego urządzenia!\n" "Nadpisanie nagłówka kopią zapasową może uszkodzić dane na tym urządzeniu!" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1429,50 +1453,50 @@ "UWAGA: wykryto nie zakończone ponowne szyfrowanie offline na urządzeniu!\n" "Nadpisanie nagłówka kopią zapasową może uszkodzić dane." -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "Zignorowano nieznaną flagę %s." -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Brak klucza dla segmentu dm-crypt %u" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "Nie udało się ustawić segmentu dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "Nie udało się ustawić segmentu dm-linear." -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "Nieobsługiwana konfiguracja integralności urządzenia." -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Podobne szyfrowanie trwa. Nie można dezaktywować urządzenia." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Nie udało się zastąpić wstrzymanego urządzenia %s celem dm-error." -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "Nie udało się odczytać wymagań LUKS2." -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "Wykryto nie spełnione wymagania LUKS2." -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Operacja niezgodna z urządzeniem oznaczonym do ponownego szyfrowania starym szyfrem. Przerwano." -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Operacja niezgodna z urządzeniem oznaczonym do ponownego szyfrowania LUKS2. Przerwano." @@ -1484,20 +1508,21 @@ msgid "Keyslot open failed." msgstr "Nie udało się otworzyć klucza." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:54 lib/luks2/luks2_keyslot_luks2.c:109 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Nie można użyć szyfru %s-%s do szyfrowania kluczy." -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "Brak miejsca na nowy klucz." - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:281 lib/luks2/luks2_keyslot_luks2.c:390 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "Algorytm skrótu %s nie jest dostępny." +#: lib/luks2/luks2_keyslot_luks2.c:506 +msgid "No space for new keyslot." +msgstr "Brak miejsca na nowy klucz." + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "Błędne żądanie zmiany trybu odporności przy ponownym szyfrowaniu." @@ -1520,7 +1545,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Nie można przekonwertować nagłówka z dodatkowymi metadanymi LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Nie można użyć określenia szyfru %s-%s dla LUKS2." @@ -1578,240 +1603,244 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u nie jest zgodny z LUKS1." -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Rozmiar strefy hotzone musi być wielokrotnością wyliczonego wyrównania strefy (bajtów: %zu)." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Rozmiar urządzenia musi być wielokrotnością wyliczonego wyrównania strefy (bajtów: %zu)." -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "Nie udało się zainicjować obudowania przestrzeni starego segmentu." -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "Nie udało się zainicjować obudowania przestrzeni nowego segmentu." -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "Nie udało się zainicjować ochrony strefy hotzone." -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "Nie udało się odczytać sum kontrolnych dla aktualnej strefy hotzone." -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Nie udało się odczytać obszaru hotzone zaczynającego się od %." -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Nie udało się odszyfrować sektora %zu." -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "Nie udało się odtworzyć sektora %zu." -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Rozmiary urządzenia źródłowego i docelowego różnią się. Źródłowe %, docelowe: %." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Nie udało się uaktywnić urządzenia hotzone %s." -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Nie udało się uaktywnić urządzenia nakładkowego %s z aktualną tablicą źródła." -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Nie udało się załadować nowego odwzorowania dla urządzenia %s." -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "Nie udało się odświeżyć stosu urządzenia ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "Nie udało się ustawić nowego rozmiaru obszaru kluczy." -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "Wartość przesunięcia danych nie jest wyrównana do rozmiaru sektora szyfrowania (% B)." -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Nieobsługiwany tryb odporności %s" -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "Rozmiar przenoszonego segmentu nie może być większy niż wartość przesunięcia danych." -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "Błędne parametry odporności przy ponownym szyfrowaniu." + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %, available space for: %." msgstr "Przenoszony segment zbyt duży. Żądany rozmiar %, dostępne miejsce: %." -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "Nie udało się wyczyścić tablicy." -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "Zmniejszony rozmiar danych jest większy niż rzeczywisty rozmiar urządzenia." -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "Urzędzenie danych nie jest wyrównane do rozmiaru sektora szyfrowania (% B)." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Przesunięcie danych (sektorów: %) jest mniejsze niż przyszły offset danych (sektorów: %)." -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Nie udało się otworzyć %s w trybie wyłączności (już odwzorowano lub zamontowano)." -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "Urządzenie nie jest oznaczone do ponownego szyfrowania LUKS2." -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "Nie udało się załadować kontekstu ponownego szyfrowania LUKS2." -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "Nie udało się pobrać stanu ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "Urządzenie nie jest w trakcie ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "Proces ponownego szyfrowania już trwa." -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "Nie udało się uzyskać blokady dla ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Nie można kontynuować ponownego szyfrowania. Należy najpierw uruchomić odtworzenie ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "Rozmiar urządzenia aktywnego oraz żądany rozmiar ponownego szyfrowania różnią się." -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "W parametrach ponownego szyfrowania zażądano niedozwolonego rozmiaru urządzenia." -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Ponowne szyfrowanie trwa. Nie można wykonać odzyskiwania." -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane w metadanych." -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Nie udało się zainicjować ponownego szyfrowania LUKS2 w metadanych." -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Nie udało się ustawić segmentów urządzeń dla następnej strefy hotzone ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "Nie udało się zapisać metadanych odporności ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "Odszyfrowanie nie powiodło się." -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Nie udało się zapisać obszaru hotzone zaczynającego się od %." -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "Nie udało się zsynchronizować danych." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Nie udało się uaktualnić metadanych po zakończeniu aktualnej strefy hotzone ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "Nie udało się zapisać metadanych LUKS2." -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "Nie udało się wymazać nie używanego obszaru urządzenia danych." -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Nie udało się usunąć nie używanego (nie przypisanego) obszaru klucza %d." -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "Nie udało się usunąć obszaru klucza ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Błąd krytyczny podczas ponownego szyfrowania fragmentu zaczynającego się od % o długości w sektorach %." -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "Ponowne szyfrowanie online nie powiodło się." -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "Proszę nie wznawiać urządzenia dopóki nie zostanie zastąpione celem błędnym ręcznie." -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Nie można kontynuować ponownego szyfrowania. Nieoczekiwany stan ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "Brak lub błędny kontekst ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "Nie udało się zainicjować stosu urządzenia ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "Nie udało się uaktualnić kontekstu ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "Metadane ponownego szyfrowania są błędne." @@ -1819,18 +1848,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Parametry szyfrowania kluczy mogą być ustawione tylko dla urządzeń LUKS2." -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "Proszę wprowadzić PIN tokenu:" +msgid "Enter token PIN: " +msgstr "Proszę wprowadzić PIN: " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "Proszę wprowadzić PIN tokenu %d:" +msgid "Enter token %d PIN: " +msgstr "Proszę wprowadzić PIN tokenu %d: " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1097 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Nie wykryto znanego wzorca określającego szyfr." @@ -1848,10 +1877,10 @@ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Wykryto sygnatury urządzeń na %s. Dalsze operacje mogą uszkodzić istniejące dane." -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:724 msgid "Operation aborted.\n" msgstr "Operacja przerwana.\n" @@ -1899,7 +1928,7 @@ "Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" "w bezpiecznym miejscu." -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1910,68 +1939,77 @@ "Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" "w bezpiecznym miejscu." -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Urządzenie %s nie jest prawidłowym urządzeniem FVAULT2." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Nie można określić rozmiaru klucza wolumenu dla FVAULT2, proszę użyć opcji --key-size." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Urządzenie %s jest nadal aktywne i zaplanowane do odroczonego usunięcia.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Zmiana rozmiaru aktywnego urządzenia wymaga klucza wolumenu w pęku, ale ustawiono opcję --disable-keyring." -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "Test szybkości przerwany." -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s N/D\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u iteracji/sekundę dla klucza %zu-bitowego\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s N/D\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u iteracji, pamięć: %5u, równoległe wątki (CPU): %1u dla klucza %zu-bitowego (żądany czas %u ms)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "Wynik testu wydajności nie jest wiarygodny." -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Testy są przybliżone tylko z użyciem pamięci (bez we/wy na dysk).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Szyfr %s (rozmiar klucza w bitach: %i) nie jest dostępny." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "N/D" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -1979,27 +2017,27 @@ "Wybryto nie zabezpieczone metadane ponownego szyfrowania LUKS2. Proszę sprawdzić, czy operacja ponownego szyfrowania jest pożądana (p. wyjście luksDump)\n" "i kontynuować (uaktualnić metadane) tylko jeśli ta operacja ma być faktycznie wykonana." -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Hasło do zabezpieczenia i uaktualnienia metadanych ponownego szyfrowania: " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Naprawdę kontynuować odtwarzanie ponownego szyfrowania LUKS2?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Hasło do weryfikacji skrótu metadanych ponownego szyfrowania: " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "Hasło do odtwarzania ponownego szyfrowania: " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "Naprawdę próbować naprawić nagłówek urządzenia LUKS?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2007,7 +2045,7 @@ "\n" "Wymazywanie przerwane." -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2015,119 +2053,128 @@ "Czyszczenie urządzenia w celu zainicjowania sumy kontrolnej integralności.\n" "Można przerwać ten proces wciskając Ctrl+C (reszta nie wymazanego urządzenia będzie zawierać błędną sumę kontrolną).\n" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Nie można dezaktywować urządzenia tymczasowego %s." -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "Opcja integralności może być używana tylko dla formatu LUKS2." -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "Nieobsługiwane opcje rozmiaru metadanych LUKS2." -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "Plik nagłówka nie istnieje, czy utworzyć go?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "Nie można utworzyć pliku nagłówka %s." -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Nie wykryto znanego wzorca określającego integralność." -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Nie można użyć %s jako nagłówka na dysku." -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "To nieodwołalnie nadpisze dane na %s." -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Nie udało się ustawić parametrów PBKDF." -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Offset zmniejszonych danych jest dozwolony tylko dla odłączonego nagłówka LUKS." -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "Kontener plikowy LUKS %s jest zbyt mały do uaktywnienia, nie ma miejsca pozostałego na dane." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Nie można określić rozmiaru klucza wolumenu dla LUKS bez kluczy, proszę użyć opcji --key-size." -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "Urządzenie uaktywnione, ale nie można uczynić flag trwałymi." -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Klucz %d jest wybrany do usunięcia." -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "To jest ostatni klucz. Urządzenie stanie się bezużyteczne po usunięciu tego klucza." -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "Dowolne pozostałe hasło: " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Operacja przerwana, klucz NIE został wymazany.\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "Hasło do usunięcia: " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Urządzenie %s nie jest prawidłowym urządzeniem LUKS2." -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "Nowe hasło dla klucza: " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "UWAGA: Parametr --key-slot jest używany do numeru nowego klucza.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Dowolne istniejące hasło: " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "Hasło, które ma być zmienione: " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Nowe hasło: " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "Hasło dla klucza do konwersji: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "Dla operacji isLuks obsługiwany jest tylko jeden argument będący urządzeniem." -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Miejsce %d nie zawiera niepowiązanego klucza." -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2136,40 +2183,40 @@ "Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" "w bezpiecznym miejscu." -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "%s nie jest nazwą aktywnego urządzenia %s." -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s nie jest nazwą aktywnego urządzenia LUKS lub brak nagłówka." -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "Wymagana jest opcja --header-backup-file." -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s nie jest urządzeniem zarządzanym przez cryptsetup." -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Odświeżanie nie jest obsługiwane dla typu urządzenia %s" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Nie rozpoznany typ urządzenia metadanych %s." -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "Polecenie wymaga urządzenia i nazwy odwzorowywanej jako argumentów." -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2178,325 +2225,351 @@ "Ta operacja usunię wszystkie klucze na urządzeniu %s.\n" "Urządzenie po tej operacji stanie się bezużyteczne." -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Operacja przerwana, klucze NIE zostały wymazane.\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Błędny typ LUKS, obsługiwane są tylko luks1 i luks2." -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "Urządzenie już ma typ %s." -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Ta operacja przekonwertuje %s do formatu %s.\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "Operacja przerwana, urządzenie NIE zostało skonwertowane.\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "Brak opcji --priority, --label lub --subsystem." -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "Token %d jest błędny." -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "Token %d jest w użyciu." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Nie udało się dodać tokenu %d do pęku kluczy luks2." -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Nie udało się przypisać tokenu %d do klucza %d." -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "Token %d nie jest w użyciu." -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "Nie udało się zaimportować tokenu z pliku." -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "Nie udało się pobrać tokenu %d do eksportu." -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Token %d nie jest przypisany do klucza %d." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "Nie udało się usunąć przypisania tokenu %d do klucza %d." + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Opcje --tcrypt-hidden, --tcrypt-system i --tcrypt-backup są obsługiwane tylko dla urządzeń TCRYPT." -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Opcje --veracrypt i --disable-veracrypt są obsługiwane tylko dla typu urządzeń TCRYPT." -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Opcja --veracrypt-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem." -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Opcja --veracrypt-query-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem." -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Opcje --veracrypt-pim i --veracrypt-query-pim wykluczają się wzajemnie." -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Opcja --persistent nie jest dozwolona z --test-passphrase." -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Opcje --refresh i --test-passphrase wykluczają się wzajemnie." -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "Opcja --shared jest dozwolona tylko dla operacji otwarcia zwykłego urządzenia." -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Opcja --skip jest obsługiwana tylko przy otwieraniu urządzeń plain i loopaes." -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Opcja --offset z akcją open jest obsługiwana tylko dla urządzeń plain i loopaes." -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Opcji --tcrypt-hidden nie można łączyć z --allow-discards." -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "Opcja rozmiaru sektora z akcją open jest obsługiwana tylko dla urządzeń plain." -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Opcja dużych rozmiarów sektorów IV jest obsługiwana tylko przy otwieraniu urządzeń typu plain z sektorem większym niż 512 bajtów." -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Opcja --test-passphrase jest dozwolona tylko przy otwieraniu urządzeń LUKS, TRCYPT i BITLK." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "Opcja --test-passphrase jest dozwolona tylko przy otwieraniu urządzeń LUKS, TRCYPT, BITLK i FVAULT2." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "Opcji --device-size i --size nie można łączyć." -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "Opcja --unbound jest dozwolona tylko dla operacji otwarcia urządzenia LUKS." -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Opcja --unbound nie może być użyta bez --test-passphrase." -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Opcje --cancel-deferred i --deferred nie mogą być użyte naraz." -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "Opcji --reduce-device-size i --data-size nie można łączyć." -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Opcja --active-name może być ustawiona tylko dla urządzenia LUKS2." -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Opcji --active-name i --force-offline-reencrypt nie można łączyć." -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "Wymagane jest określenie klucza." -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "Opcji --align-payload i --offset nie można łączyć." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Opcja --integrity-no-wipe może być użyta tylko do akcji formatowania z rozszerzeniem integralności." -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "Dozwolona jest tylko jedna z opcji --use-[u]random." -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "Przy opcji --unbound wymagany jest rozmiar klucza." -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "Błędna akcja token." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "Parametr --key-description jest wymagany do akcji dodania tokenu." -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "Akcja wymaga określonego tokenu. Należy użyć parametru --token-id." -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "Opcja --unbound jest dozwolona tylko dla operacji dodania tokenu." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Opcji --key-slot i --unbound nie można łączyć." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "Akcja wymaga określonego klucza. Należy użyć parametru --key-slot." + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr " [--type ] []" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "otwarcie urządzenia jako " -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "zamknięcie urządzenia (usunięcie odwzorowania)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "zmiana rozmiaru aktywnego urządzenia" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "pokazanie stanu urządzenia" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "[--cipher ]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "test szybkości szyfru" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "próba naprawy metadanych na dysku" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "ponowne szyfrowanie urządzenia LUKS2" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "usunięcie wszystkich kluczy (usunięcie klucza szyfrującego)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "przekonwertowanie formatu LUKS z/do LUKS2" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "ustawienie opcji trwałej konfiguracji dla LUKS2" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr " []" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "sformatowanie urządzenia LUKS" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "dodanie klucza do urządzenia LUKS" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr " []" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "usunięcie podanego klucza lub pliku klucza z urządzenia LUKS" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "zmiana podanego klucza lub pliku klucza urządzenia LUKS" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "konwersja klucza na nowe parametry pbkdf" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr " " -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "wymazanie klucza o numerze z urządzenia LUKS" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "wypisanie UUID-a urządzenia LUKS" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "sprawdzenie pod kątem nagłówka partycji LUKS" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "zrzut informacji o partycji LUKS" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "zrzut informacji o urządzeniu TCRYPT" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "zrzut informacji o urządzeniu BITLK" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "zrzut informacji o urządzeniu FVAULT2" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Wstrzymanie urządzenia LUKS i wymazanie klucza (zamraża wszystkie operacje we/wy)" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "Wznowienie zatrzymanego urządzenia LUKS" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "Kopia zapasowa nagłówka i kluczy urządzenia LUKS" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "Odtworzenie nagłówka i kluczy urządzenia LUKS z kopii zapasowej" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr " " -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "Operacja na tokenach LUKS2" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2504,19 +2577,19 @@ "\n" " to jedno z:\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "Można także używać starych aliasów składni :\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2531,7 +2604,7 @@ " to numer klucza LUKS do zmiany\n" " to opcjonalny plik nowego klucza dla akcji luksAddKey\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2540,7 +2613,7 @@ "\n" "Domyślny wkompilowany format metadanych to %s (dla akcji luksFormat).\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2549,20 +2622,20 @@ "\n" "Obsługa zewnętrznych wtyczek tokenów LUKS2 jest %s.\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "wkompilowana" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Ścieżka zewnętrznych wtyczek tokenów LUKS2: %s.\n" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "wyłączona" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2579,7 +2652,7 @@ "Domyślny PBKDF dla LUKS2: %s\n" "\tCzas iteracji: %d, wymagana pamięć: %dkB, liczba wątków: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2594,96 +2667,96 @@ "\tplain: %s, bitów klucza: %d, skrót hasła: %s\n" "\tLUKS: %s, bitów klucza: %d, skrót nagłówka LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: Domyślny rozmiar klucza z trybem XTS (dwa klucze wewnętrzne) będzie podwojony.\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: wymaga %s jako argumentów" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Numer klucza jest nieprawidłowy." -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "Rozmiar urządzenia musi być wielokrotnością 512-bajtowego sektora." -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "Błędne określenie maksymalnego rozmiaru strefy hotzone ponownego szyfrowania." -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "Rozmiar klucza musi być wielokrotnością 8 bitów" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "Maksymalna wartość ograniczenia rozmiaru urządzenia to 1GiB." -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Rozmiar ograniczenia musi być wielokrotnością 512-bajtowego sektora." -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Opcja --priority może mieć wartości tylko ignore/normal/prefer." -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "Wyświetlenie tego opisu" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Wyświetlenie krótkiej informacji o składni" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "Wypisanie wersji pakietu" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "Opcje pomocnicze:" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[OPCJA...] " -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "Brak argumentu ." -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "Nieznana akcja." -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Opcja --key-file ma priorytet nad podanym argumentem pliku klucza." -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "Dozwolony jest tylko jeden argument --key-file." -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Funkcja pochodna klucza oparta na haśle (PBKDF) może być tylko pbkdf2 lub argon2i/argon2id." -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Wymuszonych iteracji PBKDF nie można łączyć z opcją czasu iteracji." -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Opcje --keyslot-cipher i --keyslot-key-size muszą być użyte łącznie." -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Nie wykonano akcji. Wywołano z opcją --test-args.\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "Nie można wyłączyć blokowania metadanych." @@ -2711,72 +2784,72 @@ msgid "Cannot write to root hash file %s." msgstr "Nie można zapisać pliku głównego hasza %s." -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "Urządzenie %s nie jest prawidłowym urządzeniem VERITY." -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "Nie można odczytać pliku głównego hasza %s." -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "Błędny plik głównego hasza %s." -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "Podano błędny łańcuch głównego hasza." -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "Błędny plik podpisu %s." -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "Nie można odczytać pliku klucza %s." -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "Polecenie wymaga lub opcji --root-hash-file jako argumentu." -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr " " -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "sformatowanie urządzenia" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr " []" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "weryfikacja urządzenia" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr " []" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "pokazanie stanu aktywnego urządzenia" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "wyświetlenie informacji z dysku" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2791,7 +2864,7 @@ " to urządzenie zawierające dane weryfikacyjne\n" " to hasz głównego węzła na \n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2802,11 +2875,11 @@ "Domyślnie wkompilowane parametry dm-verity:\n" "\tHasz: %s, blok danych (bajtów): %u, blok haszy (bajtów): %u, rozmiar zarodka: %u, format haszy: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Opcji --ignore-corruption oraz --restart-on-corruption nie można użyć naraz." -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Opcji --panic-on-corruption oraz --restart-on-corruption nie można użyć naraz." @@ -3110,37 +3183,37 @@ msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Sprawdzenie jakości hasła nie powiodło się: błędne hasło (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:232 src/utils_password.c:246 msgid "Error reading passphrase from terminal." msgstr "Błąd podczas odczytu hasła z terminala." -#: src/utils_password.c:243 +#: src/utils_password.c:244 msgid "Verify passphrase: " msgstr "Weryfikacja hasła: " -#: src/utils_password.c:250 +#: src/utils_password.c:251 msgid "Passphrases do not match." msgstr "Hasła nie zgadzają się." -#: src/utils_password.c:288 +#: src/utils_password.c:289 msgid "Cannot use offset with terminal input." msgstr "Nie można użyć offsetu, jeśli wejściem jest terminal." -#: src/utils_password.c:292 +#: src/utils_password.c:293 #, c-format msgid "Enter passphrase: " msgstr "Hasło: " -#: src/utils_password.c:295 +#: src/utils_password.c:296 #, c-format msgid "Enter passphrase for %s: " msgstr "Hasło dla %s: " -#: src/utils_password.c:329 +#: src/utils_password.c:330 msgid "No key available with this passphrase." msgstr "Dla tego hasła nie ma dostępnego klucza." -#: src/utils_password.c:331 +#: src/utils_password.c:332 msgid "No usable keyslot is available." msgstr "Brak dostępnego miejsca na klucz." @@ -3215,41 +3288,50 @@ "Aby uruchomić ponowne szyfrowanie w trybie online, należy użyć parametru\n" "--active-name.\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Urządzenie %s nie jest urządzeniem blokowym. Nie można wykryć, czy jest aktywne.\n" +"Można użyć --force-offline-reencrypt aby obejść to sprawdzenie i uruchomić w trybie offline (niebezpieczne!)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Nie można użyć żądanej opcji --resilience do obecnej operacji ponownego szyfrowania." + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "Urządzenie nie jest w trybie szyfrowania LUKS2. Konflikt opcji --encrypt." -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "Urządzenie nie jest w trybie odszyfrowywania LUKS2. Konflikt opcji --decrypt." -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "Urządzenie jest w trybie ponownego szyfrowania z użyciem odporności przesunięcia danych. Nie można użyć żądanej opcji --resilience." -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "Nie można użyć żądanej opcji --resilience do obecnej operacji ponownego szyfrowania." - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "Urządzenie wymaga odtwarzania ponownego szyfrowania. Najpierw należy uruchomić naprawę." -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Urządzenie %s jest już w trybie ponownego szyfrowania LUKS2. Czy wznowić uprzednio zainicjowaną operację?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Stara wersja ponownego szyfrowania LUKS2 nie jest już obsługiwana." -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "Ponowne szyfrowanie urządzenia z profilem integralności nie jest obsługiwane." -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size % is incompatible with %s superblock\n" @@ -3258,98 +3340,103 @@ "Żądany --sector-size % jest niezgodny z superblokiem %s\n" "(rozmiar bloku: % B), wykrytym na urządzeniu %s." -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:494 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Szyfrowanie bez odłączonego nagłówka (--header) jest niemożliwe bez ograniczenia rozmiaru urządzenia danych (--reduce-device-size)." -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:500 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Żądany offset danych musi być mniejszy lub równy połowie parametru --reduce-device-size." -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:510 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" msgstr "Modyfikowanie wartości --reduce-device-size do dwukrotności parametru --offset % (w sektorach).\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:540 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Plik nagłówka %s już istnieje. Przerwano." -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:542 src/utils_reencrypt.c:549 #, c-format msgid "Cannot create temporary header file %s." msgstr "Nie można utworzyć pliku tymczasowego nagłówka %s." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:574 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Rozmiar metadanych LUKS2 jest większy niż wartość przesunięcia danych." -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:611 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Nie udało się umieścić nowego nagłówka na początku urządzenia %s." -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:621 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s jest teraz aktywne i gotowe do szyfrowania w locie.\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:657 #, c-format msgid "Active device %s is not LUKS2." msgstr "Aktywne urządzenie %s nie jest urządzeniem LUKS2." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:685 msgid "Restoring original LUKS2 header." msgstr "Odtwarzanie oryginalnego nagłówka LUKS2." -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:693 msgid "Original LUKS2 header restore failed." msgstr "Odtwarzanie oryginalnego nagłówka LUKS2 nie powiodło się." -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:719 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Plik nagłówka %s nie istnieje. Czy zainicjować odszyfrowywanie LUKS2 urządzenia %s i eksport nagłówka LUKS2 do pliku %s?" + +#: src/utils_reencrypt.c:767 msgid "Failed to add read/write permissions to exported header file." msgstr "Nie udało się dodać uprawnień odczytu/zapisu do pliku wyeksportowanego nagłówka." -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:820 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Inicjowanie ponownego szyfrowania nie powiodło się. Kopia zapasowa nagłówka jest dostępna w %s." -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:848 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Odszyfrowanie LUKS2 jest obsługiwane tylko z urządzeniem z odłączonym nagłówkiem (z offsetem danych ustawionym na 0)." -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:983 src/utils_reencrypt.c:992 msgid "Not enough free keyslots for reencryption." msgstr "Za mało wolnych kluczy do ponownego szyfrowania." -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1013 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Rozmiaru klucza można użyć tylko z --key-slot albo przy dokładnie jednym aktywnym kluczu." -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1022 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Hasło dla klucza %d: " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1034 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Hasło dla klucza %u: " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1086 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Zmiana szyfru do szyfrowania danych na %s.\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1140 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Nie zmieniono parametrów segmentu danych. Ponowne szyfrowanie przerwane." -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1242 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3357,7 +3444,7 @@ "Zwiększanie rozmiaru sektora szyfrowania na urządzeniu offline nie jest obsługiwane.\n" "Należy najpierw uaktywnić urządzenie lub użyć opcji --force-offline-reencrypt (niebezpieczna!)." -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1282 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3366,58 +3453,58 @@ "\n" "Ponowne szyfrowanie przerwane." -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1287 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Wznawianie ponownego szyfrowania LUKS w wymuszonym trybie offline.\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1304 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Urządzenie %s zawiera uszkodzone metadane LUKS. Przerwano operację." -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1320 src/utils_reencrypt.c:1342 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Urządzenie %s jest już urządzeniem LUKS. Przerwano operację." -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1348 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Urządzenie %s jest już w trybie ponownego szyfrowania LUKS. Przerwano operację." -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1421 msgid "LUKS2 decryption requires --header option." msgstr "Odszyfrowanie LUKS2 wymaga opcji --header." -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1469 msgid "Command requires device as argument." msgstr "Polecenie wymaga urządzenia jako argumentu." -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1482 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Konflikt wersji. Urządzenie %s jest urządzeniem LUKS1." -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1488 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Konflikt wersji. Urządzenie %s jest w trybie ponownego szyfrowania LUKS1." -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1494 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Konflikt wersji. Urządzenie %s jest urządzeniem LUKS2." -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1500 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Konflikt wersji. Urządzenie %s jest w trybie ponownego szyfrowania LUKS2." -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1506 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane. Przerywanie operacji." -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1513 msgid "Device reencryption not in progress." msgstr "Ponowne szyfrowanie urządzenia nie jest w toku." @@ -3522,28 +3609,28 @@ msgid "Provided UUID is invalid." msgstr "Dostarczony UUID jest nieprawidłowy." -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "Nie można otworzyć pliku logu ponownego szyfrowania." -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "Nie w trakcie odszyfrowywania; dostarczony UUID może być użyty tylko do wznowienia wstrzymanego procesu odszyfrowywania." -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Ponowne szyfrowanie zmieni: %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "klucz wolumenu" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr "hasz na " -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr ", szyfr na" diff -Nru cryptsetup-2.5.0/po/POTFILES.in cryptsetup-2.6.1/po/POTFILES.in --- cryptsetup-2.5.0/po/POTFILES.in 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/POTFILES.in 2023-02-09 16:12:17.000000000 +0000 @@ -6,7 +6,6 @@ lib/crypt_plain.c lib/utils_crypt.c lib/utils_loop.c -lib/utils_fips.c lib/utils_device.c lib/utils_devpath.c lib/utils_pbkdf.c @@ -23,6 +22,7 @@ lib/loopaes/loopaes.c lib/tcrypt/tcrypt.c lib/bitlk/bitlk.c +lib/fvault2/fvault2.c lib/verity/verity.c lib/verity/verity_hash.c lib/verity/verity_fec.c diff -Nru cryptsetup-2.5.0/po/ro.po cryptsetup-2.6.1/po/ro.po --- cryptsetup-2.5.0/po/ro.po 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/po/ro.po 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,3874 @@ +# Mesajele în limba română pentru pachetul cryptsetup. +# Copyright © 2023 Free Software Foundation, Inc. +# This file is put in the public domain. +# This file is distributed under the same license as the cryptsetup package. +# +# Remus-Gabriel Chelu , 2023. +# +# Cronologia traducerii fișierului „cryptsetup”: +# Traducerea inițială, făcută de R-GC, pentru versiunea cryptsetup 2.6.0-rc1. +# Actualizare a traducerii pentru versiunea 2.6.1-rc0, făcută de R-GC, ian-2023. +# Actualizare a traducerii pentru versiunea Y, făcută de X, Y(luna-anul). +# +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-02 10:02+0100\n" +"Last-Translator: Remus-Gabriel Chelu \n" +"Language-Team: Romanian \n" +"Language: ro\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || ((n%100) > 0 && (n%100) < 20)) ? 1 : 2);\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 3.2.2\n" + +#: lib/libdevmapper.c:419 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Nu se poate inițializa device-mapper, rulând ca utilizator non-root." + +#: lib/libdevmapper.c:422 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Nu se poate inițializa device-mapper. Este încărcat modulul nucleului, «dm_mod»?" + +#: lib/libdevmapper.c:1102 +msgid "Requested deferred flag is not supported." +msgstr "Fanionul de întârziere solicitat nu este acceptat." + +#: lib/libdevmapper.c:1171 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID pentru dispozitivul %s a fost trunchiat." + +#: lib/libdevmapper.c:1501 +msgid "Unknown dm target type." +msgstr "Tip de țintă dm necunoscut." + +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Opțiunile de performanță dm-crypt solicitate nu sunt acceptate." + +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Opțiunile de gestionare a corupției datelor dm-verity solicitate nu sunt acceptate." + +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "Opțiunea de tasklets dm-verity solicitată nu este acceptată." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Opțiunile FEC dm-verity solicitate nu sunt acceptate." + +#: lib/libdevmapper.c:1659 +msgid "Requested data integrity options are not supported." +msgstr "Opțiunile de integritate a datelor solicitate nu sunt acceptate." + +#: lib/libdevmapper.c:1663 +msgid "Requested sector_size option is not supported." +msgstr "Opțiunea sector_size solicitată nu este acceptată." + +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Recalcularea automată a etichetelor de integritate solicitată nu este acceptată." + +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 +msgid "Discard/TRIM is not supported." +msgstr "Înlăturarea/Decuparea(TRIM) nu este acceptată." + +#: lib/libdevmapper.c:1688 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Modul de hartă de biți dm-integrity solicitat nu este acceptat." + +#: lib/libdevmapper.c:2724 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Nu s-a putut interoga segmentul dm-%s." + +#: lib/random.c:73 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" +"Sistemul este în afara entropiei în timp ce generează cheia de volum.\n" +"Mișcați mouse-ul sau tastați ceva text într-o altă fereastră pentru a genera și colecta câteva evenimente aleatorii.\n" + +#: lib/random.c:77 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "Se generează cheia (%d%% finalizată).\n" + +#: lib/random.c:163 +msgid "Running in FIPS mode." +msgstr "Rulează în modul FIPS." + +#: lib/random.c:169 +msgid "Fatal error during RNG initialisation." +msgstr "Eroare fatală în timpul inițializării generatorului de numere aleatorii(RNG)." + +#: lib/random.c:207 +msgid "Unknown RNG quality requested." +msgstr "Calitatea solicitată pentru generatorul de numere aleatoare(RNG) este necunoscută." + +#: lib/random.c:212 +msgid "Error reading from RNG." +msgstr "Eroare la citirea din generatorul de numere aleatorii(RNG)." + +#: lib/setup.c:231 +msgid "Cannot initialize crypto RNG backend." +msgstr "Nu s-a putut inițializa utilitarul de criptare al generatorului de numere aleatorii(RNG)." + +#: lib/setup.c:237 +msgid "Cannot initialize crypto backend." +msgstr "Nu s-a putut inițializa utilitarul de criptare ." + +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Algoritmul sumei de control %s nu este acceptat." + +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Eroare de procesare a cheii (folosind suma de control %s)." + +#: lib/setup.c:342 lib/setup.c:369 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Nu se poate determina tipul de dispozitiv. Activare a dispozitivului incompatibilă?" + +#: lib/setup.c:348 lib/setup.c:3320 +msgid "This operation is supported only for LUKS device." +msgstr "Această operație este acceptată doar pentru dispozitive LUKS." + +#: lib/setup.c:375 +msgid "This operation is supported only for LUKS2 device." +msgstr "Această operație este acceptată doar pentru dispozitive LUKS2." + +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +msgid "All key slots full." +msgstr "Toate sloturile pentru chei sunt ocupate." + +#: lib/setup.c:438 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Slotul de cheie %d este nu este valid, selectați între 0 și %d." + +#: lib/setup.c:444 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "Slotul pentru chei %d este ocupat, selectați altul." + +#: lib/setup.c:529 lib/setup.c:3042 +msgid "Device size is not aligned to device logical block size." +msgstr "Dimensiunea dispozitivului nu este aliniată la dimensiunea blocului logic al dispozitivului." + +#: lib/setup.c:627 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Antet detectat, dar dispozitivul %s este prea mic." + +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +msgid "This operation is not supported for this device type." +msgstr "Această operație nu este suportată pentru acest tip de dispozitiv." + +#: lib/setup.c:673 +msgid "Illegal operation with reencryption in-progress." +msgstr "Operație ilegală cu recriptare în curs." + +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "Nu s-au putut reîncărca metadatele LUKS2 în memorie." + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Dispozitivul %s nu este un dispozitiv LUKS valid." + +#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "Versiunea %d de LUKS nu este acceptată." + +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 +#, c-format +msgid "Device %s is not active." +msgstr "Dispozitivul %s nu este activ." + +#: lib/setup.c:1508 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "Dispozitivul subiacent pentru dispozitivul criptat %s a dispărut." + +#: lib/setup.c:1590 +msgid "Invalid plain crypt parameters." +msgstr "Parametrii de criptare simplă sunt incorecți." + +#: lib/setup.c:1595 lib/setup.c:2054 +msgid "Invalid key size." +msgstr "Dimensiunea cheii este nevalidă." + +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +msgid "UUID is not supported for this crypt type." +msgstr "UUID-ul nu este acceptat pentru acest tip de criptare." + +#: lib/setup.c:1605 lib/setup.c:2064 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Dispozitivul cu metadate detașate nu este acceptat pentru acest tip de criptare." + +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +msgid "Unsupported encryption sector size." +msgstr "Dimensiunea sectorului de criptare nu este acceptată." + +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +msgid "Device size is not aligned to requested sector size." +msgstr "Dimensiunea dispozitivului nu este aliniată la dimensiunea sectorului solicitată." + +#: lib/setup.c:1675 lib/setup.c:1799 +msgid "Can't format LUKS without device." +msgstr "Formatarea LUKS fără dispozitiv nu este posibilă." + +#: lib/setup.c:1681 lib/setup.c:1805 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Alinierea datelor solicitată nu este compatibilă cu poziția datelor." + +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Nu se poate șterge antetul pe dispozitivul %s." + +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Dispozitivul %s este prea mic pentru activare, nu a mai rămas spațiu pentru date.\n" + +#: lib/setup.c:1840 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "AVERTISMENT: Activarea dispozitivului va eșua, dm-crypt nu are suport pentru dimensiunea sectorului de criptare solicitată.\n" + +#: lib/setup.c:1863 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Cheia de volum este prea mică pentru criptare cu extensii de integritate." + +#: lib/setup.c:1923 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Cifrul %s-%s (dimensiunea cheii %zd biți) nu este disponibil." + +#: lib/setup.c:1949 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "AVERTISMENT: dimensiunea metadatelor LUKS2 s-a schimbat la % octeți.\n" + +#: lib/setup.c:1953 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "AVERTISMENT: dimensiunea zonei sloturilor de chei LUKS2 s-a schimbat la % octeți.\n" + +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#, c-format +msgid "Device %s is too small." +msgstr "Dispozitivul %s este prea mic." + +#: lib/setup.c:1990 lib/setup.c:2016 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Nu se poate formata dispozitivul %s, este în uz." + +#: lib/setup.c:1993 lib/setup.c:2019 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Nu se poate formata dispozitivul %s; permisiune refuzată." + +#: lib/setup.c:2005 lib/setup.c:2334 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Nu se poate formata integritatea pentru dispozitivul %s." + +#: lib/setup.c:2023 +#, c-format +msgid "Cannot format device %s." +msgstr "Nu se poate formata dispozitivul %s." + +#: lib/setup.c:2049 +msgid "Can't format LOOPAES without device." +msgstr "Nu se poate formata LOOPAES fără dispozitiv." + +#: lib/setup.c:2094 +msgid "Can't format VERITY without device." +msgstr "Nu se poate formata VERITY fără dispozitiv." + +#: lib/setup.c:2105 lib/verity/verity.c:101 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "Tip de sumă de control VERITY neacceptat %d." + +#: lib/setup.c:2111 lib/verity/verity.c:109 +msgid "Unsupported VERITY block size." +msgstr "Dimensiunea blocului VERITY nu este acceptată." + +#: lib/setup.c:2116 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Decalajul sumei de control VERITY nu este acceptat." + +#: lib/setup.c:2121 +msgid "Unsupported VERITY FEC offset." +msgstr "Decalajul FEC VERITY nu este acceptat." + +#: lib/setup.c:2145 +msgid "Data area overlaps with hash area." +msgstr "Zona de date se suprapune cu zona de sume de control." + +#: lib/setup.c:2170 +msgid "Hash area overlaps with FEC area." +msgstr "Zona sumelor de control se suprapune cu zona FEC." + +#: lib/setup.c:2177 +msgid "Data area overlaps with FEC area." +msgstr "Zona de date se suprapune cu zona FEC." + +#: lib/setup.c:2313 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "AVERTISMENT: Dimensiunea solicitată a etichetei %d octeți diferă de dimensiunea %s de ieșire (%d octeți).\n" + +#: lib/setup.c:2392 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "A fost solicitat un tip de dispozitiv de criptare necunoscut %s." + +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#, c-format +msgid "Unsupported parameters on device %s." +msgstr "Parametri neacceptați pentru dispozitivul %s." + +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Parametrii nepotriviți în dispozitivul %s." + +#: lib/setup.c:2822 +msgid "Crypt devices mismatch." +msgstr "Dispozitivele de criptare nu se potrivesc." + +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#, c-format +msgid "Failed to reload device %s." +msgstr "Nu s-a putut reîncărca dispozitivul %s." + +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#, c-format +msgid "Failed to suspend device %s." +msgstr "Nu s-a putut suspenda dispozitivul %s." + +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 +#, c-format +msgid "Failed to resume device %s." +msgstr "Nu s-a putut reîncărca dispozitivul %s." + +#: lib/setup.c:2897 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Eroare fatală la reîncărcarea dispozitivului %s (în partea superioară a dispozitivului %s)." + +#: lib/setup.c:2900 lib/setup.c:2902 +#, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Nu s-a putut comuta dispozitivul %s la dm-error." + +#: lib/setup.c:2984 +msgid "Cannot resize loop device." +msgstr "Nu se poate redimensiona dispozitivul de buclă." + +#: lib/setup.c:3027 +msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" +msgstr "AVERTISMENT: Dimensiunea maximă a fost deja stabilită sau nucleul nu acceptă redimensionarea.\n" + +#: lib/setup.c:3088 +msgid "Resize failed, the kernel doesn't support it." +msgstr "Redimensionarea nu a reușit, nucleul nu acceptă redimensionarea." + +#: lib/setup.c:3120 +msgid "Do you really want to change UUID of device?" +msgstr "Chiar doriți să schimbați UUID-ul dispozitivului?" + +#: lib/setup.c:3212 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Fișierul de copie de rezervă pentru antet nu conține un antet LUKS compatibil." + +#: lib/setup.c:3328 +#, c-format +msgid "Volume %s is not active." +msgstr "Volumul %s nu este activ." + +#: lib/setup.c:3339 +#, c-format +msgid "Volume %s is already suspended." +msgstr "Volumul %s este deja suspendat." + +#: lib/setup.c:3352 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "Suspendarea nu este acceptată pentru dispozitivul %s." + +#: lib/setup.c:3354 +#, c-format +msgid "Error during suspending device %s." +msgstr "Eroare la suspendarea dispozitivului %s." + +#: lib/setup.c:3389 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "Reluarea activității nu este acceptată pentru dispozitivul %s." + +#: lib/setup.c:3391 +#, c-format +msgid "Error during resuming device %s." +msgstr "Eroare la reluarea activității dispozitivului %s." + +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 +#, c-format +msgid "Volume %s is not suspended." +msgstr "Volumul %s nu este suspendat." + +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 +msgid "Volume key does not match the volume." +msgstr "Cheia de volum nu se potrivește cu volumul." + +#: lib/setup.c:3737 +msgid "Failed to swap new key slot." +msgstr "Nu s-a putut efectua interschimbarea cu noul slot pentru cheie." + +#: lib/setup.c:3835 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Slotul de cheie %d nu este valid." + +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Slotul de cheie %d nu este activ." + +#: lib/setup.c:3860 +msgid "Device header overlaps with data area." +msgstr "Antetul dispozitivului se suprapune cu zona de date." + +#: lib/setup.c:4165 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Recriptare în curs. Nu se poate activa dispozitivul." + +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 +msgid "Failed to get reencryption lock." +msgstr "Nu s-a putut obține blocarea pentru recriptare." + +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +msgid "LUKS2 reencryption recovery failed." +msgstr "Recuperarea recriptării LUKS2 a eșuat." + +#: lib/setup.c:4352 lib/setup.c:4618 +msgid "Device type is not properly initialized." +msgstr "Tipul de dispozitiv nu este inițializat corect." + +#: lib/setup.c:4400 +#, c-format +msgid "Device %s already exists." +msgstr "Dispozitivul %s există deja." + +#: lib/setup.c:4407 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Nu se poate folosi dispozitivul %s, numele este nevalid sau este încă în uz." + +#: lib/setup.c:4527 +msgid "Incorrect volume key specified for plain device." +msgstr "Este specificată o cheie de volum incorectă pentru un dispozitiv cu criptare normală." + +#: lib/setup.c:4644 +msgid "Incorrect root hash specified for verity device." +msgstr "Sumă de control rădăcină incorectă specificată pentru dispozitivul verity." + +#: lib/setup.c:4654 +msgid "Root hash signature required." +msgstr "Este necesară semnătura de sumă de control rădăcină." + +#: lib/setup.c:4663 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Lipsește inelul de chei pentru nucleu: este necesar pentru transmiterea semnăturii către nucleu." + +#: lib/setup.c:4680 lib/setup.c:6423 +msgid "Failed to load key in kernel keyring." +msgstr "Nu s-a putut încărca cheia în inelul de chei al nucleului." + +#: lib/setup.c:4736 +#, c-format +msgid "Could not cancel deferred remove from device %s." +msgstr "Nu s-a putut anula eliminarea întârziată din dispozitivul %s." + +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: src/utils_reencrypt.c:116 +#, c-format +msgid "Device %s is still in use." +msgstr "Dispozitivul %s este încă în uz." + +#: lib/setup.c:4768 +#, c-format +msgid "Invalid device %s." +msgstr "Dispozitiv nevalid %s." + +#: lib/setup.c:4908 +msgid "Volume key buffer too small." +msgstr "Memoria tampon a cheii de volum este prea mică." + +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Nu se poate recupera cheia de volum pentru dispozitivul LUKS2." + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Nu se poate recupera cheia de volum pentru dispozitivul LUKS1." + +#: lib/setup.c:4944 +msgid "Cannot retrieve volume key for plain device." +msgstr "Nu se poate recupera tasta de volum pentru dispozitivul normal." + +#: lib/setup.c:4952 +msgid "Cannot retrieve root hash for verity device." +msgstr "Nu se poate recupera suma de control rădăcină pentru dispozitivul verity." + +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Nu se poate recupera cheia de volum pentru dispozitivul BITLK." + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Nu se poate recupera cheia de volum pentru dispozitivul FVAULT2." + +#: lib/setup.c:4966 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Această operație nu este acceptată pentru dispozitivul criptat %s." + +#: lib/setup.c:5147 lib/setup.c:5158 +msgid "Dump operation is not supported for this device type." +msgstr "Operația de descărcare nu este acceptată pentru acest tip de dispozitiv." + +#: lib/setup.c:5500 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "Decalajul datelor nu este multiplu de %u octeți." + +#: lib/setup.c:5788 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Nu se poate converti dispozitivul %s care este încă în uz." + +#: lib/setup.c:6098 lib/setup.c:6237 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Nu s-a putut atribui slotul %u ca nouă cheie de volum." + +#: lib/setup.c:6122 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Nu s-au putut inițializa parametrii impliciți pentru slotul de cheie LUKS2." + +#: lib/setup.c:6128 +#, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Nu s-a putut aloca slotul de cheie %d pentru a digera." + +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Nu se poate adăuga slotul pentru cheie, toate sloturile sunt dezactivate și nu este furnizată nicio cheie pentru volum." + +#: lib/setup.c:6490 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Inelul de chei pentru nucleu nu este acceptat de nucleu actual." + +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Nu s-a putut citi expresia de acces din inelul de chei (eroarea %d)." + +#: lib/setup.c:6523 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Nu s-a putut obține blocarea de serializare a accesului la memoria-hardwarw globală." + +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +msgid "Failed to open key file." +msgstr "Nu s-a putut deschide fișierul cheii." + +#: lib/utils.c:163 +msgid "Cannot read keyfile from a terminal." +msgstr "Nu se poate citi fișierul de cheie de la un terminal." + +#: lib/utils.c:179 +msgid "Failed to stat key file." +msgstr "Nu s-a putut obține starea fișierului de cheie." + +#: lib/utils.c:187 lib/utils.c:208 +msgid "Cannot seek to requested keyfile offset." +msgstr "Nu se poate căuta poziția fișierului de cheie solicitat." + +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 +msgid "Out of memory while reading passphrase." +msgstr "Memoria epuizată în timpul citirii frazei de acces." + +#: lib/utils.c:237 +msgid "Error reading passphrase." +msgstr "Eroare la citirea frazei de acces." + +#: lib/utils.c:254 +msgid "Nothing to read on input." +msgstr "Nimic de citit la intrare." + +#: lib/utils.c:261 +msgid "Maximum keyfile size exceeded." +msgstr "Dimensiunea maximă a fișierului de cheie a fost depășită." + +#: lib/utils.c:266 +msgid "Cannot read requested amount of data." +msgstr "Nu se poate citi cantitatea de date solicitată." + +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "Dispozitivul %s nu există sau accesul a fost refuzat." + +#: lib/utils_device.c:217 +#, c-format +msgid "Device %s is not compatible." +msgstr "Dispozitivul %s nu este compatibil." + +#: lib/utils_device.c:561 +#, c-format +msgid "Ignoring bogus optimal-io size for data device (%u bytes)." +msgstr "Se ignoră dimensiunea optimă de transfer de date falsă pentru dispozitivul de date (%u octeți)." + +#: lib/utils_device.c:722 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Dispozitivul %s este prea mic. Aveți nevoie de cel puțin % octeți." + +#: lib/utils_device.c:803 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Nu se poate utiliza dispozitivul %s care este în uz (deja cartografiat sau montat)." + +#: lib/utils_device.c:807 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Nu se poate utiliza dispozitivul %s, permisiune refuzată." + +#: lib/utils_device.c:810 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Nu se pot obține informații despre dispozitivul %s." + +#: lib/utils_device.c:833 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Nu se poate utiliza un dispozitiv loopback, deoarece programul nu rulează cu privilegii de root." + +#: lib/utils_device.c:844 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Atașarea dispozitivului de loopback a eșuat (este necesar un dispozitiv de buclă cu fanion de ștergere automată)." + +#: lib/utils_device.c:892 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Decalajul solicitat depășește dimensiunea reală a dispozitivului %s." + +#: lib/utils_device.c:900 +#, c-format +msgid "Device %s has zero size." +msgstr "Dispozitivul %s are dimensiune zero." + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Ora specificată pentru PBKDF nu poate fi zero." + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Tip PBKDF necunoscut %s." + +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Suma de control solicitată %s nu este acceptată." + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Tipul PBKDF solicitat nu este acceptat pentru LUKS1." + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Memoria maximă PBKDF sau firele de execuție paralele nu trebuie definite cu pbkdf2." + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Numărul de iterații forțate este prea mic pentru %s (minimul este %u)." + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Costul memoriei forțate este prea mic pentru %s (minimul este de %u kiloocteți)." + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Costul maxim de memorie PBKDF solicitat este prea mare (maximul este de %d kiloocteți)." + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Memoria PBKDF maximă solicitată nu poate fi zero." + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Firele paralele de execuție PBKDF solicitate nu pot fi zero." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "Doar PBKDF2 este acceptat în modul FIPS." + +#: lib/utils_benchmark.c:175 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Testarea PBKDF este dezactivată, dar numărul de iterații nu este definit." + +#: lib/utils_benchmark.c:194 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Opțiuni PBKDF2 incompatibile (folosind algoritmul de sumă de control %s)." + +#: lib/utils_benchmark.c:214 +msgid "Not compatible PBKDF options." +msgstr "Opțiuni PBKDF2 incompatibile." + +#: lib/utils_device_locking.c:101 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Blocarea a fost anulată. Calea de blocare %s/%s este inutilizabilă (nu este un director sau lipsește)." + +#: lib/utils_device_locking.c:118 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Blocarea a fost anulată. Calea de blocare %s/%s este inutilizabilă (%s nu este un director)." + +#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: src/utils_reencrypt_luks1.c:832 +msgid "Cannot seek to device offset." +msgstr "Nu se poate căuta la poziția dispozitivului." + +#: lib/utils_wipe.c:247 +#, c-format +msgid "Device wipe error, offset %." +msgstr "Eroare de ștergere a dispozitivului, decalaj %." + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Nu s-a putut configura asocierea cheii dm-crypt la dispozitivul %s.\n" +"Verificați dacă nucleul acceptă cifrul %s (verificați syslog pentru mai multe informații)." + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Dimensiunea cheii în modul XTS trebuie să fie de 256 sau 512 biți." + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Specificațiile de cifrare ar trebui să fie în formatul [cifrarea]-[mod]-[iv]." + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Nu se poate scrie în dispozitivul %s, permisiune refuzată." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Nu s-a putut deschide dispozitivul pentru stocarea temporară a cheilor." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Nu s-a putut accesa dispozitivul pentru stocarea temporară a cheilor." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +msgid "IO error while encrypting keyslot." +msgstr "Eroare de In/Ieș în timpul criptării slotului de cheie." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 +#, c-format +msgid "Cannot open device %s." +msgstr "Nu s-a putut deschide dispozitivul %s." + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 +msgid "IO error while decrypting keyslot." +msgstr "Eroare de In/Ieș la decriptarea slotului de cheie." + +#: lib/luks1/keymanage.c:130 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Dispozitivul %s este prea mic. (LUKS1 necesită cel puțin % octeți.)" + +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159 +#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182 +#: lib/luks1/keymanage.c:194 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "Slotul de cheie LUKS %u nu este valid." + +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "Fișierul de copie de rezervă pentru antetul solicitat %s există deja." + +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "Nu se poate crea fișierul de copie de rezervă al antetului %s." + +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "Nu se poate scrie fișierul de copie de rezervă al antetului %s." + +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +msgid "Backup file does not contain valid LUKS header." +msgstr "Fișierul de copie de rezervă nu conține antet LUKS valid." + +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "Nu se poate deschide fișierul de copie de rezervă al antetului %s." + +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "Nu se poate citi fișierul de copie de rezervă al antetului %s." + +#: lib/luks1/keymanage.c:339 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Poziția datelor sau dimensiunea cheii diferă între dispozitiv și copia de rezervă, restaurarea a eșuat." + +#: lib/luks1/keymanage.c:347 +#, c-format +msgid "Device %s %s%s" +msgstr "Dispozitiv %s %s%s" + +#: lib/luks1/keymanage.c:348 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "nu conține antetul LUKS. Înlocuirea antetului poate distruge datele de pe acest dispozitiv." + +#: lib/luks1/keymanage.c:349 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "conține deja antetul LUKS. Înlocuirea antetului va distruge sloturile de chei existente." + +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"AVERTISMENT: antetul dispozitivului real are un UUID diferit de cel al copiei de rezervă!" + +#: lib/luks1/keymanage.c:398 +msgid "Non standard key size, manual repair required." +msgstr "Dimensiunea cheii nu este standard, este necesară repararea manuală." + +#: lib/luks1/keymanage.c:408 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Alinierea sloturilor pentru chei nu este standard , este necesară repararea manuală." + +#: lib/luks1/keymanage.c:417 +#, c-format +msgid "Cipher mode repaired (%s -> %s)." +msgstr "Modul de cifrare reparat (%s -> %s)." + +#: lib/luks1/keymanage.c:428 +#, c-format +msgid "Cipher hash repaired to lowercase (%s)." +msgstr "Cifrul sumei de control(hash) reparat la minuscule (%s)." + +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "Suma de control(hash) LUKS solicitată %s nu este acceptată." + +#: lib/luks1/keymanage.c:444 +msgid "Repairing keyslots." +msgstr "Se repară sloturile pentru chei." + +#: lib/luks1/keymanage.c:463 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Slotul de cheie %i: poziție reparată (%u -> %u)." + +#: lib/luks1/keymanage.c:471 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Slotul de cheie %i: benzi reparate (%u -> %u)." + +#: lib/luks1/keymanage.c:480 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "Slotul de cheie %i: semnătură falsă a partiției." + +#: lib/luks1/keymanage.c:485 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "Slotul de cheie %i: «salt» șters." + +#: lib/luks1/keymanage.c:502 +msgid "Writing LUKS header to disk." +msgstr "Se scrie antetul LUKS pe disc." + +#: lib/luks1/keymanage.c:507 +msgid "Repair failed." +msgstr "Repararea a eșuat." + +#: lib/luks1/keymanage.c:562 +#, c-format +msgid "LUKS cipher mode %s is invalid." +msgstr "Modul de cifrare LUKS %s este nevalid." + +#: lib/luks1/keymanage.c:567 +#, c-format +msgid "LUKS hash %s is invalid." +msgstr "Suma de control(hash) LUKS %s nu este validă." + +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +msgid "No known problems detected for LUKS header." +msgstr "Nu s-a detectat nicio problemă cunoscută pentru antetul LUKS." + +#: lib/luks1/keymanage.c:702 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "Eroare în timpul actualizării antetului LUKS pe dispozitivul %s." + +#: lib/luks1/keymanage.c:710 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Eroare la recitirea antetului LUKS după actualizare pe dispozitivul %s." + +#: lib/luks1/keymanage.c:786 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Decalajul datelor pentru antetul LUKS trebuie să fie 0 sau mai mare decât dimensiunea antetului." + +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 +msgid "Wrong LUKS UUID format provided." +msgstr "Formatul UUID LUKS furnizat este greșit." + +#: lib/luks1/keymanage.c:819 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Nu se poate crea antetul LUKS: citirea datelor «salt» aleatoare a eșuat." + +#: lib/luks1/keymanage.c:845 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Nu se poate crea antetul LUKS: calcularea sumei de control a antetului a eșuat (folosind suma de control(hash) %s)." + +#: lib/luks1/keymanage.c:889 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "Slot de cheie %d activ, curățați mai întâi." + +#: lib/luks1/keymanage.c:895 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Materialul de la slotul de cheie %d nu are suficiente benzi. Antetul a fost manipulat?" + +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Depășire a valorii de iterație a PBKDF2." + +#: lib/luks1/keymanage.c:1040 +#, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Nu se poate deschide slotul de cheie (folosind suma de control(hash) %s)." + +#: lib/luks1/keymanage.c:1118 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Slotul de cheie %d nu este valid, selectați slotul de cheie între 0 și %d." + +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#, c-format +msgid "Cannot wipe device %s." +msgstr "Nu se poate șterge dispozitivul %s." + +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Fișierul cheie criptat GPG, detectat, nu este încă acceptat." + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "Utilizați «gpg --decrypt » | «cryptsetup --keyfile=-...»\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "S-a detectat un fișier de cheie loop-AES incompatibil." + +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Nucleul nu acceptă asocierea compatibilă cu bucla loop-AES." + +#: lib/tcrypt/tcrypt.c:508 +#, c-format +msgid "Error reading keyfile %s." +msgstr "Eroare la citirea fișierului de cheie %s." + +#: lib/tcrypt/tcrypt.c:558 +#, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Lungimea maximă a frazei de acces TCRYPT (%zu) a fost depășită." + +#: lib/tcrypt/tcrypt.c:600 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "Algoritmul sumei de control(hash) PBKDF2 %s nu este disponibil, se omite." + +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +msgid "Required kernel crypto interface not available." +msgstr "Interfața necesară de criptare a nucleului nu este disponibilă." + +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Asigurați-vă că aveți modulul nucleului «algif_skcipher», încărcat." + +#: lib/tcrypt/tcrypt.c:762 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "Activarea nu este acceptată pentru dimensiunea sectorului de %d." + +#: lib/tcrypt/tcrypt.c:768 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Nucleul nu acceptă activarea pentru acest mod vechi TCRYPT." + +#: lib/tcrypt/tcrypt.c:799 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Se activează criptarea sistemului TCRYPT pentru partiția %s." + +#: lib/tcrypt/tcrypt.c:882 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Nucleul nu acceptă asocierea compatibilă cu TCRYPT." + +#: lib/tcrypt/tcrypt.c:1095 +msgid "This function is not supported without TCRYPT header load." +msgstr "Această funcție nu este acceptată fără încărcarea antetului TCRYPT." + +#: lib/bitlk/bitlk.c:278 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Tip neașteptat de intrare de metadate „%u” găsit la analizarea cheii master de volum acceptate." + +#: lib/bitlk/bitlk.c:337 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "S-a găsit șir nevalid la analizarea cheii master de volum." + +#: lib/bitlk/bitlk.c:341 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Șir neașteptat („%s”) găsit la analizarea cheii master de volum acceptate." + +#: lib/bitlk/bitlk.c:358 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "Valoare neașteptată a intrării de metadate „%u” a fost găsită la analizarea cheii master de volum acceptate." + +#: lib/bitlk/bitlk.c:460 +msgid "BITLK version 1 is currently not supported." +msgstr "Versiunea 1 BITLK nu este acceptată în prezent." + +#: lib/bitlk/bitlk.c:466 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Semnătură de pornire nevalidă sau necunoscută pentru dispozitivul BITLK." + +#: lib/bitlk/bitlk.c:478 +#, c-format +msgid "Unsupported sector size %." +msgstr "Dimensiunea sectorului neacceptată, %." + +#: lib/bitlk/bitlk.c:486 +#, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Nu s-a putut citi antetul BITLK de la %s." + +#: lib/bitlk/bitlk.c:511 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Nu s-au putut citi metadatele BITLK FVE de la %s." + +#: lib/bitlk/bitlk.c:562 +msgid "Unknown or unsupported encryption type." +msgstr "Tip de criptare necunoscut sau neacceptat." + +#: lib/bitlk/bitlk.c:602 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Nu s-au putut citi intrările de metadate BITLK de la %s." + +#: lib/bitlk/bitlk.c:719 +msgid "Failed to convert BITLK volume description" +msgstr "Nu s-a putut converti descrierea volumului BITLK" + +#: lib/bitlk/bitlk.c:882 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing external key." +msgstr "Tip neașteptat de intrare de metadate „%u” găsit la analizarea cheii externe." + +#: lib/bitlk/bitlk.c:905 +#, c-format +msgid "BEK file GUID '%s' does not match GUID of the volume." +msgstr "GUID-ul fișierului BEK „%s”, nu se potrivește cu GUID-ul volumului." + +#: lib/bitlk/bitlk.c:909 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing external key." +msgstr "Valoare neașteptată a intrării metadatelor „%u”, a fost găsită la analizarea cheii externe." + +#: lib/bitlk/bitlk.c:948 +#, c-format +msgid "Unsupported BEK metadata version %" +msgstr "Versiune neacceptată de metadate BEK %" + +#: lib/bitlk/bitlk.c:953 +#, c-format +msgid "Unexpected BEK metadata size % does not match BEK file length" +msgstr "Dimensiune neașteptată a metadatelor BEK %, nu se potrivește cu lungimea fișierului BEK" + +#: lib/bitlk/bitlk.c:979 +msgid "Unexpected metadata entry found when parsing startup key." +msgstr "Intrare neașteptată de metadate găsită la analizarea cheii de pornire." + +#: lib/bitlk/bitlk.c:1075 +msgid "This operation is not supported." +msgstr "Această operație nu este acceptată." + +#: lib/bitlk/bitlk.c:1083 +msgid "Unexpected key data size." +msgstr "Dimensiune neașteptată a datelor cheii." + +#: lib/bitlk/bitlk.c:1209 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Acest dispozitiv BITLK este într-o stare neacceptată și nu poate fi activat." + +#: lib/bitlk/bitlk.c:1214 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "Dispozitivele BITLK de tip „%s” nu pot fi activate." + +#: lib/bitlk/bitlk.c:1221 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Activarea dispozitivului BITLK parțial decriptat nu este acceptată." + +#: lib/bitlk/bitlk.c:1262 +#, c-format +msgid "WARNING: BitLocker volume size % does not match the underlying device size %" +msgstr "AVERTISMENT: dimensiunea volumului BitLocker % nu se potrivește cu dimensiunea dispozitivului subiacent %" + +#: lib/bitlk/bitlk.c:1389 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Nu se poate activa dispozitivul, modulul nucleului «dm-crypt» nu are suport pentru BITLK IV." + +#: lib/bitlk/bitlk.c:1393 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Dispozitivul nu poate fi activat, modulul nucleului «dm-crypt» nu are suport pentru difuzorul BITLK Elephant." + +#: lib/bitlk/bitlk.c:1397 +msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." +msgstr "Dispozitivul nu poate fi activat, kernel-ul dm-crypt nu are suport pentru dimensiune mare a sectorului." + +#: lib/bitlk/bitlk.c:1401 +msgid "Cannot activate device, kernel dm-zero module is missing." +msgstr "Dispozitivul nu se poate activa, modulul nucleului, «dm-zero», lipsește." + +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Nu s-au putut citi %u octeți din antetul volumului." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "Versiune FVAULT2 neacceptată %." + +#: lib/verity/verity.c:68 lib/verity/verity.c:182 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Dispozitivul verity %s nu utilizează antetul de pe disc." + +#: lib/verity/verity.c:96 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Versiunea VERITY %d nu este acceptată." + +#: lib/verity/verity.c:131 +msgid "VERITY header corrupted." +msgstr "Antetul VERITY este corupt." + +#: lib/verity/verity.c:176 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Formatul UUID VERITY furnizat pe dispozitivul %s este greșit." + +#: lib/verity/verity.c:220 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Eroare la actualizarea antetului Verity pe dispozitivul %s." + +#: lib/verity/verity.c:278 +msgid "Root hash signature verification is not supported." +msgstr "Verificarea semnăturii sumei de verificare(hash) rădăcină nu este acceptată." + +#: lib/verity/verity.c:290 +msgid "Errors cannot be repaired with FEC device." +msgstr "Erorile nu pot fi reparate cu dispozitivul FEC." + +#: lib/verity/verity.c:292 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "S-au găsit %u erori reparabile cu dispozitivul FEC." + +#: lib/verity/verity.c:335 +msgid "Kernel does not support dm-verity mapping." +msgstr "Nucleul nu acceptă asocierea dm-verity." + +#: lib/verity/verity.c:339 +msgid "Kernel does not support dm-verity signature option." +msgstr "Nucleul nu acceptă opțiunea de semnătură dm-verity." + +#: lib/verity/verity.c:350 +msgid "Verity device detected corruption after activation." +msgstr "Dispozitivul verity a detectat corupție după activare." + +#: lib/verity/verity_hash.c:66 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "Zona de rezervă nu este pusă la zero la poziția %." + +#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300 +#: lib/verity/verity_hash.c:311 +msgid "Device offset overflow." +msgstr "Depășire a poziției de pe dispozitiv." + +#: lib/verity/verity_hash.c:218 +#, c-format +msgid "Verification failed at position %." +msgstr "Verificarea a eșuat la poziția %." + +#: lib/verity/verity_hash.c:307 +msgid "Hash area overflow." +msgstr "Debordare a zonei sumei de control(hash)." + +#: lib/verity/verity_hash.c:380 +msgid "Verification of data area failed." +msgstr "Verificarea zonei de date a eșuat." + +#: lib/verity/verity_hash.c:385 +msgid "Verification of root hash failed." +msgstr "Verificarea sumei de control(hash) rădăcină a eșuat." + +#: lib/verity/verity_hash.c:391 +msgid "Input/output error while creating hash area." +msgstr "Eroare de intrare/ieșire la crearea zonei de sumă de control(hash)." + +#: lib/verity/verity_hash.c:393 +msgid "Creation of hash area failed." +msgstr "Crearea zonei de sumă de control(hash) a eșuat." + +#: lib/verity/verity_hash.c:428 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "AVERTISMENT: Nucleul nu poate activa dispozitivul dacă dimensiunea blocului de date depășește dimensiunea paginii (%u)." + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Nu s-a putut aloca contextul RS." + +#: lib/verity/verity_fec.c:149 +msgid "Failed to allocate buffer." +msgstr "Nu s-a putut aloca memoria tampon." + +#: lib/verity/verity_fec.c:159 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Nu s-a putut citi blocul RS % octetul %d." + +#: lib/verity/verity_fec.c:172 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Nu s-a putut citi paritatea pentru blocul RS %." + +#: lib/verity/verity_fec.c:180 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Nu s-a putut repara paritatea pentru blocul %." + +#: lib/verity/verity_fec.c:192 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Nu s-a putut scrie paritatea pentru blocul RS %." + +#: lib/verity/verity_fec.c:208 +msgid "Block sizes must match for FEC." +msgstr "Dimensiunile blocurilor trebuie să se potrivească pentru FEC." + +#: lib/verity/verity_fec.c:214 +msgid "Invalid number of parity bytes." +msgstr "Număr nevalid de octeți de paritate." + +#: lib/verity/verity_fec.c:248 +msgid "Invalid FEC segment length." +msgstr "Lungimea segmentului FEC nu este validă." + +#: lib/verity/verity_fec.c:316 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "Nu s-a putut determina dimensiunea pentru dispozitivul %s." + +#: lib/integrity/integrity.c:57 +#, c-format +msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." +msgstr "Metadate incompatibile cu modulul nucleului «dm-integrity» (versiunea %u) detectate pe %s." + +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Nucleul nu acceptă asocierea dm-integrity." + +#: lib/integrity/integrity.c:283 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Nucleul nu acceptă alinierea metadatelor fixe dm-integrity." + +#: lib/integrity/integrity.c:292 +msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." +msgstr "Nucleul refuză să activeze opțiunea de recalculare nesigură (consultați opțiunile de activare vechi pentru a le înlocui)." + +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Nu s-a putut obține blocarea la scriere pe dispozitivul %s." + +#: lib/luks2/luks2_disk_metadata.c:400 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "S-a detectat o încercare de actualizare concomitentă a metadatelor LUKS2. Se abandonează operația." + +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"Dispozitivul conține semnături ambigue, nu se poate recupera automat LUKS2.\n" +"Rulați «cryptsetup repair» pentru recuperare." + +#: lib/luks2/luks2_json_format.c:229 +msgid "Requested data offset is too small." +msgstr "Decalajul de date solicitat este prea mic." + +#: lib/luks2/luks2_json_format.c:274 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "AVERTISMENT: zona sloturilor de chei (% octeți) este foarte mică, numărul de sloturi de chei LUKS2 disponibil este foarte limitat.\n" + +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Nu s-a putut obține blocarea pentru citire pe dispozitivul %s." + +#: lib/luks2/luks2_json_metadata.c:1405 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Cerințe LUKS2 interzise detectate în copia de rezervă %s." + +#: lib/luks2/luks2_json_metadata.c:1446 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Decalajul datelor diferă între dispozitiv și copia de rezervă, restaurare eșuată." + +#: lib/luks2/luks2_json_metadata.c:1452 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Antetul binar cu dimensiunea zonelor sloturilor pentru chei diferă între dispozitiv și copia de rezervă, restaurare eșuată." + +#: lib/luks2/luks2_json_metadata.c:1459 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "Dispozitiv %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1460 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "nu conține antetul LUKS2. Înlocuirea antetului poate distruge datele de pe acest dispozitiv." + +#: lib/luks2/luks2_json_metadata.c:1461 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "conține deja antetul LUKS2. Înlocuirea antetului va distruge sloturile de chei existente." + +#: lib/luks2/luks2_json_metadata.c:1463 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" +"\n" +"AVERTISMENT: cerințe necunoscute LUKS2 detectate în antetul dispozitivului real!\n" +"Înlocuirea antetului cu copia de rezervă poate deteriora datele de pe acest dispozitiv!" + +#: lib/luks2/luks2_json_metadata.c:1465 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"AVERTISMENT: Recriptare „offline” nefinalizată detectată pe dispozitiv!\n" +"Înlocuirea antetului cu copia de rezervă poate deteriora datele." + +#: lib/luks2/luks2_json_metadata.c:1562 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "S-a ignorat fanionul necunoscut %s." + +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Lipsește cheia pentru segmentul dm-crypt %u" + +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +msgid "Failed to set dm-crypt segment." +msgstr "Nu s-a putut definii segmentul dm-crypt." + +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +msgid "Failed to set dm-linear segment." +msgstr "Nu s-a putut definii segmentul dm-linear." + +#: lib/luks2/luks2_json_metadata.c:2615 +msgid "Unsupported device integrity configuration." +msgstr "Configurație de integritate a dispozitivului neacceptată." + +#: lib/luks2/luks2_json_metadata.c:2701 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Recriptare în curs. Nu se poate dezactiva dispozitivul." + +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Nu s-a putut înlocui dispozitivul suspendat %s cu ținta dm-error." + +#: lib/luks2/luks2_json_metadata.c:2792 +msgid "Failed to read LUKS2 requirements." +msgstr "Nu s-au putut citi cerințele LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2799 +msgid "Unmet LUKS2 requirements detected." +msgstr "Au fost detectate cerințe LUKS2 neîndeplinite." + +#: lib/luks2/luks2_json_metadata.c:2807 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Operație incompatibilă cu dispozitivul marcat pentru recriptare învechită. Se abandonează." + +#: lib/luks2/luks2_json_metadata.c:2809 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Operație incompatibilă cu dispozitivul marcat pentru recriptare LUKS2. Se abandonează." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +msgid "Not enough available memory to open a keyslot." +msgstr "Nu există suficientă memorie disponibilă pentru a deschide un slot de cheie." + +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +msgid "Keyslot open failed." +msgstr "Deschiderea slotului de cheie a eșuat." + +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Nu se poate utiliza cifrul %s-%s pentru criptarea slotului de cheie." + +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#, c-format +msgid "Hash algorithm %s is not available." +msgstr "Algoritmul sumei de control(hash) %s nu este disponibil." + +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "Nu există spațiu pentru noul slot de cheie." + +#: lib/luks2/luks2_keyslot_reenc.c:593 +msgid "Invalid reencryption resilience mode change requested." +msgstr "A fost solicitată o schimbare incorectă a modului de adaptabilitate pentru recriptare." + +#: lib/luks2/luks2_keyslot_reenc.c:714 +#, c-format +msgid "Can not update resilience type. New type only provides % bytes, required space is: % bytes." +msgstr "Nu se poate actualiza tipul de adaptabilitate. Tipul nou oferă numai % octeți, spațiul necesar este: % octeți." + +#: lib/luks2/luks2_keyslot_reenc.c:724 +msgid "Failed to refresh reencryption verification digest." +msgstr "Nu s-a putut reîmprospăta calcularea sumei de control de verificare a recriptării." + +#: lib/luks2/luks2_luks1_convert.c:512 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Nu se poate verifica starea dispozitivului cu uuid: %s." + +#: lib/luks2/luks2_luks1_convert.c:538 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Nu s-a putut converti antetul cu metadate suplimentare LUKSMETA." + +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#, c-format +msgid "Unable to use cipher specification %s-%s for LUKS2." +msgstr "Nu se poate utiliza specificația de cifrare %s-%s pentru LUKS2." + +#: lib/luks2/luks2_luks1_convert.c:584 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Nu se poate muta zona slotului pentru chei. Spațiu insuficient." + +#: lib/luks2/luks2_luks1_convert.c:619 +msgid "Cannot convert to LUKS2 format - invalid metadata." +msgstr "Nu se poate converti în format LUKS2 - metadate nevalide." + +#: lib/luks2/luks2_luks1_convert.c:636 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Nu se poate muta zona slotului pentru chei. Zona sloturilor pentru chei LUKS2 este prea mică." + +#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +msgid "Unable to move keyslot area." +msgstr "Nu se poate muta zona slotului pentru chei." + +#: lib/luks2/luks2_luks1_convert.c:732 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Nu se poate converti în format LUKS1 - dimensiunea implicită a sectorului de criptare al segmentului nu este de 512 octeți." + +#: lib/luks2/luks2_luks1_convert.c:740 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Nu se poate converti în formatul LUKS1 - calcularea sumelor de control ale slotului de cheie nu este compatibilă cu LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:752 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Nu se poate converti în formatul LUKS1 - dispozitivul folosește cifrul de cheie încapsulat %s." + +#: lib/luks2/luks2_luks1_convert.c:757 +msgid "Cannot convert to LUKS1 format - device uses more segments." +msgstr "Nu se poate converti în formatul LUKS1 - dispozitivul utilizează mai multe segmente." + +#: lib/luks2/luks2_luks1_convert.c:765 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Nu se poate converti în formatul LUKS1 - antetul LUKS2 conține %u jetoane(tokens)." + +#: lib/luks2/luks2_luks1_convert.c:779 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Nu se poate converti în formatul LUKS1 - slotul de cheie %u este într-o stare nevalidă." + +#: lib/luks2/luks2_luks1_convert.c:784 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Nu se poate converti în formatul LUKS1 - slotul %u (peste sloturile maxime) este încă activ." + +#: lib/luks2/luks2_luks1_convert.c:789 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Nu se poate converti în formatul LUKS1 - slotul de cheie %u nu este compatibil cu LUKS1." + +#: lib/luks2/luks2_reencrypt.c:1152 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Dimensiunea zonei „fierbinți” (active) trebuie să fie multiplu al alinierii zonei calculate (%zu octeți)." + +#: lib/luks2/luks2_reencrypt.c:1157 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Dimensiunea dispozitivului trebuie să fie multiplu al alinierii zonei calculate (%zu octeți)." + +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Nu s-a putut inițializa vechea încapsulare de stocare a segmentului." + +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Nu s-a putut inițializa noua încapsulare de stocare a segmentului." + +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +msgid "Failed to initialize hotzone protection." +msgstr "Nu s-a putut inițializa protecția zonei „fierbinți” (active)." + +#: lib/luks2/luks2_reencrypt.c:1578 +msgid "Failed to read checksums for current hotzone." +msgstr "Nu s-au putut citii sumele de control pentru zona „fierbinte” (activă) actuală." + +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Nu s-a putut citi zona „fierbinte” (activă) începând cu %." + +#: lib/luks2/luks2_reencrypt.c:1604 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Nu s-a putut decripta sectorul %zu." + +#: lib/luks2/luks2_reencrypt.c:1610 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Nu s-a putut recupera sectorul %zu." + +#: lib/luks2/luks2_reencrypt.c:2174 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Dimensiunile dispozitivelor sursă și țintă nu se potrivesc. Sursa %, ținta: %." + +#: lib/luks2/luks2_reencrypt.c:2272 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Nu s-a putut activa zona „fierbinte” (activă) a dispozitivului %s." + +#: lib/luks2/luks2_reencrypt.c:2289 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Nu s-a putut activa dispozitivul de suprapunere %s cu tabelul de origine actual." + +#: lib/luks2/luks2_reencrypt.c:2296 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Nu s-a putut încărca noua asociere pentru dispozitivul %s." + +#: lib/luks2/luks2_reencrypt.c:2367 +msgid "Failed to refresh reencryption devices stack." +msgstr "Nu s-a putut reîmprospăta stiva de dispozitive de recriptare." + +#: lib/luks2/luks2_reencrypt.c:2550 +msgid "Failed to set new keyslots area size." +msgstr "Nu s-a putut definii dimensiunea zonei noilor sloturi pentru chei." + +#: lib/luks2/luks2_reencrypt.c:2686 +#, c-format +msgid "Data shift value is not aligned to encryption sector size (% bytes)." +msgstr "Valoarea deplasării datelor nu este aliniată la dimensiunea sectorului de criptare (% octeți)." + +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Modul de adaptabilitate neacceptat %s" + +#: lib/luks2/luks2_reencrypt.c:2760 +msgid "Moved segment size can not be greater than data shift value." +msgstr "Dimensiunea segmentului mutat nu poate fi mai mare decât valoarea deplasării de date." + +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "Parametri de adaptabilitate de recriptare nevalizi." + +#: lib/luks2/luks2_reencrypt.c:2824 +#, c-format +msgid "Moved segment too large. Requested size %, available space for: %." +msgstr "Segmentul mutat este prea mare. Dimensiunea solicitată este de %, iar spațiul disponibil pentru aceasta este de: %." + +#: lib/luks2/luks2_reencrypt.c:2911 +msgid "Failed to clear table." +msgstr "Nu s-a putut șterge tabelul." + +#: lib/luks2/luks2_reencrypt.c:2997 +msgid "Reduced data size is larger than real device size." +msgstr "Dimensiunea redusă a datelor este mai mare decât dimensiunea dispozitivului real." + +#: lib/luks2/luks2_reencrypt.c:3004 +#, c-format +msgid "Data device is not aligned to encryption sector size (% bytes)." +msgstr "Dispozitivul de date nu este aliniat la dimensiunea sectorului de criptare (% octeți)." + +#: lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Deplasarea datelor (% sectoare) este mai mică decât decalajul viitor al datelor (% sectoare)." + +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Nu s-a putut deschide %s în modul exclusiv (deja cartografiat sau montat)." + +#: lib/luks2/luks2_reencrypt.c:3234 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Dispozitivul nu este marcat pentru recriptarea LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Nu s-a putut încărca contextul de recriptare LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3331 +msgid "Failed to get reencryption state." +msgstr "Nu s-a putut obține stadiul recriptării." + +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +msgid "Device is not in reencryption." +msgstr "Dispozitivul nu se află în recriptare." + +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +msgid "Reencryption process is already running." +msgstr "Procesul de recriptare rulează deja." + +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +msgid "Failed to acquire reencryption lock." +msgstr "Nu s-a putut obține blocarea pentru recriptare." + +#: lib/luks2/luks2_reencrypt.c:3362 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Nu se poate continua cu recriptarea. Rulați mai întâi recuperarea recriptării." + +#: lib/luks2/luks2_reencrypt.c:3497 +msgid "Active device size and requested reencryption size don't match." +msgstr "Dimensiunea dispozitivului activ și dimensiunea de recriptare solicitată nu se potrivesc." + +#: lib/luks2/luks2_reencrypt.c:3511 +msgid "Illegal device size requested in reencryption parameters." +msgstr "Dimensiunea dispozitivului solicitată în parametrii de recriptare este incorectă." + +#: lib/luks2/luks2_reencrypt.c:3588 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Recriptare în curs. Nu se poate efectua recuperarea." + +#: lib/luks2/luks2_reencrypt.c:3757 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "Recriptare LUKS2 deja inițializată în metadate." + +#: lib/luks2/luks2_reencrypt.c:3764 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Nu s-a putut inițializa recriptarea LUKS2 în metadate." + +#: lib/luks2/luks2_reencrypt.c:3859 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Nu s-au putut definii segmentele dispozitivului pentru următoarea zonă „fierbinte” (activă) de recriptare." + +#: lib/luks2/luks2_reencrypt.c:3911 +msgid "Failed to write reencryption resilience metadata." +msgstr "Nu s-au putut scrie metadatele adaptabilității recriptării." + +#: lib/luks2/luks2_reencrypt.c:3918 +msgid "Decryption failed." +msgstr "Decriptarea a eșuat." + +#: lib/luks2/luks2_reencrypt.c:3923 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Nu s-a putut scrie zona „fierbinte” (activă) începând de la %." + +#: lib/luks2/luks2_reencrypt.c:3928 +msgid "Failed to sync data." +msgstr "Nu s-au putut sincroniza datele." + +#: lib/luks2/luks2_reencrypt.c:3936 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Nu s-au putut actualiza metadatele după finalizarea zonei „fierbinți” (active) de recriptare actuală." + +#: lib/luks2/luks2_reencrypt.c:4025 +msgid "Failed to write LUKS2 metadata." +msgstr "Nu s-au putut scrie metadatele LUKS2." + +#: lib/luks2/luks2_reencrypt.c:4048 +msgid "Failed to wipe unused data device area." +msgstr "Nu s-a putut șterge zona nefolosită a dispozitivului de date." + +#: lib/luks2/luks2_reencrypt.c:4054 +#, c-format +msgid "Failed to remove unused (unbound) keyslot %d." +msgstr "Nu s-a putut elimina slotul de cheie neutilizat (neasociat) %d." + +#: lib/luks2/luks2_reencrypt.c:4064 +msgid "Failed to remove reencryption keyslot." +msgstr "Nu s-a putut elimina slotul de cheie de recriptare." + +#: lib/luks2/luks2_reencrypt.c:4074 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Eroare fatală la recriptarea porțiunii începând de la %, % sectoare lungi." + +#: lib/luks2/luks2_reencrypt.c:4078 +msgid "Online reencryption failed." +msgstr "Recriptarea «online» a eșuat." + +#: lib/luks2/luks2_reencrypt.c:4083 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Nu reluați dispozitivul decât dacă este înlocuit manual cu ținta erorii." + +#: lib/luks2/luks2_reencrypt.c:4137 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Nu se poate continua cu recriptarea. Stare neașteptată a recriptării." + +#: lib/luks2/luks2_reencrypt.c:4143 +msgid "Missing or invalid reencrypt context." +msgstr "Context de recriptare lipsă sau nevalid." + +#: lib/luks2/luks2_reencrypt.c:4150 +msgid "Failed to initialize reencryption device stack." +msgstr "Nu s-a putut inițializa stiva dispozitivului de recriptare." + +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +msgid "Failed to update reencryption context." +msgstr "Nu s-a putut actualiza contextul de recriptare." + +#: lib/luks2/luks2_reencrypt_digest.c:405 +msgid "Reencryption metadata is invalid." +msgstr "Metadatele de recriptare sunt nevalide." + +#: src/cryptsetup.c:85 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Parametrii de criptare a slotului de cheie pot fi stabiliți numai pentru dispozitivul LUKS2." + +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#, c-format +msgid "Enter token PIN: " +msgstr "Introduceți codul PIN al jetonului: " + +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#, c-format +msgid "Enter token %d PIN: " +msgstr "Introduceți codul PIN al jetonului(token) %d: " + +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/utils_reencrypt_luks1.c:580 +msgid "No known cipher specification pattern detected." +msgstr "Nu s-a detectat niciun model de specificație de cifrare cunoscut." + +#: src/cryptsetup.c:167 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "AVERTISMENT: Parametrul „--hash” este ignorat în modul simplu, cu fișierul de cheie specificat.\n" + +#: src/cryptsetup.c:175 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "AVERTISMENT: Opțiunea „--keyfile-size” este ignorată, dimensiunea de citire este aceeași cu dimensiunea cheii de criptare.\n" + +#: src/cryptsetup.c:215 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "S-au detectat semnături de dispozitiv pe %s. Continuarea operației, riscă să deterioreze datele existente." + +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +msgid "Operation aborted.\n" +msgstr "Operația se întrerupe.\n" + +#: src/cryptsetup.c:294 +msgid "Option --key-file is required." +msgstr "Opțiunea „--key-file” este necesară." + +#: src/cryptsetup.c:345 +msgid "Enter VeraCrypt PIM: " +msgstr "Introduceți PIM-ul VeraCrypt: " + +#: src/cryptsetup.c:354 +msgid "Invalid PIM value: parse error." +msgstr "Valoare PIM nevalidă: eroare de analizare." + +#: src/cryptsetup.c:357 +msgid "Invalid PIM value: 0." +msgstr "Valoare PIM nevalidă: 0." + +#: src/cryptsetup.c:360 +msgid "Invalid PIM value: outside of range." +msgstr "Valoare PIM nevalidă: în afara intervalului." + +#: src/cryptsetup.c:383 +msgid "No device header detected with this passphrase." +msgstr "Nu a fost detectat niciun antet de dispozitiv cu această frază de acces." + +#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Dispozitivul %s nu este un dispozitiv BITLK valid." + +#: src/cryptsetup.c:464 +msgid "Cannot determine volume key size for BITLK, please use --key-size option." +msgstr "Nu se poate determina dimensiunea cheii de volum pentru BITLK; utilizați opțiunea „--key-size” pentru a o furniza." + +#: src/cryptsetup.c:506 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Conținutul antetului cu cheia de volum este o informație sensibilă\n" +"care permite accesul la partiția criptată fără fraza de acces.\n" +"Acest conținut ar trebui să fie întotdeauna stocat criptat într-un loc sigur." + +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Conținutul antetului cu cheia de volum este o informație sensibilă\n" +"care permite accesul la partiția criptată fără fraza de acces.\n" +"Acest conținut ar trebui să fie întotdeauna stocat criptat într-un loc sigur." + +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Dispozitivul %s nu este un dispozitiv FVAULT2 valid." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Nu se poate determina dimensiunea cheii de volum pentru FVAULT2; utilizați opțiunea „--key-size” pentru a o furniza." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Dispozitivul %s este încă activ și programat pentru eliminare temporizată.\n" + +#: src/cryptsetup.c:835 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Redimensionarea dispozitivului activ necesită cheia de volum în inelul de chei, dar opțiunea „--disable-keyring” este furnizată." + +#: src/cryptsetup.c:982 +msgid "Benchmark interrupted." +msgstr "Testarea pentru evaluarea performanței a fost întreruptă." + +#: src/cryptsetup.c:1003 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s (neaplicabil)\n" + +#: src/cryptsetup.c:1005 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iterații pe secundă pentru cheia %zu-bit\n" + +#: src/cryptsetup.c:1019 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s (neaplicabil)\n" + +#: src/cryptsetup.c:1021 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iterații, %5u memorie, %1u fire paralele (CPU-uri) pentru cheia %zu-bit (timpul necesitat %u ms)\n" + +#: src/cryptsetup.c:1045 +msgid "Result of benchmark is not reliable." +msgstr "Rezultatul testului de evaluare a performanței nu este fiabil." + +#: src/cryptsetup.c:1095 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Testele sunt aproximative folosind doar memoria (fără In/Ieș de stocare).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:1115 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algoritm | Cheie | Criptare | Decriptare\n" + +#: src/cryptsetup.c:1119 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Cifrarea %s (cu cheie de %i biți) nu este disponibilă." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:1138 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritm | Cheie | Criptare | Decriptare\n" + +#: src/cryptsetup.c:1149 +msgid "N/A" +msgstr "nedisponibil" + +#: src/cryptsetup.c:1174 +msgid "" +"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" +"and continue (upgrade metadata) only if you acknowledge the operation as genuine." +msgstr "Au fost detectate metadate neprotejate de recriptare LUKS2. Verificați că operațiunea de recriptare este de dorit (consultați ieșirea luksDump) și continuați (să actualizați metadatele) numai dacă recunoașteți operația ca fiind autentică." + +#: src/cryptsetup.c:1180 +msgid "Enter passphrase to protect and upgrade reencryption metadata: " +msgstr "Introduceți fraza de acces pentru a proteja și actualiza metadatele de recriptare: " + +#: src/cryptsetup.c:1224 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Continuați cu adevărat cu recuperarea recriptării LUKS2?" + +#: src/cryptsetup.c:1233 +msgid "Enter passphrase to verify reencryption metadata digest: " +msgstr "Introduceți fraza de acces pentru a verifica calcularea sumele de control a metadatelor de recriptare: " + +#: src/cryptsetup.c:1235 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Introduceți fraza de acces pentru recuperarea recriptării: " + +#: src/cryptsetup.c:1290 +msgid "Really try to repair LUKS device header?" +msgstr "Încercați cu adevărat să reparați antetul dispozitivului LUKS?" + +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Ștergere întreruptă." + +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Se șterge dispozitivul pentru a inițializa calcularea sumei de control a integrității.\n" +"Puteți întrerupe acest lucru apăsând CTRL+c (restul dispozitivului care nu este șters va conține o sumă de control nevalidă).\n" + +#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Nu se poate dezactiva dispozitivul temporar %s." + +#: src/cryptsetup.c:1392 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Opțiunea de integritate poate fi utilizată numai pentru formatul LUKS2." + +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Opțiuni de dimensiune a metadatelor LUKS2 neacceptate." + +#: src/cryptsetup.c:1406 +msgid "Header file does not exist, do you want to create it?" +msgstr "Fișierul antet nu există, doriți să îl creați?" + +#: src/cryptsetup.c:1414 +#, c-format +msgid "Cannot create header file %s." +msgstr "Nu se poate crea fișierul antet %s." + +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 +#: src/integritysetup.c:333 +msgid "No known integrity specification pattern detected." +msgstr "Nu a fost detectat niciun model de specificație de integritate cunoscut." + +#: src/cryptsetup.c:1450 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Nu se poate folosi %s ca antet pe disc." + +#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Acest lucru va suprascrie datele de pe %s în mod irevocabil." + +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +msgid "Failed to set pbkdf parameters." +msgstr "Nu s-au putut definii parametrii pbkdf." + +#: src/cryptsetup.c:1593 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Decalajul redus de date este permis numai pentru antetul LUKS detașat." + +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "Containerul de fișiere LUKS %s este prea mic pentru activare, nu mai rămâne spațiu pentru date." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Nu se poate determina dimensiunea cheii de volum pentru LUKS fără sloturi de chei; folosiți opțiunea „--key-size” pentru a furniza aceste date." + +#: src/cryptsetup.c:1658 +msgid "Device activated but cannot make flags persistent." +msgstr "Dispozitivul a fost activat, dar nu se poate face ca fanioanele să fie persistente." + +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Slotul de cheie %d este selectat pentru ștergere." + +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Acesta este ultimul slot de cheie. Dispozitivul va deveni inutilizabil după eliminarea acestei chei." + +#: src/cryptsetup.c:1750 +msgid "Enter any remaining passphrase: " +msgstr "Introduceți orice frază de acces rămasă: " + +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Operația a fost întreruptă, slotul de cheie NU a fost șters.\n" + +#: src/cryptsetup.c:1787 +msgid "Enter passphrase to be deleted: " +msgstr "Introduceți fraza de acces pentru a fi ștearsă: " + +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 +#, c-format +msgid "Device %s is not a valid LUKS2 device." +msgstr "Dispozitivul %s nu este un dispozitiv LUKS2 valid." + +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +msgid "Enter new passphrase for key slot: " +msgstr "Introduceți noua frază de acces pentru slotul de cheie: " + +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "AVERTISMENT: Parametrul „--key-slot” este utilizat pentru noul număr de slot de cheie.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Introduceți orice frază de acces existentă: " + +#: src/cryptsetup.c:2152 +msgid "Enter passphrase to be changed: " +msgstr "Introduceți fraza de acces pentru a fi schimbată: " + +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +msgid "Enter new passphrase: " +msgstr "Introduceți nouă frază de acces: " + +#: src/cryptsetup.c:2218 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Introduceți fraza de acces pentru slotul de cheie care urmează să fie convertit: " + +#: src/cryptsetup.c:2242 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Doar un singur dispozitiv este admis ca argument pentru operația isLuks." + +#: src/cryptsetup.c:2350 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Slotul de cheie %d nu conține o cheie neasociată." + +#: src/cryptsetup.c:2355 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Conținutul antetului cu cheia neasociată este o informație sensibilă.\n" +"Acest conținut ar trebui să fie stocat criptat într-un loc sigur." + +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#, c-format +msgid "%s is not active %s device name." +msgstr "%s nu este numele dispozitivului activ %s." + +#: src/cryptsetup.c:2465 +#, c-format +msgid "%s is not active LUKS device name or header is missing." +msgstr "%s nu este numele unui dispozitiv LUKS activ sau antetul lipsește." + +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +msgid "Option --header-backup-file is required." +msgstr "Este necesară opțiunea „--header-backup-file”." + +#: src/cryptsetup.c:2577 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s nu este un dispozitiv gestionat de «cryptsetup»." + +#: src/cryptsetup.c:2588 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Reîmprospătarea nu este disponibilă pentru tipul de dispozitiv %s" + +#: src/cryptsetup.c:2638 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Tip de dispozitiv de metadate nerecunoscut %s." + +#: src/cryptsetup.c:2640 +msgid "Command requires device and mapped name as arguments." +msgstr "Comanda necesită un dispozitiv și numele asociat acestuia ca argumente." + +#: src/cryptsetup.c:2661 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Această operație va șterge toate sloturile de chei de pe dispozitivul %s.\n" +"Dispozitivul va deveni inutilizabil după această operație." + +#: src/cryptsetup.c:2668 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Operația a fost întreruptă, sloturile de chei NU au fost șterse.\n" + +#: src/cryptsetup.c:2707 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Tip LUKS nevalid, numai luks1 și luks2 sunt acceptate." + +#: src/cryptsetup.c:2723 +#, c-format +msgid "Device is already %s type." +msgstr "Dispozitivul este deja de tip %s." + +#: src/cryptsetup.c:2730 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Această operație va converti %s în formatul %s.\n" + +#: src/cryptsetup.c:2733 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Operația a fost întreruptă, dispozitivul NU a fost convertit.\n" + +#: src/cryptsetup.c:2773 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Opțiunea „--priority”, „--label” sau „--subsystem” lipsește." + +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#, c-format +msgid "Token %d is invalid." +msgstr "Jetonul(token) %d nu este valid." + +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#, c-format +msgid "Token %d in use." +msgstr "Jetonul(token) %d este în uz." + +#: src/cryptsetup.c:2822 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Nu s-a putut adăuga jetonul(token) %d la inelul de chei luks2." + +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Nu s-a putut atribui jetonul(token) %d slotului pentru cheie %d." + +#: src/cryptsetup.c:2850 +#, c-format +msgid "Token %d is not in use." +msgstr "Jetonul %d nu este în uz." + +#: src/cryptsetup.c:2887 +msgid "Failed to import token from file." +msgstr "Nu s-a putut importa jetonul din fișier." + +#: src/cryptsetup.c:2912 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Nu s-a putut obține jetonul %d pentru export." + +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Jetonul %d nu este alocat slotului de cheie %d." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "Nu s-a putut anula atribuirea jetonului %d din slotul de cheie %d." + +#: src/cryptsetup.c:2983 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Opțiunea „--tcrypt-hidden”, „--tcrypt-system” sau „--tcrypt-backup” este acceptată doar pentru dispozitivele TCRYPT." + +#: src/cryptsetup.c:2986 +msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." +msgstr "Opțiunea „--veracrypt” sau „--disable-veracrypt” este acceptată numai pentru tipul de dispozitiv TCRYPT." + +#: src/cryptsetup.c:2989 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Opțiunea „--veracrypt-pim” este acceptată numai pentru dispozitivele compatibile cu VeraCrypt." + +#: src/cryptsetup.c:2993 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Opțiunea „--veracrypt-query-pim” este acceptată numai pentru dispozitivele compatibile cu VeraCrypt." + +#: src/cryptsetup.c:2995 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Opțiunile „--veracrypt-pim” și „--veracrypt-query-pim” se exclud reciproc." + +#: src/cryptsetup.c:3004 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Opțiunea „--persistent” nu este permisă cu opțiunea „--test-passphrase”." + +#: src/cryptsetup.c:3007 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Opțiunile „--refresh” și „--test-passphrase” se exclud reciproc." + +#: src/cryptsetup.c:3010 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Opțiunea „--shared” este permisă numai pentru deschiderea unui dispozitiv simplu." + +#: src/cryptsetup.c:3013 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Opțiunea „--skip” este acceptată numai pentru deschiderea dispozitivelor simple și a dispozitivelor loopaes." + +#: src/cryptsetup.c:3016 +msgid "Option --offset with open action is only supported for plain and loopaes devices." +msgstr "Opțiunea „--offset” cu acțiune de deschidere este acceptată numai pentru dispozitivele simple și dispozitivele loopaes." + +#: src/cryptsetup.c:3019 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Opțiunea „--tcrypt-hidden” nu poate fi combinată cu opțiunea „--allow-discards”." + +#: src/cryptsetup.c:3023 +msgid "Sector size option with open action is supported only for plain devices." +msgstr "Opțiunea de dimensiune a sectorului cu acțiune de deschidere este acceptată numai pentru dispozitivele simple." + +#: src/cryptsetup.c:3027 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Opțiunea sectoare IV (vector de inițializare) mari este acceptată numai pentru deschiderea dispozitivelor de tip simplu, cu dimensiunea sectorului mai mare de 512 de octeți." + +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "Opțiunea „--test-passphrase” este permisă numai pentru deschiderea dispozitivelor LUKS, TCRYPT, BITLK și FVAULT2." + +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +msgid "Options --device-size and --size cannot be combined." +msgstr "Opțiunile „--device-size” și „--size” nu pot fi combinate." + +#: src/cryptsetup.c:3038 +msgid "Option --unbound is allowed only for open of luks device." +msgstr "Opțiunea „--unbound” este permisă numai pentru deschiderea dispozitivelor luks." + +#: src/cryptsetup.c:3041 +msgid "Option --unbound cannot be used without --test-passphrase." +msgstr "Opțiunea „--unbound” nu poate fi utilizată fără opțiunea „--test-passphrase”." + +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +msgid "Options --cancel-deferred and --deferred cannot be used at the same time." +msgstr "Opțiunile „--cancel-deferred” și „--deferred” nu pot fi utilizate în același timp." + +#: src/cryptsetup.c:3066 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Opțiunile „--reduce-device-size” și „--data-size” nu pot fi combinate." + +#: src/cryptsetup.c:3069 +msgid "Option --active-name can be set only for LUKS2 device." +msgstr "Opțiunea „--active-name” poate fi utilizată numai pentru dispozitivele LUKS2." + +#: src/cryptsetup.c:3072 +msgid "Options --active-name and --force-offline-reencrypt cannot be combined." +msgstr "Opțiunile „--active-name” și „--force-offline-reencrypt” nu pot fi combinate." + +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +msgid "Keyslot specification is required." +msgstr "Este necesară specificarea slotului de cheie." + +#: src/cryptsetup.c:3088 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Opțiunile „--align-payload” și „--offset” nu pot fi combinate." + +#: src/cryptsetup.c:3091 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Opțiunea „--integrity-no-wipe” poate fi utilizată numai pentru acțiuni de formatare cu extensie de integritate." + +#: src/cryptsetup.c:3094 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Numai una dintre opțiunile „--use-[u]random” este permisă." + +#: src/cryptsetup.c:3102 +msgid "Key size is required with --unbound option." +msgstr "Dimensiunea cheii este necesară cu opțiunea „--unbound”." + +#: src/cryptsetup.c:3122 +msgid "Invalid token action." +msgstr "Operație cu jeton(token) nevalidă." + +#: src/cryptsetup.c:3125 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Parametrul „--key-description” este obligatoriu pentru acțiunea de adăugare a jetonului." + +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Acțiunea necesită un jeton(token)l specific. Utilizați parametrul „--token-id”." + +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "Opțiunea „--unbound” este validă numai cu acțiunea de adăugare a jetonului." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Opțiunile „--key-slot” și „--unbound” nu pot fi combinate." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "Acțiunea necesită un slot de cheie specific. Utilizați parametrul „--key-slot”." + +#: src/cryptsetup.c:3156 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +msgid "open device as " +msgstr "deschide dispozitivul ca " + +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 +#: src/integritysetup.c:537 src/integritysetup.c:539 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +msgid "close device (remove mapping)" +msgstr "închide dispozitivul (elimină asocierea)" + +#: src/cryptsetup.c:3158 src/integritysetup.c:539 +msgid "resize active device" +msgstr "redimensionează dispozitivul activ" + +#: src/cryptsetup.c:3159 +msgid "show device status" +msgstr "afișează starea dispozitivului" + +#: src/cryptsetup.c:3160 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3160 +msgid "benchmark cipher" +msgstr "evaluează performanța cifrului" + +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3161 +msgid "try to repair on-disk metadata" +msgstr "încearcă să repare metadatele de pe disc" + +#: src/cryptsetup.c:3162 +msgid "reencrypt LUKS2 device" +msgstr "recriptează dispozitivul LUKS2" + +#: src/cryptsetup.c:3163 +msgid "erase all keyslots (remove encryption key)" +msgstr "șterge toate sloturile de chei (elimină cheia de criptare)" + +#: src/cryptsetup.c:3164 +msgid "convert LUKS from/to LUKS2 format" +msgstr "convertește LUKS din/în formatul LUKS2" + +#: src/cryptsetup.c:3165 +msgid "set permanent configuration options for LUKS2" +msgstr "definește opțiunile permanente de configurare pentru LUKS2" + +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3166 +msgid "formats a LUKS device" +msgstr "formatează un dispozitiv LUKS" + +#: src/cryptsetup.c:3167 +msgid "add key to LUKS device" +msgstr "adaugă o cheie la dispozitivul LUKS" + +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3168 +msgid "removes supplied key or key file from LUKS device" +msgstr "elimină cheia sau fișierul cheie furnizat de pe dispozitivul LUKS" + +#: src/cryptsetup.c:3169 +msgid "changes supplied key or key file of LUKS device" +msgstr "modifică cheia furnizată sau fișierul cheie al dispozitivului LUKS" + +#: src/cryptsetup.c:3170 +msgid "converts a key to new pbkdf parameters" +msgstr "convertește o cheie în noii parametri pbkdf" + +#: src/cryptsetup.c:3171 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3171 +msgid "wipes key with number from LUKS device" +msgstr "șterge cheia cu numărul de pe dispozitivul LUKS" + +#: src/cryptsetup.c:3172 +msgid "print UUID of LUKS device" +msgstr "afișează UUID-ul dispozitivului LUKS" + +#: src/cryptsetup.c:3173 +msgid "tests for LUKS partition header" +msgstr "testează pentru antetul partiției LUKS" + +#: src/cryptsetup.c:3174 +msgid "dump LUKS partition information" +msgstr "afișează informațiile despre partiția LUKS" + +#: src/cryptsetup.c:3175 +msgid "dump TCRYPT device information" +msgstr "afișează informațiile despre dispozitivul TCRYPT" + +#: src/cryptsetup.c:3176 +msgid "dump BITLK device information" +msgstr "afișează informațiile despre dispozitivul BITLK" + +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "afișează informațiile despre dispozitivul FVAULT2" + +#: src/cryptsetup.c:3178 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Suspendă dispozitivul LUKS și șterge cheia (toate In/Ieșirile sunt înghețate)" + +#: src/cryptsetup.c:3179 +msgid "Resume suspended LUKS device" +msgstr "Repune în funcțiune dispozitivul LUKS suspendat" + +#: src/cryptsetup.c:3180 +msgid "Backup LUKS device header and keyslots" +msgstr "Face copie de rezervă pentru antetul dispozitivului LUKS și pentru sloturile de chei" + +#: src/cryptsetup.c:3181 +msgid "Restore LUKS device header and keyslots" +msgstr "Restaurează antetul dispozitivului LUKS și sloturile de chei" + +#: src/cryptsetup.c:3182 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3182 +msgid "Manipulate LUKS2 tokens" +msgstr "Manipulează jetoanele LUKS2" + +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" este una dintre:\n" + +# R-GC, scrie: +# «open» și «close», sunt noile nume +# pentru , iar: +# «create» și «remove», sunt vechile +# nume, sau alias pentru primele. +# A se vedea ieșirea comenzii: +# «cryptsetup -?|--help» +#: src/cryptsetup.c:3207 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" +msgstr "" +"\n" +"Puteți utiliza, de asemenea, vechile alias de sintaxă :\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" + +#: src/cryptsetup.c:3211 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" este dispozitivul de creat sub %s\n" +" este dispozitivul criptat\n" +" este numărul slotului de cheie LUKS de modificat\n" +" fișier cheie opțional pentru noua cheie pentru acțiunea luksAddKey\n" + +#: src/cryptsetup.c:3218 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Formatul implicit de metadate compilate este %s (pentru acțiunea luksFormat).\n" + +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 +#, c-format +msgid "" +"\n" +"LUKS2 external token plugin support is %s.\n" +msgstr "" +"\n" +"Suportul pentru modulul de jeton(token) extern LUKS2 este %s.\n" + +#: src/cryptsetup.c:3223 +msgid "compiled-in" +msgstr "integrat în compilare" + +#: src/cryptsetup.c:3224 +#, c-format +msgid "LUKS2 external token plugin path: %s.\n" +msgstr "Calea modulului pentru jetonul(token) extern LUKS2: %s.\n" + +#: src/cryptsetup.c:3226 +msgid "disabled" +msgstr "dezactivat" + +#: src/cryptsetup.c:3230 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Parametrii impliciti pentru cheia și fraza de acces compilați:\n" +"\tDimensiunea maximă a fișierului cheie: %dko, Lungimea maximă a frazei de acces interactivă %d (caractere)\n" +"PBKDF implicit pentru LUKS1: %s, timp de iterație: %d (ms)\n" +"PBKDF implicit pentru LUKS2: %s\n" +"\tTimp de iterare: %d, Memorie necesară: %dko, Fire de execuție paralele: %d\n" + +#: src/cryptsetup.c:3241 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Parametrii de cifrare ai dispozitivului compilați implicit:\n" +"\tloop-AES: %s, cheie %d biți\n" +"\tsimplu: %s, Cheie: %d biți, Suma de control a parolei: %s\n" +"\tLUKS: %s, Cheie: %d biți, Suma de control a antetului LUKS: %s, RNG: %s\n" + +#: src/cryptsetup.c:3250 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: Dimensiunea implicită a cheii cu modul XTS (două chei interne) va fi dublată.\n" + +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: necesită %s ca argumente" + +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +msgid "Key slot is invalid." +msgstr "Slotul de cheie nu este valid." + +#: src/cryptsetup.c:3335 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Dimensiunea dispozitivului trebuie să fie multiplu al sectorului de 512 octeți." + +#: src/cryptsetup.c:3340 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Specificația pentru dimensiunea zonei fierbinți(active) pentru recriptare maximă nu este validă." + +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +msgid "Key size must be a multiple of 8 bits" +msgstr "Dimensiunea cheii trebuie să fie multiplu de 8 biți" + +#: src/cryptsetup.c:3371 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Dimensiunea maximă de reducere a dispozitivului este de 1 GiB." + +#: src/cryptsetup.c:3374 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Dimensiunea redusă trebuie să fie multiplu al sectorului de 512 octeți." + +#: src/cryptsetup.c:3391 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Argumentul opțiuni „--priority” poate fi doar «ignore/normal/prefer»." + +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +msgid "Show this help message" +msgstr "Afișează acest mesaj de ajutor" + +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +msgid "Display brief usage" +msgstr "Afișează modul de utilizare pe scurt" + +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +msgid "Print package version" +msgstr "Afișează versiunea pachetului" + +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +msgid "Help options:" +msgstr "Opțiuni de ajutor:" + +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +msgid "[OPTION...] " +msgstr "[OPȚIUNE...] " + +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +msgid "Argument missing." +msgstr "Argumentul lipsește." + +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +msgid "Unknown action." +msgstr "Acțiune necunoscută." + +#: src/cryptsetup.c:3546 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Opțiunea „--key-file” are prioritate față de argumentul specificat pentru fișierul cheie." + +#: src/cryptsetup.c:3552 +msgid "Only one --key-file argument is allowed." +msgstr "Numai un argument „--key-file” este permis." + +#: src/cryptsetup.c:3557 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Funcția de derivare a unei chei bazată pe parolă (PBKDF=Password-Based Key Derivation Function) poate fi doar pbkdf2 sau argon2i/argon2id." + +#: src/cryptsetup.c:3562 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Iterațiile forțate PBKDF nu pot fi combinate cu opțiunea de timp de iterație." + +#: src/cryptsetup.c:3573 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Opțiunile „--keyslot-cipher” și „--keyslot-key-size” trebuie să fie folosite împreună." + +#: src/cryptsetup.c:3581 +msgid "No action taken. Invoked with --test-args option.\n" +msgstr "Nu s-a executat nicio acțiune. Programul a fost invocat cu opțiunea „--test-args”.\n" + +#: src/cryptsetup.c:3594 +msgid "Cannot disable metadata locking." +msgstr "Nu se poate dezactiva blocarea metadatelor." + +#: src/veritysetup.c:54 +msgid "Invalid salt string specified." +msgstr "S-a specificat un șir de date «salt» nevalid." + +#: src/veritysetup.c:87 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Nu s-a putut crea imaginea sumei de control(hash) %s pentru scriere." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Nu s-a putut crea imaginea FEC %s pentru scriere." + +#: src/veritysetup.c:136 +#, c-format +msgid "Cannot create root hash file %s for writing." +msgstr "Nu s-a putut crea fișierul sumei de control(hash) rădăcină %s pentru scriere." + +#: src/veritysetup.c:143 +#, c-format +msgid "Cannot write to root hash file %s." +msgstr "Nu se poate scrie în fișierul sumei de control (hash) rădăcină %s." + +#: src/veritysetup.c:198 src/veritysetup.c:476 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Dispozitivul %s nu este un dispozitiv VERITY valid." + +#: src/veritysetup.c:215 src/veritysetup.c:232 +#, c-format +msgid "Cannot read root hash file %s." +msgstr "Nu se poate citii din fișierul sumei de control (hash) rădăcină %s." + +#: src/veritysetup.c:220 +#, c-format +msgid "Invalid root hash file %s." +msgstr "Fișierul sumei de control (hash) rădăcină %s nu este valid." + +#: src/veritysetup.c:241 +msgid "Invalid root hash string specified." +msgstr "S-a specificat un șir de sumă de control (hash) rădăcină nevalid." + +#: src/veritysetup.c:249 +#, c-format +msgid "Invalid signature file %s." +msgstr "Fișierul de semnătură %s nu este valid." + +#: src/veritysetup.c:256 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Nu se poate citi fișierul de semnătură %s." + +#: src/veritysetup.c:279 src/veritysetup.c:293 +msgid "Command requires or --root-hash-file option as argument." +msgstr "Comanda necesită ca argument opțiunea sau „--root-hash-file”." + +#: src/veritysetup.c:489 +msgid " " +msgstr " " + +#: src/veritysetup.c:489 src/integritysetup.c:534 +msgid "format device" +msgstr "formatează dispozitivul" + +#: src/veritysetup.c:490 +msgid " []" +msgstr " []" + +#: src/veritysetup.c:490 +msgid "verify device" +msgstr "verifică dispozitivul" + +#: src/veritysetup.c:491 +msgid " []" +msgstr " []" + +#: src/veritysetup.c:493 src/integritysetup.c:537 +msgid "show active device status" +msgstr "afișează starea dispozitivului activ" + +#: src/veritysetup.c:494 +msgid "" +msgstr "" + +#: src/veritysetup.c:494 src/integritysetup.c:538 +msgid "show on-disk information" +msgstr "afișează informațiile de pe disc" + +#: src/veritysetup.c:513 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +" este dispozitivul de creat sub %s\n" +" este dispozitivul de date\n" +" este dispozitivul care conține datele de verificare\n" +" suma-de-control(hash) a nodului rădăcină de pe \n" + +#: src/veritysetup.c:520 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Parametrii dm-verity compilați implicit:\n" +"\tAlgoritmul sumei de control(hash): %s, Bloc de date (octeți): %u, Bloc sumă de control(hash) (octeți): %u,\n" +"\tDimensiune date «salt»: %u, Formatul sumei de control(hash): %u\n" + +#: src/veritysetup.c:658 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Opțiunile „--ignore-corruption” și „--restart-on-corruption” nu pot fi utilizate împreună." + +#: src/veritysetup.c:663 +msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." +msgstr "Opțiunile „--panic-on-corruption” și „--restart-on-corruption” nu pot fi utilizate împreună." + +#: src/integritysetup.c:177 +#, c-format +msgid "" +"This will overwrite data on %s and %s irrevocably.\n" +"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)." +msgstr "" +"Acest lucru va suprascrie datele de pe %s și %s în mod irevocabil.\n" +"Pentru a păstra datele dispozitivului de date, utilizați opțiunea „--no-wipe” (și apoi activați-l cu „--integrity-recalculate”)." + +#: src/integritysetup.c:212 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formatat cu dimensiunea etichetei %u, integritate internă %s.\n" + +#: src/integritysetup.c:289 +msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." +msgstr "Utilizarea fanionului pentru recalculare(...-recalculate) nu este acceptată, luați în considerare utilizarea opțiunii „--wipe” în schimb." + +#: src/integritysetup.c:364 src/integritysetup.c:521 +#, c-format +msgid "Device %s is not a valid INTEGRITY device." +msgstr "Dispozitivul %s nu este un dispozitiv INTEGRITY valid." + +#: src/integritysetup.c:534 src/integritysetup.c:538 +msgid "" +msgstr "" + +#: src/integritysetup.c:535 +msgid " " +msgstr " " + +#: src/integritysetup.c:558 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" este dispozitivul de creat sub %s\n" +" este dispozitivul care conține date cu etichete de integritate\n" + +#: src/integritysetup.c:563 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +"\tMaximum keyfile size: %dkB\n" +msgstr "" +"\n" +"Parametrii dm-integrity compilați implicit:\n" +"\tAlgoritmul sumei de control: %s\n" +"\tDimensiunea maximă a fișierului cheie: %dko\n" + +#: src/integritysetup.c:620 +#, c-format +msgid "Invalid --%s size. Maximum is %u bytes." +msgstr "Dimensiune nevalidă --%s. Maximul este de %u octeți." + +#: src/integritysetup.c:720 +msgid "Both key file and key size options must be specified." +msgstr "Trebuie specificată atât opțiunea pentru fișierul cheie, cât și opțiunea pentru dimensiunea cheii." + +#: src/integritysetup.c:724 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Trebuie specificată atât opțiunea pentru fișierul cheii de integritate a jurnalului, cât și opțiunea pentru dimensiunea cheii." + +#: src/integritysetup.c:727 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Algoritmul de integritate a jurnalului trebuie să fie specificat dacă este utilizată cheia de integritate a jurnalului." + +#: src/integritysetup.c:731 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Trebuie specificată atât opțiunea pentru fișierul cheii de criptare a jurnalului, cât și opțiunea pentru dimensiunea cheii." + +#: src/integritysetup.c:734 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Algoritmul de criptare a jurnalului trebuie să fie specificat dacă este utilizată cheia de criptare a jurnalului." + +#: src/integritysetup.c:738 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Opțiunile de recuperare și modul de hartă de biți(bitmap) se exclud reciproc." + +#: src/integritysetup.c:745 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Opțiunile jurnalului nu pot fi utilizate în modul de hartă de biți(bitmap)." + +#: src/integritysetup.c:750 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Opțiunile de hartă de biți(bitmap) pot fi utilizate numai în modul de hartă de biți(bitmap)." + +#: src/utils_tools.c:118 +msgid "" +"\n" +"WARNING!\n" +"========\n" +msgstr "" +"\n" +"AVERTISMENT!\n" +"========\n" + +#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word. +#: src/utils_tools.c:120 +#, c-format +msgid "" +"%s\n" +"\n" +"Are you sure? (Type 'yes' in capital letters): " +msgstr "" +"%s\n" +"\n" +"Sunteți sigur? (Tastați „yes” cu litere mari): " + +#: src/utils_tools.c:126 +msgid "Error reading response from terminal." +msgstr "Eroare la citirea răspunsului de la terminal." + +#: src/utils_tools.c:158 +msgid "Command successful." +msgstr "Comandă reușită." + +#: src/utils_tools.c:166 +msgid "wrong or missing parameters" +msgstr "parametri greșiți sau lipsă" + +#: src/utils_tools.c:168 +msgid "no permission or bad passphrase" +msgstr "fără permisiune sau expresie de acces incorectă" + +#: src/utils_tools.c:170 +msgid "out of memory" +msgstr "memorie insuficientă" + +#: src/utils_tools.c:172 +msgid "wrong device or file specified" +msgstr "dispozitiv sau fișier specificat greșit" + +#: src/utils_tools.c:174 +msgid "device already exists or device is busy" +msgstr "dispozitivul există deja sau dispozitivul este ocupat" + +#: src/utils_tools.c:176 +msgid "unknown error" +msgstr "eroare necunoscută" + +#: src/utils_tools.c:178 +#, c-format +msgid "Command failed with code %i (%s)." +msgstr "Comanda a eșuat cu codul %i (%s)." + +#: src/utils_tools.c:256 +#, c-format +msgid "Key slot %i created." +msgstr "Slotul de cheie %i a fost creat." + +#: src/utils_tools.c:258 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Slotul de cheie %i a fost deblocat." + +#: src/utils_tools.c:260 +#, c-format +msgid "Key slot %i removed." +msgstr "Slotul de cheie %i a fost eliminat." + +#: src/utils_tools.c:269 +#, c-format +msgid "Token %i created." +msgstr "Jetonul %i a fost creat." + +#: src/utils_tools.c:271 +#, c-format +msgid "Token %i removed." +msgstr "Jetonul %i a fost eliminat." + +#: src/utils_tools.c:281 +msgid "No token could be unlocked with this PIN." +msgstr "Niciun jeton(token) nu a putut fi deblocat cu acest cod PIN." + +#: src/utils_tools.c:283 +#, c-format +msgid "Token %i requires PIN." +msgstr "Jetonul %i necesită un cod PIN." + +#: src/utils_tools.c:285 +#, c-format +msgid "Token (type %s) requires PIN." +msgstr "Jetonul (tip %s) necesită un cod PIN." + +#: src/utils_tools.c:288 +#, c-format +msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." +msgstr "Jetonul %i nu poate debloca slotul de cheie alocat (frază de acces greșită pentru slotul de cheie)." + +#: src/utils_tools.c:290 +#, c-format +msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." +msgstr "Jetonul (tip %s) nu poate debloca slotul de cheie alocat (frază de acces greșită pentru slotul de cheie)." + +#: src/utils_tools.c:293 +#, c-format +msgid "Token %i requires additional missing resource." +msgstr "Jetonul %i necesită o resursă suplimentară lipsă." + +#: src/utils_tools.c:295 +#, c-format +msgid "Token (type %s) requires additional missing resource." +msgstr "Jetonul (tip %s) necesită o resursă suplimentară lipsă." + +#: src/utils_tools.c:298 +#, c-format +msgid "No usable token (type %s) is available." +msgstr "Nu este disponibil niciun jeton utilizabil (tip %s)." + +#: src/utils_tools.c:300 +msgid "No usable token is available." +msgstr "Nu este disponibil niciun jeton utilizabil." + +#: src/utils_tools.c:393 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Nu se poate citi fișierul de chei %s." + +#: src/utils_tools.c:398 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Nu se pot citi %d octeți din fișierul de chei %s." + +#: src/utils_tools.c:423 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Nu se poate deschide fișierul de chei %s pentru scriere." + +#: src/utils_tools.c:430 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Nu se poate scrie în fișierul de chei %s." + +#: src/utils_progress.c:74 +#, c-format +msgid "%02m%02s" +msgstr "%02m%02s" + +#: src/utils_progress.c:76 +#, c-format +msgid "%02h%02m%02s" +msgstr "%02h%02m%02s" + +#: src/utils_progress.c:78 +#, c-format +msgid "%02 days" +msgstr "%02 zile" + +#: src/utils_progress.c:105 src/utils_progress.c:138 +#, c-format +msgid "%4 %s written" +msgstr "%4 %s scris" + +#: src/utils_progress.c:109 src/utils_progress.c:142 +#, c-format +msgid "speed %5.1f %s/s" +msgstr "viteza %5.1f %s/s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. 'eol' is always new-line or empty. +#. See above. +#. +#: src/utils_progress.c:118 +#, c-format +msgid "Progress: %5.1f%%, ETA %s, %s, %s%s" +msgstr "Progres: %5.1f%%, AMR %s, %s, %s%s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. See above +#. +#: src/utils_progress.c:150 +#, c-format +msgid "Finished, time %s, %s, %s\n" +msgstr "Terminat în: %s, %s, %s\n" + +#: src/utils_password.c:41 src/utils_password.c:72 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Nu se poate verifica calitatea parolei: %s" + +#: src/utils_password.c:49 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"Verificarea calității parolei a eșuat:\n" +" %s" + +#: src/utils_password.c:79 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Verificarea calității parolei a eșuat: frază de acces greșită (%s)" + +#: src/utils_password.c:230 src/utils_password.c:244 +msgid "Error reading passphrase from terminal." +msgstr "Eroare la citirea frazei de acces de la terminal." + +#: src/utils_password.c:242 +msgid "Verify passphrase: " +msgstr "Verifică fraza de acces: " + +#: src/utils_password.c:249 +msgid "Passphrases do not match." +msgstr "Frazele de acces nu se potrivesc." + +#: src/utils_password.c:287 +msgid "Cannot use offset with terminal input." +msgstr "Nu se poate utiliza decalajul cu intrarea terminalului." + +#: src/utils_password.c:291 +#, c-format +msgid "Enter passphrase: " +msgstr "Introduceți fraza de acces: " + +#: src/utils_password.c:294 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Introduceți fraza de acces pentru %s: " + +#: src/utils_password.c:328 +msgid "No key available with this passphrase." +msgstr "Nu este disponibilă nicio cheie cu această frază de acces." + +#: src/utils_password.c:330 +msgid "No usable keyslot is available." +msgstr "Nu este disponibil niciun slot de cheie utilizabil." + +#: src/utils_luks.c:67 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Nu se poate face verificarea frazei de acces pe intrări non-tty." + +#: src/utils_luks.c:182 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Nu s-a putut deschide fișierul %s în modul numai-pentru-citire." + +#: src/utils_luks.c:195 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Furnizați un jeton(token) JSON LUKS2 valid:\n" + +#: src/utils_luks.c:202 +msgid "Failed to read JSON file." +msgstr "Nu s-a putut citi fișierul JSON." + +#: src/utils_luks.c:207 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Citire întreruptă." + +#: src/utils_luks.c:248 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Nu s-a putut deschide fișierul %s în modul de scriere." + +#: src/utils_luks.c:257 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Scriere întreruptă." + +#: src/utils_luks.c:261 +msgid "Failed to write JSON file." +msgstr "Nu s-a putut scrie fișierul JSON." + +#: src/utils_reencrypt.c:120 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Dispozitiv dm activ „%s” detectat automat pentru dispozitivul de date %s.\n" + +# R-GC, scrie: +# ceva mă face să cred că: +# „holders”, ar trebui tradus de fapt, +# ca „locatarii” (ghilimelele inclusiv). +# Cred că de fapt autorii se referă +# la ocupanții dispozitivului: +# date normale, fișiere de antete de..., +# fișiere de chei, fișiere de sume +# de control, fișiere de draci și laci.... +#: src/utils_reencrypt.c:124 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Nu s-au putut detecta automat deținătorii dispozitivului %s." + +#: src/utils_reencrypt.c:130 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Dispozitivul %s nu este un dispozitiv de blocuri.\n" + +#: src/utils_reencrypt.c:132 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Nu se poate decide dacă dispozitivul %s este activat sau nu.\n" +"Sunteți sigur că doriți să continuați cu recriptarea în modul offline?\n" +"Poate duce la coruperea datelor dacă dispozitivul este activat în acest moment.\n" +"Pentru a rula recriptarea în modul online, utilizați în schimb parametrul „--active-name”.\n" + +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Dispozitivul %s nu este un dispozitiv de blocuri. Nu se poate detecta automat dacă este activ sau nu.\n" +"Utilizați „--force-offline-reencrypt” pentru a ocoli verificarea și rulați în modul offline (periculos!)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Opțiunea „--resilience” solicitată nu poate fi aplicată operațiunii curente de recriptare." + +#: src/utils_reencrypt.c:203 +msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." +msgstr "Dispozitivul nu este în criptare LUKS2. Opțiune în conflict „--encrypt”." + +#: src/utils_reencrypt.c:208 +msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." +msgstr "Dispozitivul nu este în decriptare LUKS2. Opțiune în conflict „--decrypt”." + +#: src/utils_reencrypt.c:215 +msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." +msgstr "Dispozitivul este în recriptare folosind adaptabilitatea la transferul de date. Opțiunea „--resilience” solicitată nu poate fi aplicată." + +#: src/utils_reencrypt.c:293 +msgid "Device requires reencryption recovery. Run repair first." +msgstr "Dispozitivul necesită recuperarea recriptării. Rulați mai întâi operația de reparare." + +#: src/utils_reencrypt.c:307 +#, c-format +msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" +msgstr "Dispozitivul %s este deja în recriptare LUKS2. Doriți să reluați operația inițializată anterior?" + +#: src/utils_reencrypt.c:353 +msgid "Legacy LUKS2 reencryption is no longer supported." +msgstr "Recriptarea veche LUKS2 nu mai este acceptată." + +#: src/utils_reencrypt.c:418 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Recriptarea dispozitivului cu profil de integritate nu este acceptată." + +#: src/utils_reencrypt.c:449 +#, c-format +msgid "" +"Requested --sector-size % is incompatible with %s superblock\n" +"(block size: % bytes) detected on device %s." +msgstr "" +"Solicitarea făcută cu opțiunea „--sector-size %” este incompatibilă cu superblocul %s\n" +"(dimensiunea blocului: % octeți) detectat pe dispozitivul %s." + +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Criptarea fără antet detașat (--header) nu este posibilă fără reducerea dimensiunii dispozitivului de date (--reduce-device-size)." + +#: src/utils_reencrypt.c:525 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Decalajul de date solicitat trebuie să fie mai mic sau egal cu jumătate din parametrul opțiunii „--reduce-device-size”." + +#: src/utils_reencrypt.c:535 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Ajustarea valorii „--reduce-device-size” la de două ori față de „--offset % (sectoare)”.\n" + +#: src/utils_reencrypt.c:565 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Fișierul antet temporar %s există deja. Se abandonează." + +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Nu se poate crea fișierul antet temporar %s." + +#: src/utils_reencrypt.c:599 +msgid "LUKS2 metadata size is larger than data shift value." +msgstr "Dimensiunea metadatelor LUKS2 este mai mare decât valoarea decalajului de date." + +#: src/utils_reencrypt.c:636 +#, c-format +msgid "Failed to place new header at head of device %s." +msgstr "Nu s-a putut plasa antetul nou la începutul dispozitivului %s." + +#: src/utils_reencrypt.c:646 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s este acum activ și pregătit pentru criptarea online.\n" + +#: src/utils_reencrypt.c:682 +#, c-format +msgid "Active device %s is not LUKS2." +msgstr "Dispozitivul activ %s nu este LUKS2." + +#: src/utils_reencrypt.c:710 +msgid "Restoring original LUKS2 header." +msgstr "Se restabilește antetul LUKS2 original." + +#: src/utils_reencrypt.c:718 +msgid "Original LUKS2 header restore failed." +msgstr "Restaurarea antetului LUKS2 original a eșuat." + +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Fișierul antet %s nu există. Doriți să inițializați decriptarea LUKS2 a dispozitivului %s și să exportați antetul LUKS2 în fișierul %s?" + +#: src/utils_reencrypt.c:792 +msgid "Failed to add read/write permissions to exported header file." +msgstr "Nu s-au putut adăuga permisiuni de citire/scriere la fișierul antet exportat." + +#: src/utils_reencrypt.c:845 +#, c-format +msgid "Reencryption initialization failed. Header backup is available in %s." +msgstr "Inițializarea recriptării a eșuat. Copia de rezervă a antetului este disponibilă în %s." + +#: src/utils_reencrypt.c:873 +msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." +msgstr "Decriptarea LUKS2 este acceptată numai cu dispozitivul antet detașat (cu decalajul de date fixat la 0)." + +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +msgid "Not enough free keyslots for reencryption." +msgstr "Nu sunt suficiente sloturi de chei liberee pentru recriptare." + +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Fișierul de cheie poate fi utilizat numai cu opțiunea „--key-slot” sau cu exact un slot de cheie activ." + +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt_luks1.c:1158 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Introduceți fraza de acces pentru slotul de cheie %d: " + +#: src/utils_reencrypt.c:1059 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Introduceți fraza de acces pentru slotul de cheie %u: " + +#: src/utils_reencrypt.c:1111 +#, c-format +msgid "Switching data encryption cipher to %s.\n" +msgstr "Se comută cifrul de criptare a datelor la %s.\n" + +#: src/utils_reencrypt.c:1165 +msgid "No data segment parameters changed. Reencryption aborted." +msgstr "Nu s-au modificat parametrii de segment de date. Recriptarea a fost abandonată." + +#: src/utils_reencrypt.c:1267 +msgid "" +"Encryption sector size increase on offline device is not supported.\n" +"Activate the device first or use --force-offline-reencrypt option (dangerous!)." +msgstr "" +"Creșterea dimensiunii sectorului de criptare pe dispozitivul offline nu este acceptată.\n" +"Activați mai întâi dispozitivul sau utilizați opțiunea „--force-offline-reencrypt” (periculos!)." + +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt_luks1.c:798 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Recriptarea a fost întreruptă." + +#: src/utils_reencrypt.c:1312 +msgid "Resuming LUKS reencryption in forced offline mode.\n" +msgstr "Reluarea recriptării LUKS în modul offline forțat.\n" + +#: src/utils_reencrypt.c:1329 +#, c-format +msgid "Device %s contains broken LUKS metadata. Aborting operation." +msgstr "Dispozitivul %s conține metadate LUKS deteriorate. Se abandonează operația." + +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#, c-format +msgid "Device %s is already LUKS device. Aborting operation." +msgstr "Dispozitivul %s este deja un dispozitiv LUKS. Se abandonează operația." + +#: src/utils_reencrypt.c:1373 +#, c-format +msgid "Device %s is already in LUKS reencryption. Aborting operation." +msgstr "Dispozitivul %s este deja în recriptare LUKS. Se abandonează operația." + +#: src/utils_reencrypt.c:1453 +msgid "LUKS2 decryption requires --header option." +msgstr "Decriptarea LUKS2 necesită opțiunea „--header”." + +#: src/utils_reencrypt.c:1501 +msgid "Command requires device as argument." +msgstr "Comanda necesită un dispozitiv ca argument." + +#: src/utils_reencrypt.c:1514 +#, c-format +msgid "Conflicting versions. Device %s is LUKS1." +msgstr "Versiuni în conflict. Dispozitivul %s este LUKS1." + +#: src/utils_reencrypt.c:1520 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS1 reencryption." +msgstr "Versiuni în conflict. Dispozitivul %s este în recriptare LUKS1." + +#: src/utils_reencrypt.c:1526 +#, c-format +msgid "Conflicting versions. Device %s is LUKS2." +msgstr "Versiuni în conflict. Dispozitivul %s este LUKS2." + +#: src/utils_reencrypt.c:1532 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS2 reencryption." +msgstr "Versiuni în conflict. Dispozitivul %s este în recriptare LUKS2." + +#: src/utils_reencrypt.c:1538 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "Recriptarea LUKS2 a fost deja inițializată. Se abandonează operația." + +#: src/utils_reencrypt.c:1545 +msgid "Device reencryption not in progress." +msgstr "Recriptarea dispozitivului nu este în curs de desfășurare." + +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Nu se poate deschide exclusiv %s, dispozitiv în uz." + +#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945 +msgid "Allocation of aligned memory failed." +msgstr "Alocarea memoriei aliniate a eșuat." + +#: src/utils_reencrypt_luks1.c:150 +#, c-format +msgid "Cannot read device %s." +msgstr "Nu se poate citi dispozitivul %s." + +#: src/utils_reencrypt_luks1.c:161 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Se marchează dispozitivul LUKS1 %s ca neutilizabil." + +#: src/utils_reencrypt_luks1.c:177 +#, c-format +msgid "Cannot write device %s." +msgstr "Nu se poate scrie dispozitivul %s." + +#: src/utils_reencrypt_luks1.c:226 +msgid "Cannot write reencryption log file." +msgstr "Nu se poate scrie fișierul jurnalului de recriptare." + +#: src/utils_reencrypt_luks1.c:282 +msgid "Cannot read reencryption log file." +msgstr "Nu se poate citii fișierul jurnalului de recriptare." + +#: src/utils_reencrypt_luks1.c:293 +msgid "Wrong log format." +msgstr "Format de jurnal greșit." + +#: src/utils_reencrypt_luks1.c:320 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Fișierul jurnal %s există, reluând recriptarea.\n" + +#: src/utils_reencrypt_luks1.c:369 +msgid "Activating temporary device using old LUKS header." +msgstr "Se activează dispozitivul temporar folosind antetul LUKS vechi." + +#: src/utils_reencrypt_luks1.c:379 +msgid "Activating temporary device using new LUKS header." +msgstr "Se activează dispozitivul temporar folosind antetul LUKS nou." + +#: src/utils_reencrypt_luks1.c:389 +msgid "Activation of temporary devices failed." +msgstr "Activarea dispozitivelor temporare a eșuat." + +#: src/utils_reencrypt_luks1.c:449 +msgid "Failed to set data offset." +msgstr "Nu s-a putut definii decalajul de date." + +#: src/utils_reencrypt_luks1.c:455 +msgid "Failed to set metadata size." +msgstr "Nu s-a putut definii dimensiunea metadatelor." + +#: src/utils_reencrypt_luks1.c:463 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "A fost creat un nou antet LUKS pentru dispozitivul %s." + +#: src/utils_reencrypt_luks1.c:500 +#, c-format +msgid "%s header backup of device %s created." +msgstr "A fost creată o copie de rezervă a antetului %s pentru dispozitivul %s." + +#: src/utils_reencrypt_luks1.c:556 +msgid "Creation of LUKS backup headers failed." +msgstr "Crearea antetelor de rezervă LUKS a eșuat." + +#: src/utils_reencrypt_luks1.c:685 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Nu se poate restabili antetul %s pe dispozitivul %s." + +#: src/utils_reencrypt_luks1.c:687 +#, c-format +msgid "%s header on device %s restored." +msgstr "Antetul %s de pe dispozitivul %s a fost restaurat." + +#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923 +msgid "Cannot open temporary LUKS device." +msgstr "Nu se poate deschide dispozitivul LUKS temporar." + +#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933 +msgid "Cannot get device size." +msgstr "Nu se poate obține dimensiunea dispozitivului." + +#: src/utils_reencrypt_luks1.c:968 +msgid "IO error during reencryption." +msgstr "Eroare de In/Ieș în timpul recriptării." + +#: src/utils_reencrypt_luks1.c:998 +msgid "Provided UUID is invalid." +msgstr "UUID-ul furnizat nu este valid." + +#: src/utils_reencrypt_luks1.c:1224 +msgid "Cannot open reencryption log file." +msgstr "Nu se poate deschide fișierul jurnalului de recriptare." + +#: src/utils_reencrypt_luks1.c:1230 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Nicio decriptare nu este în curs de desfășurare, UUID-ul furnizat poată să fie utilizat doar pentru a relua procesul de decriptare suspendat." + +#: src/utils_reencrypt_luks1.c:1286 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Recriptarea se va modifica: %s%s%s%s%s%s." + +#: src/utils_reencrypt_luks1.c:1287 +msgid "volume key" +msgstr "cheia de volum" + +#: src/utils_reencrypt_luks1.c:1289 +msgid "set hash to " +msgstr "stabilește suma de control(hash) la " + +#: src/utils_reencrypt_luks1.c:1290 +msgid ", set cipher to " +msgstr ", stabilește cifrarea la " + +#: src/utils_blockdev.c:189 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "AVERTISMENT: Dispozitivul %s conține deja o semnătură de partiție „%s”.\n" + +#: src/utils_blockdev.c:197 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "AVERTISMENT: Dispozitivul %s conține deja o semnătură superbloc „%s”.\n" + +#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +msgid "Failed to initialize device signature probes." +msgstr "Nu s-au inițializat probele de semnătură a dispozitivului." + +#: src/utils_blockdev.c:274 +#, c-format +msgid "Failed to stat device %s." +msgstr "Nu s-a putut obține starea dispozitivului %s." + +#: src/utils_blockdev.c:289 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Nu s-a putut deschide fișierul %s în modul citire/scriere." + +#: src/utils_blockdev.c:307 +#, c-format +msgid "Existing '%s' partition signature on device %s will be wiped." +msgstr "Semnătura partiției „%s” existentă pe dispozitivul %s va fi ștearsă." + +#: src/utils_blockdev.c:310 +#, c-format +msgid "Existing '%s' superblock signature on device %s will be wiped." +msgstr "Semnătura superblocului „%s” existentă pe dispozitivul %s va fi ștearsă." + +#: src/utils_blockdev.c:313 +msgid "Failed to wipe device signature." +msgstr "Nu s-a putut șterge semnătura dispozitivului." + +#: src/utils_blockdev.c:320 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Nu s-a putut verifica dispozitivul %s pentru o semnătură." + +#: src/utils_args.c:65 +#, c-format +msgid "Invalid size specification in parameter --%s." +msgstr "Specificație de dimensiune nevalidă în parametrul „--%s”." + +#: src/utils_args.c:125 +#, c-format +msgid "Option --%s is not allowed with %s action." +msgstr "Opțiunea „--%s” nu este permisă cu acțiunea %s." + +#: tokens/ssh/cryptsetup-ssh.c:110 +msgid "Failed to write ssh token json." +msgstr "Nu s-a putut scrie jetonul ssh în format JSON." + +#: tokens/ssh/cryptsetup-ssh.c:128 +msgid "" +"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" +"\n" +"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n" +"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n" +"\n" +"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext." +msgstr "" +"Modul de criptare experimentală pentru deblocarea dispozitivelor LUKS2 cu jeton(token) conectat la un server SSH\v Acest modul permite în prezent doar adăugarea unui jeton(token) la un slot de cheie existent.\n" +"\n" +"Serverul SSH specificat trebuie să conțină un fișier cheie în calea specificată, cu o frază de acces pentru un slot de cheie existent pe dispozitiv.\n" +"Acreditările furnizate vor fi folosite de «cryptsetup» pentru a obține parola atunci când deschideți dispozitivul folosind jetonul(token).\n" +"\n" +"Notă: Informațiile furnizate la adăugarea jetonului(token) (adresa serverului SSH, utilizatorul și căile) vor fi stocate în antetul LUKS2 în text clar." + +#: tokens/ssh/cryptsetup-ssh.c:138 +msgid " " +msgstr " " + +#: tokens/ssh/cryptsetup-ssh.c:141 +msgid "Options for the 'add' action:" +msgstr "Opțiuni pentru acțiunea „add”:" + +#: tokens/ssh/cryptsetup-ssh.c:142 +msgid "IP address/URL of the remote server for this token" +msgstr "Adresa IP/URL a serverului de la distanță pentru acest jeton(token)" + +#: tokens/ssh/cryptsetup-ssh.c:143 +msgid "Username used for the remote server" +msgstr "Nume de utilizator folosit pentru serverul de la distanță" + +#: tokens/ssh/cryptsetup-ssh.c:144 +msgid "Path to the key file on the remote server" +msgstr "Calea către fișierul de cheie din serverul de la distanță" + +#: tokens/ssh/cryptsetup-ssh.c:145 +msgid "Path to the SSH key for connecting to the remote server" +msgstr "Calea către cheia SSH pentru conectarea la serverul de la distanță" + +#: tokens/ssh/cryptsetup-ssh.c:146 +msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." +msgstr "Slotul de cheie căruia să îi atribuiți jetonul. Dacă nu este specificat, jetonul va fi atribuit primei fraze de acces furnizate care se potrivește cu slotul de cheie." + +#: tokens/ssh/cryptsetup-ssh.c:148 +msgid "Generic options:" +msgstr "Opțiuni generice:" + +#: tokens/ssh/cryptsetup-ssh.c:149 +msgid "Shows more detailed error messages" +msgstr "Afișează mesaje de eroare mult mai detaliate" + +#: tokens/ssh/cryptsetup-ssh.c:150 +msgid "Show debug messages" +msgstr "Afișează mesajele de depanare" + +#: tokens/ssh/cryptsetup-ssh.c:151 +msgid "Show debug messages including JSON metadata" +msgstr "Afișează mesajele de depanare, inclusiv metadate JSON" + +#: tokens/ssh/cryptsetup-ssh.c:262 +msgid "Failed to open and import private key:\n" +msgstr "Nu s-a putut deschide și importa cheia privată:\n" + +#: tokens/ssh/cryptsetup-ssh.c:266 +msgid "Failed to import private key (password protected?).\n" +msgstr "Nu s-a putut importa cheia privată (protejată prin parolă?).\n" + +#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " +#: tokens/ssh/cryptsetup-ssh.c:268 +#, c-format +msgid "%s@%s's password: " +msgstr "Parola pentru %s@%s: " + +#: tokens/ssh/cryptsetup-ssh.c:357 +#, c-format +msgid "Failed to parse arguments.\n" +msgstr "Argumentele nu au putut fi analizate.\n" + +#: tokens/ssh/cryptsetup-ssh.c:368 +#, c-format +msgid "An action must be specified\n" +msgstr "Trebuie specificată o acțiune\n" + +#: tokens/ssh/cryptsetup-ssh.c:374 +#, c-format +msgid "Device must be specified for '%s' action.\n" +msgstr "Trebuie specificat dispozitivul pentru acțiunea „%s”.\n" + +#: tokens/ssh/cryptsetup-ssh.c:379 +#, c-format +msgid "SSH server must be specified for '%s' action.\n" +msgstr "Serverul SSH trebuie să fie specificat pentru acțiunea „%s”.\n" + +#: tokens/ssh/cryptsetup-ssh.c:384 +#, c-format +msgid "SSH user must be specified for '%s' action.\n" +msgstr "Trebuie specificat utilizatorul SSH pentru acțiunea „%s”.\n" + +#: tokens/ssh/cryptsetup-ssh.c:389 +#, c-format +msgid "SSH path must be specified for '%s' action.\n" +msgstr "Trebuie specificată calea SSH pentru acțiunea „%s”.\n" + +#: tokens/ssh/cryptsetup-ssh.c:394 +#, c-format +msgid "SSH key path must be specified for '%s' action.\n" +msgstr "Trebuie specificată calea cheii SSH pentru acțiunea „%s”.\n" + +#: tokens/ssh/cryptsetup-ssh.c:401 +#, c-format +msgid "Failed open %s using provided credentials.\n" +msgstr "Nu s-a putut deschide %s folosind acreditările furnizate.\n" + +#: tokens/ssh/cryptsetup-ssh.c:417 +#, c-format +msgid "Only 'add' action is currently supported by this plugin.\n" +msgstr "Doar acțiunea „addi” este suportată în prezent de acest modul.\n" + +#: tokens/ssh/ssh-utils.c:46 +msgid "Cannot create sftp session: " +msgstr "Nu se poate crea sesiunea sftp: " + +#: tokens/ssh/ssh-utils.c:53 +msgid "Cannot init sftp session: " +msgstr "Nu se poate iniția sesiunea sftp: " + +#: tokens/ssh/ssh-utils.c:59 +msgid "Cannot open sftp session: " +msgstr "Nu se poate deschide sesiunea sftp: " + +#: tokens/ssh/ssh-utils.c:66 +msgid "Cannot stat sftp file: " +msgstr "Nu se poate stabili starea fișierului sftp: " + +#: tokens/ssh/ssh-utils.c:74 +msgid "Not enough memory.\n" +msgstr "Nu este suficientă memorie.\n" + +#: tokens/ssh/ssh-utils.c:81 +msgid "Cannot read remote key: " +msgstr "Nu se poate citi cheia de la distanță: " + +#: tokens/ssh/ssh-utils.c:122 +msgid "Connection failed: " +msgstr "Conexiunea a eșuat: " + +#: tokens/ssh/ssh-utils.c:132 +msgid "Server not known: " +msgstr "Server necunoscut: " + +#: tokens/ssh/ssh-utils.c:160 +msgid "Public key auth method not allowed on host.\n" +msgstr "Metoda de autentificare cu cheie publică nu este permisă pe gazdă.\n" + +#: tokens/ssh/ssh-utils.c:171 +msgid "Public key authentication error: " +msgstr "Eroare la autentificarea cu cheia publică: " diff -Nru cryptsetup-2.5.0/po/ru.po cryptsetup-2.6.1/po/ru.po --- cryptsetup-2.5.0/po/ru.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/ru.po 2023-02-09 16:12:17.000000000 +0000 @@ -4,13 +4,13 @@ # # Rosetta Contributors and Canonical Ltd , 2007. # Eugene Roskin , 2016. -# Yuri Kozlov , 2018, 2019, 2020, 2021, 2022. +# Yuri Kozlov , 2018, 2019, 2020, 2021, 2022, 2023. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-07-20 17:10+0300\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-04 15:38+0300\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" @@ -22,67 +22,71 @@ "X-Generator: Lokalize 20.12.0\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Не удалось инициализировать device-mapper, выполняется без прав суперпользователя." -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Не удалось инициализировать device-mapper. Загружен ли модуль ядра dm_mod?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "Запрошенный флаг отсрочки не поддерживается." -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "У устройства %s был обрезан DM-UUID." -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "Неизвестный тип цели dm." -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "Запрошенные параметры производительности dm-crypt не поддерживаются." -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Запрошенные параметры обработки повреждённых данных dm-verify не поддерживаются." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "Запрошенный параметр tasklets dm-verify не поддерживается." + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "Запрошенные параметры FEC dm-verify не поддерживаются." -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "Запрошенные параметры целостности данных не поддерживаются." -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "Запрошенный параметр sector_size не поддерживается." -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Запрошенный автоматический пересчёт тегов целостности не поддерживается." -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "Discard/TRIM не поддерживается." -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Запрошенный режим битовой карты dm-integrity не поддерживается." -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "Ошибка при запросе сегмента dm-%s." -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -90,16 +94,16 @@ "При генерации ключа тома в системе закончились данные энтропии.\n" "Подвигайте мышь или наберите любой текст в другом окне, чтобы возникли случайные события.\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Генерация ключа (выполнена на %d%%).\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Выполнение в режиме FIPS." -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "При инициализации RNG возникла критическая ошибка." @@ -111,428 +115,438 @@ msgid "Error reading from RNG." msgstr "Ошибка чтения из RNG." -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "Невозможно инициализировать внутренний интерфейс crypto RNG." -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "Невозможно инициализировать внутренний интерфейс crypto." -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Алгоритм хэширования %s не поддерживается." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Ошибка обработки ключа (используется хэш %s)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Невозможно определить тип устройства. Несовместимая активация устройства?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "Эта операция поддерживается только для устройства LUKS." -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "Эта операция поддерживается только для устройства LUKS2." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "Заполнены все слоты ключей." -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Некорректный слот ключа %d, укажите значение между 0 и %d." -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Слот ключа %d заполнен, выберите другой." -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "Размер устройства не выровнен к размеру логического блока устройства." -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "Обнаружен заголовок, но устройство %s слишком маленькое." -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "Эта операция не поддерживается для этого типа устройств." -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "Недопустимая операция во время работы перешифрования." -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "Не удалось откатиться на метаданные LUKS2 в памяти." + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Устройство %s не является корректным устройством LUKS." -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Неподдерживаемая версия LUKS %d." -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "Устройство %s не активно." -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Исчезло нижележащее устройство у устройства crypt %s." -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "Неверные параметры plain crypt." -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "Неверный размер ключа." -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "Для данного типа crypt UUID не поддерживается." -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "Устройство с отсоединёнными метаданными не поддерживается для этого типа crypt." -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "Неподдерживаемый размер сектора шифрования." -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "Размер устройства не выровнен к запрошенному размеру сектора." -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "Невозможно отформатировать LUKS без устройства." -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "Запрошенный тип выравнивания данных не совместим со смещением данных." -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "ПРЕДУПРЕЖДЕНИЕ: смещение данных находится за пределами доступного в данный момент устройства данных.\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 #, c-format msgid "Cannot wipe header on device %s." msgstr "невозможно затереть заголовок на устройстве %s." -#: lib/setup.c:1774 +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Устройство %s слишком маленькое для активации, не хватает места для данных.\n" + +#: lib/setup.c:1840 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "ПРЕДУПРЕЖДЕНИЕ: Активация устройства завершится ошибкой, так как отсутствует поддержка dm-crypt для запрошенного размера сектора шифрования.\n" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Ключ тома слишком мал для шифрования с целостными расширениями." -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Шифр %s-%s (размер ключа %zd бит) недоступен." -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "ПРЕДУПРЕЖДЕНИЕ: размер метаданных LUKS2 изменился и стал % байт.\n" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "ПРЕДУПРЕЖДЕНИЕ: размер слотов ключа LUKS2 изменился и стал % байт.\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "Устройство %s слишком маленькое." -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "Невозможно отформатировать устройство %s, которое используется." -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Невозможно отформатировать устройство %s, недостаточно прав." -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "Невозможно отформатировать целостность для устройства %s." -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "Невозможно отформатировать устройство %s." -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "Невозможно отформатировать LOOPAES без устройства." -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "Невозможно отформатировать VERITY без устройства." -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Неподдерживаемый тип хэша %d для VERITY." -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Неподдерживаемый размер блока для VERITY." -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Неподдерживаемое смещение хэша для VERITY." -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "Неподдерживаемое смещение FEC для VERITY." -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "Область данных перекрывает области хэша." -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "Область хэша перекрывает область FEC." -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "Область данных перекрывает область FEC." -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "ПРЕДУПРЕЖДЕНИЕ: запрошенный размер тега в %d байт отличается от выходного размера %s (%d байт).\n" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Запрошен неизвестный тип устройства crypt %s." -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "Неподдерживаемые параметры для устройства %s." -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "Несовпадение параметров для устройства %s." -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "Несоответствие устройств crypt." -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "Ошибка при перезагрузке устройства %s." -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "Ошибка при приостановке устройства %s." -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "Ошибка при возобновлении работы устройства %s." -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Критическая ошибка при перезагрузке устройства %s (поверх устройства %s)." -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Ошибка при переключении устройства %s на dm-error." -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "Невозможно изменить размер закольцованного (loop) устройства." -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "ПРЕДУПРЕЖДЕНИЕ: максимальный размер уже задан или ядро не поддерживает изменение размера.\n" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "Изменение размера невозможно, не поддерживается ядром." -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "Вы действительно хотите изменить UUID устройства?" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "Файл резервного заголовка не содержит заголовка совместимого с LUKS." -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "Том %s не активен." -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "Том %s уже приостановлен." -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "Приостановка не поддерживается устройством %s." -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "Ошибка во время приостановки устройства %s." -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "Возобновление не поддерживается устройством %s." -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "Ошибка во время возобновления устройства %s." -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "Том %s не приостановлен." -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "Ключ тома не подходит к тому." -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "Невозможно добавить слот ключа, все слоты отключены и не предоставлен ключ тома." - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "Ошибка при переключении на новый слот ключа." -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "Некорректный слот ключа %d." -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "Слот ключа %d не активен." -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "Заголовок устройства перекрывает область данных." -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "Выполняется перешифрование. Невозможно активировать устройство." -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "Ошибка при получении блокировки перешифрования." -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "Ошибка восстановления перешифрования LUKS2." -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "Тип устройства инициализирован неправильно." -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "Устройство %s уже существует." -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Невозможно использовать устройство %s, некорректное имя или оно всё ещё используется." -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "Для устройства plain указан некорректный ключ тома." -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "Некорректный корневой хэш для указанного устройства verity." -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "Требуется подпись корневого хэша." -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Отсутствует связка ключей ядра: требуется для передачи подписи в ядро." -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "Ошибка при загрузке ключа в связку ключей ядра." -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Не удалось отменить отложенное удаление с устройства %s." -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Устройство %s всё ещё используется." -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "Неверное устройство %s." -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "Буфер ключа тома слишком мал." -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Невозможно получить ключ тома для устройства LUKS2." + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Невозможно получить ключ тома для устройства LUKS1." + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "Невозможно получить ключ тома для устройства plain." @@ -540,147 +554,151 @@ msgid "Cannot retrieve root hash for verity device." msgstr "Невозможно получить корневой хэш для устройства verity." -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Невозможно получить ключ тома для устройства BITLK." + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Невозможно получить ключ тома для устройства FVAULT2." + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Эта операция не поддерживается для устройства crypt %s." -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "Операция дампа не поддерживается для устройства этого типа." -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Смещение данных не кратно %u байтам." -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Невозможно преобразовать устройство %s, которое всё ещё используется." -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Ошибка при назначении слота ключа %u в качестве нового ключа тома." -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Ошибка при инициализации параметров слота ключа по умолчанию LUKS2." -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Ошибка при назначении слота ключа %d дайджесту." -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Невозможно добавить слот ключа, все слоты отключены и не предоставлен ключ тома." + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "Связка ключей ядра не поддерживается ядром." -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Не удалось прочитать парольную фразу из связки ключей (ошибка %d)." -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Не удалось захватить глобальную блокировку сериализации доступа на скорости памяти (memory-hard)." -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "Невозможно получить приоритет процесса." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "Невозможно разблокировать память." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "Не удалось открыть файл ключа." -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "Невозможно прочитать файл ключа с терминала." -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "Не удалось выполнить stat для файла ключа." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "Невозможно переместиться по запрошенному смещению в файле ключа." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "Не хватило памяти при чтении парольной фразы." -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "Ошибка чтения парольной фразы." -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "Нет ничего для чтения со стандартного ввода." -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "Превышен максимальный размер файла ключа." -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "невозможно прочитать запрошенное количество данных." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "Устройство %s не существует или отказано в доступе." -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "Устройство %s несовместимо." -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Игнорируется фиктивный размер optimal-io для устройства данных (%u байт)." -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "Устройство %s слишком маленькое. Требуется не менее % байт." -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Невозможно использовать устройство %s, которое используется (отображено или примонтировано)." -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Невозможно использовать устройство %s, недостаточно прав." -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "Невозможно получить информацию об устройстве %s." -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "Невозможно использовать закольцованное устройство, выполняется без прав суперпользователя." -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Ошибка при присоединении закольцованного устройства (требуется закольцованное устройство с флагом autoclear)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Запрошенный размер вне реального размера устройства %s." -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "Устройство %s имеет нулевой размер." @@ -734,30 +752,25 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "В режиме FIPS поддерживается только PBKDF2." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Оценка производительности PBKDF выключена, но не задано количество итераций." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Несовместимые параметры PBKDF2 (используется алгоритм хэширования %s)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "Несовместимые параметры PBKDF." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Блокировка прервана. Путь блокировки %s/%s использовать невозможно (не является каталогом или отсутствует)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "Будет создан блокирующий каталог %s/%s с правами по умолчанию, заданными при сборке программы." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Блокировка прервана. Путь блокировки %s/%s использовать невозможно (%s не является каталогом)." @@ -789,9 +802,9 @@ msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "Шифр должен указываться в формате [шифр]-[режим]-[iv]." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Невозможно записать на устройство %s, недостаточно прав." @@ -804,23 +817,24 @@ msgid "Failed to access temporary keystore device." msgstr "Не удалось получить доступ к временному устройству keystore." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "Ошибка ввода-вывода при шифровании слота ключа." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Невозможно открыть устройство %s." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "Ошибка ввода-вывода при расшифровке слота ключа." @@ -836,54 +850,54 @@ msgid "LUKS keyslot %u is invalid." msgstr "Некорректный слот ключа LUKS %u." -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "Запрошенный файл резервного заголовка %s уже существует." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "Невозможно создать файл резервного заголовка %s." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "Невозможно записать файл резервного заголовка %s." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "Резервный файл не содержит корректный заголовок LUKS." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "Невозможно открыть файл резервного заголовка %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "Невозможно прочитать файл резервного заголовка %s." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "Смещение данных или размер ключа различаются на устройстве и в резервной копии, восстановление невозможно." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "Устройство %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "не содержит заголовка LUKS. Замена заголовка может уничтожить данные на этом устройстве." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "уже содержит заголовок LUKS. Замена заголовка уничтожит существующие слоты ключей." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -891,126 +905,130 @@ "\n" "ПРЕДУПРЕЖДЕНИЕ: заголовок устройства и резервная копия содержат разные UUID!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "Нестандартный размер ключа, требуется исправление вручную." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "Нестандартное выравнивание слотов ключей, требуется исправление вручную." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Исправлен режим шифра (%s -> %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Хэш шифра приведён к нижнему регистру (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "Запрошенный хэш LUKS %s не поддерживается." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Исправление слотов ключей." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Слот ключа %i: исправлено смещение (%u -> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Слот ключа %i: исправлены полосы (%u -> %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Слот ключа %i: фиктивная подпись раздела." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Слот ключа %i: соль затёрта." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "Запись заголовка LUKS на диск." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "Ошибка при исправлении." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "Некорректный режим шифра LUKS %s." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "Некорректный хэш LUKS %s." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "Известных неполадок в заголовке LUKS не обнаружено." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Ошибка при обновлении заголовка LUKS на устройстве %s." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Ошибка при повторном считывании заголовка LUKS после обновления на устройстве %s." -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Смещение данных заголовка LUKS должно быть равно 0 или быть больше размера заголовка." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "Указан неправильный формат LUKS UUID." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "Невозможно создать заголовок LUKS: ошибка при чтении случайной соли." -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "Невозможно создать заголовок LUKS: ошибка подсчёта дайджеста заголовка (используйте хэш %s)." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "Активен слот ключа %d, сначала нужна вычистка." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Данный слота ключа %d содержат несколько полос. Подделка заголовка?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Переполнение значения итерации PBKDF2." + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Невозможно открыть слот ключа (используется хэш %s)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Некорректный слот ключа %d, значение слота ключа должно быть между 0 и %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Невозможно затереть устройство %s." @@ -1031,177 +1049,187 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "Ядро не поддерживает совместимое отображение loop-AES." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "Ошибка при чтении файла ключа %s." -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Превышена максимальная длина парольной фразы TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Алгоритм хэширования PBKDF2 %s недоступен, пропускается." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "Требуемый интерфейс ядра crypto недоступен." -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Убедитесь, что загружен ядерный модуль algif_skcipher." -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Активация не поддерживается при размере сектора %d." -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Ядро не поддерживает активацию для данного устаревшего режима TCRYPT." -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Активируется система шифрования TCRYPT для раздела %s." -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Ядро не поддерживает совместимое отображение TCRYPT." -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "эта функция не поддерживается без загрузки заголовка TCRYPT." -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "При анализе поддерживаемого главного ключа тома обнаружен неожиданный тип элемента метаданных «%u»." -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "При анализе поддерживаемого главного ключа тома обнаружена некорректная строка." -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "При анализе поддерживаемого главного ключа тома обнаружена неожиданная строка («%s»)." -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "При анализе поддерживаемого главного ключа тома обнаружено неожиданное значение элемента метаданных «%u»." -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "BITLK версии 1 пока не поддерживается." -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Некорректная или неизвестная подпись загрузчика устройства BITLK." -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %." msgstr "Неподдерживаемый размер сектора %." -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Ошибка чтения заголовка BITLK из %s." -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Ошибка чтения метаданных BITLK FVE из %s." -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Неизвестный или неподдерживаемый тип шифрования." -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Ошибка чтения элементов метаданных BITLK из %s." -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "Ошибка преобразования описания тома BITLK" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "При анализе внешнего ключа обнаружен неожиданный тип элемента метаданных «%u»." -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "GUID «%s» BEK-файла не совпадает с GUID тома." -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "При анализе внешнего ключа обнаружено неожиданное значение элемента метаданных «%u»." -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %" msgstr "Неподдерживаемая версия % метаданных BEK" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "Неожиданный размер % метаданных BEK не совпадает с длиной файла BEK" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "При анализе ключа запуска обнаружен неожиданный элемент метаданных." -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "Эта операция не поддерживается." -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "Неожиданный размер ключа данных." -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Данное устройство BITLK находится в неподдерживаемом состоянии и не может быть включено." -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Устройства BITLK с типом «%s» не могут быть включены." -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Активация частично расширенного устройства BITLK не поддерживается." -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "WARNING: BitLocker volume size % does not match the underlying device size %" msgstr "ПРЕДУПРЕЖДЕНИЕ: размер тома BitLocker % не совпадает с размером нижележащего устройства %" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка BITLK IV." -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка BITLK Elephant diffuser." -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка секторов большого размера." -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Невозможно активировать устройство, отсутствует модуль ядра dm-zero." +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Невозможно прочитать %u байт из заголовка тома." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "Неподдерживаемая версия FVAULT2 %." + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1353,17 +1381,17 @@ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Ядро не позволяет задействовать небезопасный параметр пересчёта (для отключения ищите параметры включения старого режима)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Не удалось захватить блокировку на запись на устройстве %s." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Обнаружена попытка одновременного обновления метаданных LUKS2. Отмена операции." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1371,49 +1399,49 @@ "Устройство содержит двусмысленные подписи, невозможно провести автоматическое\n" "восстановление LUKS2. Для восстановления запустите «cryptsetup repair»." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "Запрошенное смещение данных слишком мало." -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "ПРЕДУПРЕЖДЕНИЕ: очень маленькая область слотов ключа (% байт), количество доступных слотов ключа LUKS2 очень ограничено.\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Не удалось захватить блокировку устройства %s на чтение." -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "В резервной копии %s обнаружены запрещённые требования LUKS2." -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "Смещение данных различается на устройстве и в резервной копии, восстановление невозможно." -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Двоичный заголовок с областями слота ключа различается на устройстве и в резервной копии, восстановление невозможно." -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "Устройство %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "не содержит заголовка LUKS2. Замена заголовка может уничтожить данные на этом устройстве." -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "уже содержит заголовок LUKS2. Замена заголовка уничтожит существующие слоты ключей." -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1424,7 +1452,7 @@ "действующего устройства! Замена заголовка из резервной копии может повредить\n" "данные на этом устройстве!" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1434,50 +1462,50 @@ "ПРЕДУПРЕЖДЕНИЕ: на устройстве обнаружено незаконченное отложенное (offline)\n" "перешифрование! Замена заголовка из резервной копии может повредить данные." -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "Неизвестный флаг %s игнорируется." -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Отсутствует ключ для сегмента dm-crypt %u" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "Ошибка при задании сегмента dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "Ошибка при задании сегмента dm-linear." -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "Неподдерживаемые настройки целостности устройства." -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Выполняется перешифрование. Невозможно деактивировать устройство." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Не удалось заменить приостановленное устройство %s на цель dm-error." -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "Ошибка при чтении требований LUKS2." -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "Обнаружены неудовлетворяемые требования LUKS2." -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Операция не совместима с устройством, отмеченным для устаревшего перешифрования. Прерываемся." -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Операция не совместима с устройством, отмеченным для перешифрования LUKS2. Прерываемся." @@ -1489,20 +1517,21 @@ msgid "Keyslot open failed." msgstr "Ошибка открытия слота ключа." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Невозможно использовать шифр %s-%s для шифрования слота ключа." -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "Нет места для нового слота ключа." - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "Алгоритм хэширования %s недоступен." +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "Нет места для нового слота ключа." + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "Запрошена некорректная смена режима устойчивости перешифрования." @@ -1525,7 +1554,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Невозможно преобразовать заголовок с дополнительными метаданными LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Невозможно использовать шаблон шифра %s-%s для LUKS2." @@ -1583,240 +1612,244 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Невозможно преобразовать в формат LUKS1 — слот ключа %u несовместим с LUKS1." -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Размер hotzone должен быть кратен вычисленному выравниванию зоны (%zu байт)." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Размер устройства должен быть кратен вычисленному выравниванию зоны (%zu байт)." -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "Ошибка при инициализации старой сегментной обёртки хранилища." -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "Ошибка при инициализации новой сегментной обёртки хранилища." -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "Ошибка при инициализации защиты hotzone." -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "Ошибка чтения контрольных сумм текущей hotzone." -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Не удалось прочитать область hotzone начиная с %." -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Не удалось расшифровать сектор %zu." -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "Не удалось восстановить сектор %zu." -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Размеры устройств источника и назначения не совпадают. Источник %, назначение: %." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Ошибка при активации устройства hotzone %s." -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Ошибка при активации оверлейного устройства %s с действительной исходной таблицей." -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Ошибка при загрузке нового отображения устройства %s." -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "Ошибка при обновлении стека устройств перешифрования." -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "Ошибка при задании нового размера области слотов ключей." -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "Значение сдвига данных не выровнено к размеру сектора шифрования (% байт)." -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Неподдерживаемый режим устойчивости %s." -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "Размер перемещаемого сегмента не может быть больше значения сдвига данных." -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "Некорректные параметры устойчивости перешифрования." + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %, available space for: %." msgstr "Слишком большой перемещаемый сегмент. Запрошенный размер %, доступно место: %." -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "Ошибка очистки таблицы." -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "Размер сокращённых данных больше размера устройства." -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "Устройство данных не выровнено к размеру сектора шифрования (% байт)." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Сдвиг данных (% секторов) меньше чем будущее смещение данных (% секторов)." -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Ошибка при открытии %s в монопольном режиме (уже отображено или примонтировано)." -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "Устройство не отмечено для перешифрования LUKS2." -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "Ошибка при загрузке контекста перешифрования LUKS2." -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "Ошибка при получении состояния перешифрования." -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "Устройство не перешифровывается." -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "Процесс перешифрования уже запущен." -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "Ошибка при захвате блокировки перешифрования." -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Невозможно продолжить с перешифрованием. Сначала запустите восстановление перешифрования." -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "Активный размер устройства и запрошенный размер перешифрования не совпадают." -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "В параметрах перешифрования запрошен некорректный размер устройства." -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Выполняется перешифрование. Восстановление выполнить невозможно." -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Перешифрование LUKS2 уже инициализировано в метаданных." -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Не удалось инициализировать перешифрование LUKS2 в метаданных." -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Ошибка при назначении сегментов устройства для следующей hotzone перешифрования." -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "Ошибка при записи метаданных устойчивости перешифрования." -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "Не удалось расшифровать." -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Не удалось записать область hotzone начиная с %." -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "Ошибка синхронизации данных." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Ошибка при обновлении метаданных после завершения текущей hotzone перешифрования." -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "Ошибка при записи метаданных LUKS2." -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "Ошибка при затирании неиспользуемой области данных устройства." -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Ошибка при удалении неиспользуемого (непривязанного) слота ключа %d." -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "Ошибка при удалении слота ключа перешифрования." -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Критическая ошибка при перешифровании куска начиная с %, длиной в % секторов." -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "Оперативное перешифрование завершилось ошибкой." -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "Устройство не возобновит работу пока не будет заменено вручную с целью error." -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Невозможно продолжить с перешифрованием. Неожиданное состояние перешифрования." -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "Контекст перешифрования отсутствует или неверен." -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "Ошибка при инициализации стека устройства перешифрования." -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "Ошибка при обновлении контекста перешифрования." -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "Некорректные метаданные перешифрования." @@ -1824,18 +1857,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Параметры шифрования слота ключа могут задаваться только для устройства LUKS2." -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "Введите PIN токена:" +msgid "Enter token PIN: " +msgstr "Введите PIN токена: " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "Введите %d PIN токена:" +msgid "Enter token %d PIN: " +msgstr "Введите %d PIN токена: " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Обнаружено указание неизвестного шаблона шифра." @@ -1853,10 +1886,10 @@ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Обнаружены подпись(и) устройства на %s. Продолжение работы может повредить существующие данные." -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "Операция прервана.\n" @@ -1903,7 +1936,7 @@ "обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n" "Этот дамп следует всегда хранить зашифрованным в надёжном месте." -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1913,70 +1946,79 @@ "обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n" "Этот дамп нужно хранить зашифрованным в надёжном месте." -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Устройство %s не является корректным устройством FVAULT2." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Невозможно определить размер ключа тома FVAULT2, укажите параметр --key-size." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Устройство %s всё ещё активно и запланировано к отложенному удалению.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Для изменения размера активного устройства требуется ключ тома в связке ключей, но указан параметр --disable-keyring." -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "Оценка производительности прервана." -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s Н/Д\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u итераций в секунду для %zu-битного ключа\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s Н/Д\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u итераций, %5u памяти, %1u параллельных нитей (ЦП) для %zu-битного ключа (запрашивался %u мс)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "Результат оценки производительности ненадёжен." -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Тесты, использующие практически только память (без ввода-вывода на хранилище).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Алгоритм | Ключ | Шифрование | Расшифровка\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Шифр %s (%i-битный ключ) недоступен." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "" "# Algorithm | Key | Encryption | Decryption\n" "# Алгоритм | Ключ | Шифрование | Расшифровка\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "Н/Д" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -1985,27 +2027,27 @@ "что операция перешифрования желательна (смотрите вывод luksDump) и продолжайте\n" "(обновление метаданных) только, если это действительно ваше решение." -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Введите пароль защиты и обновления метаданных перешифрования: " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Действительно продолжить восстановление перешифрования LUKS2?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Введите пароль проверки дайджеста перешифрования метаданных: " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "Введите пароль восстановления перешифрования: " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "Действительно попробовать восстановить заголовок устройства LUKS?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2013,7 +2055,7 @@ "\n" "Затирание прервано." -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2021,119 +2063,128 @@ "Затирается устройство для инициализации целостности контрольной суммы.\n" "Вы можете прервать процесс нажав CTRL+c (остаток незатёртого устройства будет содержать некорректную контрольную сумму).\n" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Невозможно деактивировать временное устройство %s." -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "Параметр целостности можно использовать только в формате LUKS2." -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "Неподдерживаемый размер параметров метаданных LUKS2." -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "Файл заголовка не существует, создать?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "Невозможно создать файл заголовка %s." -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Обнаружено указание неизвестного шаблона целостности." -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Невозможно использовать %s в качестве заголовка для диска." -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Данные на %s будут перезаписаны без возможности восстановления." -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Ошибка при задании параметров pbkdf." -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Сокращение смещения данных допускается только для отсоединённого заголовка LUKS." -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "Файл контейнера LUKS %s слишком мал для активации, не хватает места для данных." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Невозможно определить размер ключа тома LUKS без слотов ключа, укажите параметр --key-size." -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "Устройство активировано, но нельзя сделать флаги постоянными." -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Для удаления выбран слот ключа %d." -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Это последний слот ключа. Устройство станет неработоспособным после вычистки этого ключа." -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "Введите любую оставшуюся парольную фразу: " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Операция прервана, слот ключа НЕ затёрт.\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "Введите удаляемую парольную фразу: " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Устройство %s не является корректным устройством LUKS2." -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "Введите новую парольную фразу для слота ключа: " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: для нового номера слота ключа используется параметр --key-slot.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Введите любую существующую парольную фразу: " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "Введите изменяемую парольную фразу: " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Введите новую парольную фразу: " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "Введите парольную фразу для преобразуемого слота ключа: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "Только одно устройство можно указать для операции isLuks." -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Слот ключа %d не содержит непривязанного ключа." -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2142,40 +2193,40 @@ "обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n" "Этот дамп нужно хранить зашифрованным в надёжном месте." -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "%s не является именем активного устройства %s." -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s не является именем активного устройства LUKS или отсутствует заголовок." -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "Параметр --header-backup-file является обязательным." -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s не является управляемым устройством cryptsetup." -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Обновление не поддерживается для устройств типа %s" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Нераспознанный тип метаданных устройства %s." -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "Для команды требуется задать устройство и имя отображения." -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2184,325 +2235,351 @@ "Эта операция сотрёт все слоты ключей на устройстве %s.\n" "Устройство станет неработоспособным после этой операции." -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Операция прервана, слоты ключа НЕ затёрты.\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Некорректный тип LUKS, поддерживаются только luks1 и luks2." -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "Устройство уже имеет тип %s." -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Данная операция преобразует формат %s в %s.\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "Операция прервана, устройство НЕ преобразовано.\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "Отсутствует параметр --priority, --label или --subsystem." -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "Некорректный токен %d." -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "Используется токен %d." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Ошибка при добавлении токена luks2-keyring %d." -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Ошибка при назначении токена %d слоту ключа %d." -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "Токен %d не используется." -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "Ошибка при импорте токена из файла." -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "Ошибка при получении токена %d для экспорта." -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Токен %d не назначен слоту ключа %d." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "Ошибка при отмене назначения токена %d слоту ключа %d." + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Параметр --tcrypt-hidden, --tcrypt-system или --tcrypt-backup поддерживается только для устройства TCRYPT." -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Параметр --veracrypt или --disable-veracrypt поддерживается только для устройств с типом TCRYPT." -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Параметр --veracrypt-pim поддерживается только для устройств, совместимых с VeraCrypt." -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Параметр --veracrypt-query-pim поддерживается только для устройств, совместимых с VeraCrypt." -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Параметры --veracrypt-pim и --veracrypt-query-pim взаимно исключают друг друга." -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Параметр --persistent не допускается одновременно указывать с --test-passphrase." -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Параметры --refresh и --test-passphrase взаимно исключают друг друга." -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "Параметр --shared допускается только для открытия устройства plain." -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Параметр --skip поддерживается только для открытия устройств plain и loopaes." -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Параметр --offset с действием open поддерживается только для устройств plain и loopaes." -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Параметр --tcrypt-hidden нельзя указывать вместе с --allow-discards." -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "Параметр размера сектора с действием open поддерживается только для устройств plain." -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Параметр больших секторов IV поддерживается только для открытия устройств типа plain с размером сектора более 512 байт." -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Параметр --test-passphrase допускается только для открытия устройств LUKS, TCRYPT и BITLK." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "Параметр --test-passphrase допускается только для открытия устройств LUKS, TCRYPT, BITLK и FVAULT2." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "Параметры --device-size и --size не допускается указывать вместе." -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "Параметр --unbound допускается только для открытия устройства luks." -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Параметр --unbound не допускается одновременно указывать с --test-passphrase." -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Параметры --cancel-deferred и --deferred не могут быть использованы одновременно." -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "Параметры ---reduce-device-size и --data-size не допускается указывать вместе." -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Параметр --active-name может задаваться только для устройства LUKS2." -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Параметры --active-name и --force-offline-reencrypt не допускается указывать вместе." -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "Требуется указать слот ключа." -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "Параметры --align-payload и --offset не допускается указывать вместе." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Параметр --integrity-no-wipe можно использовать только для действия format с расширением целостности." -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "Разрешено использовать только один параметр --use-[u]random." -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "С параметром --unbound требуется задать размер ключа." -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "Некорректный токен действия." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "Для добавления токена требуется параметр --key-description." -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "Для действия требуется указать токен. Используйте параметр --token-id." -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "Параметр --unbound можно использовать только при добавлении." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Параметры --key-slot и --unbound не допускается указывать вместе." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "Для действия требуется указать слот ключа. Используйте параметр --key-slot." + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr "<устройство> [--type <тип>] [<имя>]" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "открыть устройство как <имя>" -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "<имя>" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "закрыть устройство (удалить отображение)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "изменить размер активного устройства" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "показать состояние устройства" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "[--cipher <шифр>]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "оценка производительности шифра" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "<устройство>" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "попытаться исправить метаданные на диске" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "перешифровать устройство LUKS2" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "стереть все слоты ключей (удалить ключ шифрования)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "преобразовать LUKS из/в формат LUKS2" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "задать постоянные параметры настройки LUKS2" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr "<устройство> [<новый файл ключа>]" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "форматировать устройство LUKS" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "добавить ключ к устройству LUKS" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr "<устройство> [<файл ключа>]" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "удалить заданный ключ или файл ключа с устройства LUKS" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "изменить заданный ключ или файл ключа устройства LUKS" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "преобразовать ключ в новые параметры pbkdf" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr "<устройство> <слот ключа>" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "затереть ключ с номером <слот ключа> с устройства LUKS" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "напечатать UUID устройства LUKS" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "проверить <устройство> на наличие заголовка раздела LUKS" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "выгрузить в дамп информацию о разделе LUKS" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "выгрузить в дамп информацию об устройстве TCRYPT" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "выгрузить в дамп информацию об устройстве BITLK" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "выгрузить в дамп информацию об устройстве FVAULT2" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Приостановить устройство LUKS и затереть ключ (заморозка операций ввода-вывода)" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "Возобновить работу приостановленного устройства LUKS" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "Сделать резервную копию заголовка и слотов ключей устройства LUKS" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "Восстановить заголовок и слоты ключей устройства LUKS" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr " <устройство>" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "Управление токенами LUKS2" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2510,19 +2587,19 @@ "\n" "<действие> может быть:\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "Также можно использовать псевдонимы старого синтаксиса <действия>:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2537,7 +2614,7 @@ "<слот ключа> - номер слота ключа LUKS для изменения\n" "<файл ключа> - необязательный файл ключа для нового ключа для действия luksAddKey\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2546,7 +2623,7 @@ "\n" "Встроенным форматом по умолчанию для метаданных является %s (для действия luksFormat).\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2555,20 +2632,20 @@ "\n" "Модуль поддержки внешнего токена LUKS2 %s.\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "скомпилирован" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Путь к модулю поддержки внешнего токена LUKS2: %s.\n" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "выключен" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2585,7 +2662,7 @@ "PBKDF по умолчанию для LUKS2: %s\n" "\tВремя итерации: %d, Требуемая память: %dКБ, Кол-во параллельных нитей: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2600,96 +2677,96 @@ "\tplain: %s, Ключ: %d бит, хэширование пароля: %s\n" "\tLUKS: %s, Ключ: %d бит, хэширование заголовка LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: Размер ключа по умолчанию в режиме XTS (два внутренних ключа) будет удвоен.\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: требуется %s в качестве аргументов" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Некорректный слот ключа." -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "Размер устройства должен быть кратен 512 байтовому сектору." -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "Неправильный максимальный размер перешифрования hotzone." -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "Размер ключа должен быть кратен 8-ми битам" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "Максимальный размер сокращения устройства равен 1 ГиБ." -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Размер сокращения должен быть кратен 512 байтовому сектору." -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Значением параметра --priority может быть только ignore/normal/prefer." -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "Показать это сообщение" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Показать краткие инструкции" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "Показать версию пакета" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "Параметры справки:" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[ПАРАМЕТР…] <действие> <данные для действия>" -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "Не задан параметр <действие>." -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "Неизвестное действие." -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Параметр --key-file имеет приоритет над указанным значением файла ключа." -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "Разрешено указывать только один параметр --key-file." -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Производной функцией на основе пароля для ключа (PBKDF) может быть только pbkdf2 или argon2i/argon2id." -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Принудительные итерации PBKDF нельзя объединять вместе с параметром времени итерации." -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Параметры --keyslot-cipher и --keyslot-key-size нельзя использовать вместе." -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Без выполнения. Вызвано с параметром --test-args.\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "Невозможно выключить блокировку метаданных." @@ -2717,72 +2794,72 @@ msgid "Cannot write to root hash file %s." msgstr "Невозможно записать файл корневого хэша %s." -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "Устройство %s не является корректным устройством VERITY." -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "Невозможно прочитать файл корневого хэша %s." -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "Некорректный файл корневого хэша %s." -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "Указана недопустимая строка корневого хэша." -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "Неверный файл подписи %s." -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "Невозможно прочитать файл подписи %s." -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "Для параметра <корневой_хэш> или --root-hash-file требуется указать команду." -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr "<устройство_данных> <устройство_хэша>" -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "отформатировать устройство" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr "<устройство_данных> <устройство_хэша> [<корневой_хэш>]" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "проверить устройство" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr "<устройство_данных> <имя> <устройство_хэша> [<корневой_хэш>]" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "показать состояние активного устройства" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "<устройство_хэша>" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "показать информацию на диске" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2797,7 +2874,7 @@ "<устройство_хэша> — устройство, содержащее проверочные данные\n" "<корневой_хэш> — хэш корневого узла на <устройстве_хэша>\n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2808,11 +2885,11 @@ "Встроенные параметры dm-verity по умолчанию:\n" "\tХэш: %s, Блок данных (байт): %u, Блок хэша (байт): %u, Размер соли: %u, Формат хэша: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Параметры --ignore-corruption и --restart-on-corruption нельзя использовать вместе." -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Параметры ---panic-on-corruption и --restart-on-corruption нельзя использовать вместе." @@ -3098,7 +3175,7 @@ msgid "Finished, time %s, %s, %s\n" msgstr "Выполнено, время %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "Невозможно проверить стойкость пароля: %s" @@ -3112,42 +3189,42 @@ "Ошибка при проверке стойкости пароля:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Ошибка при проверке стойкости пароля: некорректная парольная фраза (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "Ошибка чтения парольной фразы с терминала." -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "Парольная фраза повторно: " -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "Парольные фразы не совпадают." -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "Невозможно использовать смещение при вводе с терминала." -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "Введите парольную фразу: " -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "Введите парольную фразу для %s: " -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "Ключ недоступен с этой парольной фразой." -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "Не найдено подходящего слота ключа." @@ -3221,41 +3298,51 @@ "Это может привести к потере данных, если устройство всё же активно.\n" "Для запуска перешифрования в оперативном режиме укажите параметр --active-name.\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Устройство %s не является блочным. Невозможно автоматически определить активно\n" +"оно или нет. Используйте --force-offline-reencrypt чтобы пропустить проверку и\n" +"запустить отложенный режим (опасно!)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Запрошенный параметр --resilience не может быть применён к текущей операции перешифрования." + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "Устройство зашифровывается не в LUKS2. Конфликт с параметром --encrypt." -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "Устройство расшифровывается не в LUKS2. Конфликт с параметром --dencrypt." -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "Устройство перешифровывается с использованием устойчивости datashift. Запрошенный параметр --resilience не может быть применён." -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "Запрошенный параметр --resilience не может быть применён к текущей операции перешифрования." - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "Устройству требуется восстановление перешифрования. Сначала запустите ремонт." -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Устройство %s уже в режиме перешифрования LUKS2. Хотите продолжить предыдущую операцию инициализации?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Устаревшее перешифрование LUKS2 больше не поддерживается." -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "Перешифрование устройства с профилем целостности не поддерживается." -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size % is incompatible with %s superblock\n" @@ -3264,98 +3351,103 @@ "Запрошенный --sector-size % несовместим с суперблоком %s\n" "(размер блока: % байт), который обнаружен на устройстве %s." -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Шифрование без отсоединённого заголовка (--header) невозможно без сокращения размера устройства данных (--reduce-device-size)." -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:525 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Запрошенное смещение данных должно быть меньше или равно половине значения параметра --reduce-device-size." -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:535 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" msgstr "Подгоняется значение --reduce-device-size под двукратный размер --offset % (секторов).\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Временный файл заголовка %s уже существует. Прекращение работы." -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "Невозможно создать временный файл заголовка %s." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Размер метаданных LUKS2 больше значения сдвига данных." -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Не удалось поместить новый заголовок в начало устройства %s." -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s теперь активен и готов для оперативного шифрования.\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "Активное устройство %s не является LUKS2." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "Восстановление первоначального заголовка LUKS2." -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "Не удалось восстановить первоначальный заголовок LUKS2." -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Файл заголовка %s не существует. Инициализировать расшифровку LUKS2 с устройства %s и экспортировать заголовок LUKS2 в файл %s?" + +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "Не удалось добавить/записать права в экспортируемый файл заголовка." -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Ошибка при инициализации перешифрования. Резервный заголовок доступен в %s." -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:873 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Расшифровка LUKS2 поддерживается только для устройства с отсоединённым заголовком (смещение данных равно 0)." -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "Для шифрования недостаточно свободных слотов ключей." -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Файл ключа можно использовать только с --key-slot или только при одном активном слоте." -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Введите парольную фразу для слота ключа %d: " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Введите парольную фразу для слота ключа %u: " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Переходим на алгоритм шифрования данных %s.\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Параметры сегмента данные не изменились. Перешифрование прервано." -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3363,7 +3455,7 @@ "Увеличение размера сектора шифрования на выключенном устройстве не поддерживается.\n" "Сначала включите устройство или используйте параметр --force-offline-reencrypt (опасно!)." -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3372,58 +3464,58 @@ "\n" "Перешифрование прервано." -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Продолжение перешифрования LUKS в принудительном отложенном режиме.\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Устройство %s содержит повреждённые метаданные LUKS. Прерывание операции." -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Устройство %s уже является устройством LUKS. Прерывание операции." -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Устройство %s уже находится в режиме перешифрования LUKS. Прерывание операции." -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "Для расшифровки LUKS2 требуется параметр --header." -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "Для команды требуется в аргументе указать устройство." -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Конфликтующие версии. Устройство %s использует LUKS1." -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Конфликтующие версии. Устройство %s в режиме перешифрования LUKS1." -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Конфликтующие версии. Устройство %s использует LUKS2." -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Конфликтующие версии. Устройство %s в режиме перешифрования LUKS2." -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Перешифрование LUKS2 уже инициализировано. Прекращение работы." -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "Перешифрование устройства в данный момент не выполняется." @@ -3528,28 +3620,28 @@ msgid "Provided UUID is invalid." msgstr "Указан некорректный UUID." -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "Невозможно открыть файл протокола перешифрования." -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "Расшифровка не выполняется, указанный UUID можно использовать только для возобновления приостановленного процесса расшифровки." -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Перешифрование изменит: %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "ключ тома" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr "установить хэш равным" -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr ", установить шифр равным" @@ -3774,6 +3866,18 @@ msgid "Public key authentication error: " msgstr "Ошибка при аутентификации по открытому ключу: " +#~ msgid "WARNING: Data offset is outside of currently available data device.\n" +#~ msgstr "ПРЕДУПРЕЖДЕНИЕ: смещение данных находится за пределами доступного в данный момент устройства данных.\n" + +#~ msgid "Cannot get process priority." +#~ msgstr "Невозможно получить приоритет процесса." + +#~ msgid "Cannot unlock memory." +#~ msgstr "Невозможно разблокировать память." + +#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions." +#~ msgstr "Будет создан блокирующий каталог %s/%s с правами по умолчанию, заданными при сборке программы." + #~ msgid "Failed to read BITLK signature from %s." #~ msgstr "Ошибка чтения подписи BITLK из %s." @@ -4177,9 +4281,6 @@ #~ msgid "Sector size option is not supported for this command." #~ msgstr "Параметр размера сектора не поддерживается этой командой." -#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions." -#~ msgstr "Параметр --unbound можно использовать только в действиях luksAddKey и luksDump." - #~ msgid "Option --refresh may be used only with open action." #~ msgstr "Параметр --refresh можно использовать только при действии open." @@ -4360,9 +4461,6 @@ #~ msgid "Read new volume (master) key from file" #~ msgstr "Прочитать новый (главный) ключ тома из файла" -#~ msgid "PBKDF2 iteration time for LUKS (in ms)" -#~ msgstr "Время итерации PBKDF2 для LUKS (мс)" - #~ msgid "Use direct-io when accessing devices" #~ msgstr "Использовать direct-io для доступа к устройствам" diff -Nru cryptsetup-2.5.0/po/sr.po cryptsetup-2.6.1/po/sr.po --- cryptsetup-2.5.0/po/sr.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/sr.po 2023-02-09 16:12:17.000000000 +0000 @@ -1,13 +1,14 @@ # Serbian translation for cryptsetup. # Copyright © 2014 Free Software Foundation, Inc. # This file is distributed under the same license as the cryptsetup package. -# Мирослав Николић , 2014–2021. +# Мирослав Николић , 2014–2022. +# msgid "" msgstr "" -"Project-Id-Version: cryptsetup-2.4.2-rc0\n" -"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2021-11-11 19:08+0100\n" -"PO-Revision-Date: 2021-12-11 19:03+0200\n" +"Project-Id-Version: cryptsetup-2.5.0-rc1\n" +"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" +"POT-Creation-Date: 2022-07-14 14:04+0200\n" +"PO-Revision-Date: 2022-09-08 05:02+0200\n" "Last-Translator: Мирослав Николић \n" "Language-Team: Serbian <(nothing)>\n" "Language: sr\n" @@ -17,67 +18,67 @@ "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: lib/libdevmapper.c:396 +#: lib/libdevmapper.c:417 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Не могу да покренем мапера уређаја, радим као обичан корисник." -#: lib/libdevmapper.c:399 +#: lib/libdevmapper.c:420 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Не могу да покренем мапера уређаја. Да ли је учитан модул кернела „dm_mod“?" -#: lib/libdevmapper.c:1170 +#: lib/libdevmapper.c:1171 msgid "Requested deferred flag is not supported." msgstr "Затражена одложена заставица није подржана." -#: lib/libdevmapper.c:1239 +#: lib/libdevmapper.c:1240 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "ДМ-УЈИБ за уређај „%s“ је скраћен." -#: lib/libdevmapper.c:1567 +#: lib/libdevmapper.c:1570 msgid "Unknown dm target type." msgstr "Непозната врста „dm“ мете." -#: lib/libdevmapper.c:1688 lib/libdevmapper.c:1693 lib/libdevmapper.c:1757 -#: lib/libdevmapper.c:1760 +#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 +#: lib/libdevmapper.c:1766 msgid "Requested dm-crypt performance options are not supported." msgstr "Затражене опције перформанси дм-шифровања нису подржане." -#: lib/libdevmapper.c:1700 lib/libdevmapper.c:1704 +#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Затражене опције рада оштећених података дм-веритија нису подржане." -#: lib/libdevmapper.c:1708 +#: lib/libdevmapper.c:1714 msgid "Requested dm-verity FEC options are not supported." msgstr "Затражене „dm-verity FEC“ опције нису подржане." -#: lib/libdevmapper.c:1712 +#: lib/libdevmapper.c:1718 msgid "Requested data integrity options are not supported." msgstr "Затражене опције целовитости података нису подржане." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1720 msgid "Requested sector_size option is not supported." msgstr "Затражене опције величине одељка нису подржане." -#: lib/libdevmapper.c:1719 lib/libdevmapper.c:1723 +#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Затражене опције самосталног прерачунавања ознака целовитости нису подржане." -#: lib/libdevmapper.c:1727 lib/libdevmapper.c:1763 lib/libdevmapper.c:1766 -#: lib/luks2/luks2_json_metadata.c:2204 +#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 +#: lib/luks2/luks2_json_metadata.c:2552 msgid "Discard/TRIM is not supported." msgstr "Одбацивање/ОДСЕЦАЊЕ није подржано." -#: lib/libdevmapper.c:1731 +#: lib/libdevmapper.c:1737 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Затражени режим битмапе дм-целовитости није подржан." -#: lib/libdevmapper.c:2705 +#: lib/libdevmapper.c:2763 #, c-format msgid "Failed to query dm-%s segment." msgstr "Нисам успео да пропитам „dm-%s“ подеок." -#: lib/random.c:75 +#: lib/random.c:74 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -85,24 +86,24 @@ "Систем је ван ентропије приликом стварања кључа волумена.\n" "Померите миша или откуцајте неки текст у другом прозору да прикупите неке насумичне догађаје.\n" -#: lib/random.c:79 +#: lib/random.c:78 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Стварам кључ (%d %% је урађено).\n" -#: lib/random.c:165 +#: lib/random.c:164 msgid "Running in FIPS mode." msgstr "Ради у „FIPS“ режиму." -#: lib/random.c:171 +#: lib/random.c:170 msgid "Fatal error during RNG initialisation." msgstr "Кобна грешка за време покретања „RNG“-а." -#: lib/random.c:208 +#: lib/random.c:207 msgid "Unknown RNG quality requested." msgstr "Затражен је непознат квалитет „RNG“-а." -#: lib/random.c:213 +#: lib/random.c:212 msgid "Error reading from RNG." msgstr "Грешка читања из „RNG“-а." @@ -114,7 +115,7 @@ msgid "Cannot initialize crypto backend." msgstr "Не могу да покренем позадинца криптографије." -#: lib/setup.c:263 lib/setup.c:2079 lib/verity/verity.c:119 +#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Хеш алгоритам „%s“ није подржан." @@ -128,7 +129,7 @@ msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Не могу да одредим врсту уређаја. Несагласно покретање уређаја?" -#: lib/setup.c:338 lib/setup.c:3142 +#: lib/setup.c:338 lib/setup.c:3221 msgid "This operation is supported only for LUKS device." msgstr "Ова радња је подржана само за ЛУКС уређај." @@ -136,7 +137,7 @@ msgid "This operation is supported only for LUKS2 device." msgstr "Ова радња је подржана само за ЛУКС2 уређај." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2440 +#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 msgid "All key slots full." msgstr "Сви утори кључева су пуни." @@ -150,7 +151,7 @@ msgid "Key slot %d is full, please select another one." msgstr "Утор кључа %d је пун, изаберите неки други." -#: lib/setup.c:522 lib/setup.c:2900 +#: lib/setup.c:522 lib/setup.c:2946 msgid "Device size is not aligned to device logical block size." msgstr "Величина уређаја није поравната на величину логичког блока уређаја." @@ -159,7 +160,8 @@ msgid "Header detected but device %s is too small." msgstr "Заглавље је откривено али уређај „%s“ је премали." -#: lib/setup.c:661 lib/setup.c:2845 +#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 +#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 msgid "This operation is not supported for this device type." msgstr "Ова радња није подржана за ову врсту уређаја." @@ -167,396 +169,418 @@ msgid "Illegal operation with reencryption in-progress." msgstr "Неисправна радња са поновним шифровањем је у току." -#: lib/setup.c:834 lib/luks1/keymanage.c:527 +#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 +#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 +#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 +#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 +#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 +#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Уређај „%s“ није исправан ЛУКС уређај." + +#: lib/setup.c:836 lib/luks1/keymanage.c:527 #, c-format msgid "Unsupported LUKS version %d." msgstr "Неподржано ЛУКС издање %d." -#: lib/setup.c:1430 lib/setup.c:2610 lib/setup.c:2683 lib/setup.c:2695 -#: lib/setup.c:2853 lib/setup.c:4643 +#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 +#: lib/setup.c:2859 lib/setup.c:4807 #, c-format msgid "Device %s is not active." msgstr "Уређај „%s“ није радан." -#: lib/setup.c:1447 +#: lib/setup.c:1448 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Основни уређај за криптографски уређај „%s“ је нестао." -#: lib/setup.c:1527 +#: lib/setup.c:1528 msgid "Invalid plain crypt parameters." msgstr "Неисправни параметри обичне криптографије." -#: lib/setup.c:1532 lib/setup.c:1982 +#: lib/setup.c:1533 lib/setup.c:1983 msgid "Invalid key size." msgstr "Неисправна величина кључа." -#: lib/setup.c:1537 lib/setup.c:1987 lib/setup.c:2190 +#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 msgid "UUID is not supported for this crypt type." msgstr "УЈИБ није подржан за ову врсту криптографије." -#: lib/setup.c:1542 lib/setup.c:1992 +#: lib/setup.c:1543 lib/setup.c:1993 msgid "Detached metadata device is not supported for this crypt type." msgstr "Откачени уређај метаподатака није подржан за ову врсту криптографије." -#: lib/setup.c:1552 lib/setup.c:1754 lib/luks2/luks2_reencrypt.c:2401 -#: src/cryptsetup.c:1358 src/cryptsetup.c:3723 +#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 +#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 msgid "Unsupported encryption sector size." msgstr "Неподржана величина одељка шифровања." -#: lib/setup.c:1560 lib/setup.c:1895 lib/setup.c:2894 +#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 msgid "Device size is not aligned to requested sector size." msgstr "Величина уређаја није поравната на затражену величину одељка." -#: lib/setup.c:1612 lib/setup.c:1732 +#: lib/setup.c:1613 lib/setup.c:1733 msgid "Can't format LUKS without device." msgstr "Не могу да обликујем ЛУКС без уређаја." -#: lib/setup.c:1618 lib/setup.c:1738 +#: lib/setup.c:1619 lib/setup.c:1739 msgid "Requested data alignment is not compatible with data offset." msgstr "Затражено поравнање података није сагласно са померајем података." -#: lib/setup.c:1686 lib/setup.c:1882 +#: lib/setup.c:1687 lib/setup.c:1883 msgid "WARNING: Data offset is outside of currently available data device.\n" msgstr "УПОЗОРЕЊЕ: Померај података је ван тренутно доступног уређаја података.\n" -#: lib/setup.c:1696 lib/setup.c:1912 lib/setup.c:1933 lib/setup.c:2202 +#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 #, c-format msgid "Cannot wipe header on device %s." msgstr "Не могу да обришем заглавље на уређају „%s“." -#: lib/setup.c:1763 +#: lib/setup.c:1774 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "УПОЗОРЕЊЕ: Покретање уређаја неће успети, „dm-crypt“-у недостаје подршка за затражену величину одељка шифровања.\n" -#: lib/setup.c:1786 +#: lib/setup.c:1797 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Кључ волумена је премали за шифровање са проширењима целовитости." -#: lib/setup.c:1856 +#: lib/setup.c:1857 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Шифрер %s-%s (величина кључа %zd бита) није доступан." -#: lib/setup.c:1885 +#: lib/setup.c:1886 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "УПОЗОРЕЊЕ: Величина ЛУКС2 метаподатака је промењена на % бајта.\n" -#: lib/setup.c:1889 +#: lib/setup.c:1890 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "УПОЗОРЕЊЕ: Величина области ЛУКС2 утора кључева је промењена на % бајта.\n" -#: lib/setup.c:1915 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:2451 lib/luks2/luks2_reencrypt.c:3488 +#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 #, c-format msgid "Device %s is too small." msgstr "Уређај „%s“ је премали." -#: lib/setup.c:1926 lib/setup.c:1952 +#: lib/setup.c:1927 lib/setup.c:1953 #, c-format msgid "Cannot format device %s in use." msgstr "Не могу да обликујем уређај „%s“ у употреби." -#: lib/setup.c:1929 lib/setup.c:1955 +#: lib/setup.c:1930 lib/setup.c:1956 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Не могу да обликујем уређај „%s“, овлашћење је одбијено." -#: lib/setup.c:1941 lib/setup.c:2262 +#: lib/setup.c:1942 lib/setup.c:2263 #, c-format msgid "Cannot format integrity for device %s." msgstr "Не могу да обликујем целовитост за уређај „%s“." -#: lib/setup.c:1959 +#: lib/setup.c:1960 #, c-format msgid "Cannot format device %s." msgstr "Не могу да обликујем уређај „%s“." -#: lib/setup.c:1977 +#: lib/setup.c:1978 msgid "Can't format LOOPAES without device." msgstr "Не могу да обликујем „LOOPAES“ без уређаја." -#: lib/setup.c:2022 +#: lib/setup.c:2023 msgid "Can't format VERITY without device." msgstr "Не могу да обликујем „VERITY“ без уређаја." -#: lib/setup.c:2033 lib/verity/verity.c:102 +#: lib/setup.c:2034 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Неподржана врста „VERITY“ хеша %d." -#: lib/setup.c:2039 lib/verity/verity.c:110 +#: lib/setup.c:2040 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Неподржана величина блока „VERITY“." -#: lib/setup.c:2044 lib/verity/verity.c:74 +#: lib/setup.c:2045 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Неподржан померај хеша „VERITY“." -#: lib/setup.c:2049 +#: lib/setup.c:2050 msgid "Unsupported VERITY FEC offset." msgstr "Неподржан „VERITY FEC“ померај." -#: lib/setup.c:2073 +#: lib/setup.c:2074 msgid "Data area overlaps with hash area." msgstr "Област података се преклапа са облашћу хеша." -#: lib/setup.c:2098 +#: lib/setup.c:2099 msgid "Hash area overlaps with FEC area." msgstr "Област хеша се преклапа са „FEC“ облашћу." -#: lib/setup.c:2105 +#: lib/setup.c:2106 msgid "Data area overlaps with FEC area." msgstr "Област података се преклапа са „FEC“ облашћу." -#: lib/setup.c:2241 +#: lib/setup.c:2242 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "УПОЗОРЕЊЕ: Затражена величина ознаке %d бајта се разликује од излаза величине „%s“ (%d бајта).\n" -#: lib/setup.c:2320 +#: lib/setup.c:2321 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Затражена је непозната врста „%s“ криптографског уређаја." -#: lib/setup.c:2616 lib/setup.c:2688 lib/setup.c:2701 +#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 #, c-format msgid "Unsupported parameters on device %s." msgstr "Неподржани параметри на уређају „%s“." -#: lib/setup.c:2622 lib/setup.c:2708 lib/luks2/luks2_reencrypt.c:2503 -#: lib/luks2/luks2_reencrypt.c:2847 +#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 +#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 #, c-format msgid "Mismatching parameters on device %s." msgstr "Неодговарајући параметри на уређају „%s“." -#: lib/setup.c:2728 +#: lib/setup.c:2731 msgid "Crypt devices mismatch." msgstr "Криптографски уређаји се не поклапају." -#: lib/setup.c:2765 lib/setup.c:2770 lib/luks2/luks2_reencrypt.c:2143 -#: lib/luks2/luks2_reencrypt.c:3255 +#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 +#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 #, c-format msgid "Failed to reload device %s." msgstr "Нисам успео поново да учитам уређај „%s“." -#: lib/setup.c:2776 lib/setup.c:2782 lib/luks2/luks2_reencrypt.c:2114 -#: lib/luks2/luks2_reencrypt.c:2121 +#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 +#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 #, c-format msgid "Failed to suspend device %s." msgstr "Нисам успео да обуставим уређај „%s“." -#: lib/setup.c:2788 lib/luks2/luks2_reencrypt.c:2128 -#: lib/luks2/luks2_reencrypt.c:3190 lib/luks2/luks2_reencrypt.c:3259 +#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 +#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 +#: lib/luks2/luks2_reencrypt.c:4011 #, c-format msgid "Failed to resume device %s." msgstr "Нисам успео да наставим са уређајем „%s“." -#: lib/setup.c:2803 +#: lib/setup.c:2806 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Кобна грешка приликом поновног учитавања уређаја „%s“ (на врху уређаја „%s“)." -#: lib/setup.c:2806 lib/setup.c:2808 +#: lib/setup.c:2809 lib/setup.c:2811 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Нисам успео да променим уређај „%s“ на дм-грешку." -#: lib/setup.c:2885 +#: lib/setup.c:2891 msgid "Cannot resize loop device." msgstr "Не могу да променим величину уређаја петље." -#: lib/setup.c:2958 +#: lib/setup.c:2931 +msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" +msgstr "" +"УПОЗОРЕЊЕ: Највећа величина је већ постављена или кернел не подржава промену величине.\n" +"\n" + +#: lib/setup.c:2989 +msgid "Resize failed, the kernel doesn't support it." +msgstr "Промена величине није успела, кернел је не подржава." + +#: lib/setup.c:3021 msgid "Do you really want to change UUID of device?" msgstr "Да ли стварно желите да измените УЈИБ уређаја?" -#: lib/setup.c:3034 +#: lib/setup.c:3113 msgid "Header backup file does not contain compatible LUKS header." msgstr "Датотека резерве заглавља не садржи сагласно ЛУКС заглавље." -#: lib/setup.c:3150 +#: lib/setup.c:3229 #, c-format msgid "Volume %s is not active." msgstr "Волумен „%s“ није радан." -#: lib/setup.c:3161 +#: lib/setup.c:3240 #, c-format msgid "Volume %s is already suspended." msgstr "Волумен „%s“ је већ обустављен." -#: lib/setup.c:3174 +#: lib/setup.c:3253 #, c-format msgid "Suspend is not supported for device %s." msgstr "Обустављање није подржано за уређај „%s“." -#: lib/setup.c:3176 +#: lib/setup.c:3255 #, c-format msgid "Error during suspending device %s." msgstr "Грешка за време обустављања уређаја „%s“." -#: lib/setup.c:3212 +#: lib/setup.c:3290 #, c-format msgid "Resume is not supported for device %s." msgstr "Настављање није подржано за уређај „%s“." -#: lib/setup.c:3214 +#: lib/setup.c:3292 #, c-format msgid "Error during resuming device %s." msgstr "Грешка за време настављања уређаја „%s“." -#: lib/setup.c:3248 lib/setup.c:3296 lib/setup.c:3366 +#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 +#: src/cryptsetup.c:2207 #, c-format msgid "Volume %s is not suspended." msgstr "Волумен „%s“ није обустављен." -#: lib/setup.c:3381 lib/setup.c:3750 lib/setup.c:4423 lib/setup.c:4436 -#: lib/setup.c:4444 lib/setup.c:4457 lib/setup.c:4826 lib/setup.c:6008 +#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 +#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 msgid "Volume key does not match the volume." msgstr "Кључ волумена не одговара волумену." -#: lib/setup.c:3428 lib/setup.c:3633 +#: lib/setup.c:3540 lib/setup.c:3745 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Не могу да додам утор кључа, сви утори су искључени а није обезбеђен ниједан кључ волумена." -#: lib/setup.c:3585 +#: lib/setup.c:3697 msgid "Failed to swap new key slot." msgstr "Нисам успео да разменим нови утор кључа." -#: lib/setup.c:3771 +#: lib/setup.c:3883 #, c-format msgid "Key slot %d is invalid." msgstr "Утор кључа „%d“ није исправан." -#: lib/setup.c:3777 src/cryptsetup.c:1701 src/cryptsetup.c:2041 -#: src/cryptsetup.c:2632 src/cryptsetup.c:2689 +#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 +#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 #, c-format msgid "Keyslot %d is not active." msgstr "Утор кључа „%d“ није радан." -#: lib/setup.c:3796 +#: lib/setup.c:3908 msgid "Device header overlaps with data area." msgstr "Заглавље уређаја се преклапа са облашћу података." -#: lib/setup.c:4089 +#: lib/setup.c:4213 msgid "Reencryption in-progress. Cannot activate device." msgstr "Поновно шифровање је у току. Не могу да активирам уређај." -#: lib/setup.c:4091 lib/luks2/luks2_json_metadata.c:2287 -#: lib/luks2/luks2_reencrypt.c:2946 +#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 +#: lib/luks2/luks2_reencrypt.c:3565 msgid "Failed to get reencryption lock." msgstr "Нисам успео да добавим закључавање поновног шифровања." -#: lib/setup.c:4104 lib/luks2/luks2_reencrypt.c:2965 +#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 msgid "LUKS2 reencryption recovery failed." msgstr "Опоравак ЛУКС2 поновног шифровања није успело." -#: lib/setup.c:4235 lib/setup.c:4500 +#: lib/setup.c:4396 lib/setup.c:4661 msgid "Device type is not properly initialized." msgstr "Врста уређаја није исправно покренута." -#: lib/setup.c:4283 +#: lib/setup.c:4444 #, c-format msgid "Device %s already exists." msgstr "Већ постоји уређај „%s“." -#: lib/setup.c:4290 +#: lib/setup.c:4451 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Не могу да користим уређај „%s“, назив није исправан или је још у употреби." -#: lib/setup.c:4410 +#: lib/setup.c:4571 msgid "Incorrect volume key specified for plain device." msgstr "Наведен је неисправан кључ волумена за обичан уређај." -#: lib/setup.c:4526 +#: lib/setup.c:4687 msgid "Incorrect root hash specified for verity device." msgstr "Наведен је неисправан хеш корена за уређај тачности." -#: lib/setup.c:4533 +#: lib/setup.c:4697 msgid "Root hash signature required." msgstr "Потпис хеша корена је потребан." -#: lib/setup.c:4542 +#: lib/setup.c:4706 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Привезак кључева кернела недостаје: потребан је за прослеђивање потписа кернелу." -#: lib/setup.c:4559 lib/setup.c:6084 +#: lib/setup.c:4723 lib/setup.c:6218 msgid "Failed to load key in kernel keyring." msgstr "Нисам успео да учитам кључ у привеску кључева кернела." -#: lib/setup.c:4615 +#: lib/setup.c:4779 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Не могу да откажем различно уклањање из уређаја „%s“." -#: lib/setup.c:4622 lib/setup.c:4638 lib/luks2/luks2_json_metadata.c:2340 -#: src/cryptsetup.c:2785 +#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Уређај „%s“ је још увеку употреби." -#: lib/setup.c:4647 +#: lib/setup.c:4811 #, c-format msgid "Invalid device %s." msgstr "Неисправан уређај „%s“." -#: lib/setup.c:4763 +#: lib/setup.c:4927 msgid "Volume key buffer too small." msgstr "Међумеморија кључа волумена је премала." -#: lib/setup.c:4771 +#: lib/setup.c:4935 msgid "Cannot retrieve volume key for plain device." msgstr "Не могу да довучем кључ волумена за обичан уређај." -#: lib/setup.c:4788 +#: lib/setup.c:4952 msgid "Cannot retrieve root hash for verity device." msgstr "Не могу да довучем хеш корена за уређај тачности." -#: lib/setup.c:4792 +#: lib/setup.c:4956 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Ова радња није подржана за криптографски уређај „%s“." -#: lib/setup.c:4998 lib/setup.c:5009 +#: lib/setup.c:5130 lib/setup.c:5141 msgid "Dump operation is not supported for this device type." msgstr "Радња исписа није подржана за ову врсту уређаја." -#: lib/setup.c:5337 +#: lib/setup.c:5471 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Померај података није умножак %u бајта." -#: lib/setup.c:5622 +#: lib/setup.c:5756 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Не могу да преобратим уређај „%s“ који је још увек у употреби." -#: lib/setup.c:5941 +#: lib/setup.c:6075 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Нисам успео да доделим утор кључа „%u“ као нови кључ волумена." -#: lib/setup.c:6014 +#: lib/setup.c:6148 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Нисам успео да покренем основне параметре ЛУКС2 утора кључа." -#: lib/setup.c:6020 +#: lib/setup.c:6154 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Нисам успео да доделим утор кључа „%d“ за преглед." -#: lib/setup.c:6151 +#: lib/setup.c:6285 msgid "Kernel keyring is not supported by the kernel." msgstr "Привезак кључева кернела није подржан кернелом." -#: lib/setup.c:6161 lib/luks2/luks2_reencrypt.c:3062 +#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Нисам успео да прочитам пропусну реч из привеска кључа (грешка %d)." -#: lib/setup.c:6185 +#: lib/setup.c:6319 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Нисам успео да остварим опште закључавање серијализације приступа чврстој меморији." @@ -584,8 +608,8 @@ msgid "Cannot seek to requested keyfile offset." msgstr "Не могу да премотам на затражени померај датотеке кључа." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:219 -#: src/utils_password.c:231 +#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Нестало је меморије приликом читања пропусне речи." @@ -606,7 +630,7 @@ msgstr "Не могу да прочитам затражену количину података." #: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 #, c-format msgid "Device %s does not exist or access denied." msgstr "Уређај „%s“ не постоји или је приступ одбијен." @@ -736,12 +760,12 @@ msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Закључавање је прекинуто. Путања закључавања „%s/%s“ је неискористива („%s“ није директоријум)." -#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:922 -#: src/cryptsetup_reencrypt.c:1010 +#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Не могу да премотам на померај уређаја." -#: lib/utils_wipe.c:208 +#: lib/utils_wipe.c:247 #, c-format msgid "Device wipe error, offset %." msgstr "Грешка брисања уређаја, померај %." @@ -765,7 +789,7 @@ #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 #: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1276 lib/luks2/luks2_keyslot.c:740 +#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Не могу да пишем на уређај „%s“, овлашћење је одбијено." @@ -779,17 +803,17 @@ msgstr "Нисам успео да приступм привременом уређају смештаја кључа." #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "Грешка УИ приликом шифровања утора кључа." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:677 -#: lib/verity/verity.c:80 lib/verity/verity.c:193 lib/verity/verity_hash.c:320 +#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 +#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 #: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:251 lib/verity/verity_fec.c:263 -#: lib/verity/verity_fec.c:268 lib/luks2/luks2_json_metadata.c:1279 -#: src/cryptsetup_reencrypt.c:177 src/cryptsetup_reencrypt.c:189 +#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 +#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 +#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Не могу да отворим уређај „%s“." @@ -810,43 +834,32 @@ msgid "LUKS keyslot %u is invalid." msgstr "ЛУКС утор кључа „%u“ није исправан." -#: lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1107 src/cryptsetup.c:1557 -#: src/cryptsetup.c:1688 src/cryptsetup.c:1743 src/cryptsetup.c:1798 -#: src/cryptsetup.c:1863 src/cryptsetup.c:1966 src/cryptsetup.c:2030 -#: src/cryptsetup.c:2259 src/cryptsetup.c:2472 src/cryptsetup.c:2532 -#: src/cryptsetup.c:2597 src/cryptsetup.c:2741 src/cryptsetup.c:3423 -#: src/cryptsetup.c:3432 src/cryptsetup_reencrypt.c:1373 -#, c-format -msgid "Device %s is not a valid LUKS device." -msgstr "Уређај „%s“ није исправан ЛУКС уређај." - -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1124 +#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 #, c-format msgid "Requested header backup file %s already exists." msgstr "Затражена датотека резерве заглавља „%s“ већ постоји." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1126 +#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 #, c-format msgid "Cannot create header backup file %s." msgstr "Не могу да направим резервну датотеку заглавља „%s“." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1133 +#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 #, c-format msgid "Cannot write header backup file %s." msgstr "Не могу да запишем резервну датотеку заглавља „%s“." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1185 +#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 msgid "Backup file does not contain valid LUKS header." msgstr "Датотека резерве не садржи исправно ЛУКС заглавље." #: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1206 +#: lib/luks2/luks2_json_metadata.c:1351 #, c-format msgid "Cannot open header backup file %s." msgstr "Не могу да отворим резервну датотеку заглавља „%s“." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1214 +#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 #, c-format msgid "Cannot read header backup file %s." msgstr "Не могу да прочитам резервну датотеку заглавља „%s“." @@ -868,7 +881,7 @@ msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "већ садржи ЛУКС заглавље. Замена заглавља ће уништити постојеће уторе кључева." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1248 +#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -942,7 +955,7 @@ msgid "LUKS hash %s is invalid." msgstr "ЛУКС хеш „%s“ није исправан." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1243 +#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 msgid "No known problems detected for LUKS header." msgstr "Нису откривени познати проблеми за ЛУКС заглавље." @@ -961,8 +974,8 @@ msgstr "Померај података за ЛУКС заглавље мора бити или 0 или већи од величине заглавља." #: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1015 -#: src/cryptsetup.c:2904 +#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 +#: src/utils_reencrypt.c:475 msgid "Wrong LUKS UUID format provided." msgstr "Достављен је погрешан запис ЛУКС УЈИБ-а." @@ -995,7 +1008,7 @@ msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Утор кључа %d није исправан, изаберите га између 0 и %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:744 +#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Не могу да обришем уређај „%s“." @@ -1026,205 +1039,213 @@ msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Премашена је највећа дужина „TCRYPT“ пропусне речи (%zu)." -#: lib/tcrypt/tcrypt.c:602 +#: lib/tcrypt/tcrypt.c:601 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "„PBKDF2“ алгоритам хеша „%s“ није доступан, прескачем." -#: lib/tcrypt/tcrypt.c:618 src/cryptsetup.c:1110 +#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 msgid "Required kernel crypto interface not available." msgstr "Није доступно затражено сучеље криптографије језгра." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1112 +#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Уверите се да је учитан модул кернела „algif_skcipher“." -#: lib/tcrypt/tcrypt.c:760 +#: lib/tcrypt/tcrypt.c:763 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Покретање није подржано за величину %d области." -#: lib/tcrypt/tcrypt.c:766 +#: lib/tcrypt/tcrypt.c:769 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Језгро не подржава покретање за овај стари „TCRYPT“ режим." -#: lib/tcrypt/tcrypt.c:797 +#: lib/tcrypt/tcrypt.c:800 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Покрећем „TCRYPT“ систем шифровања за партицију „%s“." -#: lib/tcrypt/tcrypt.c:875 +#: lib/tcrypt/tcrypt.c:883 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Кернел не подржава мапирање сагласно са „TCRYPT“-ом." -#: lib/tcrypt/tcrypt.c:1088 +#: lib/tcrypt/tcrypt.c:1096 msgid "This function is not supported without TCRYPT header load." msgstr "Ова функција није подржана без учитавања „TCRYPT“ заглавља." -#: lib/bitlk/bitlk.c:350 +#: lib/bitlk/bitlk.c:275 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Нађох неочекивану врсту уноса метаподатака „%u“ приликом обраде подржаног главног кључа волумена." -#: lib/bitlk/bitlk.c:397 +#: lib/bitlk/bitlk.c:328 msgid "Invalid string found when parsing Volume Master Key." msgstr "Нађох неисправну ниску приликом обраде главног кључа волумена." -#: lib/bitlk/bitlk.c:402 +#: lib/bitlk/bitlk.c:332 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Нађох неочекивану ниску („%s“) приликом обраде подржаног главног кључа волумена." -#: lib/bitlk/bitlk.c:419 +#: lib/bitlk/bitlk.c:349 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "Нађох неочекивану вредност уноса метаподатака „%u“ приликом обраде подржаног главног кључа волумена." -#: lib/bitlk/bitlk.c:502 -#, c-format -msgid "Failed to read BITLK signature from %s." -msgstr "Нисам успео да прочитам „BITLK“ потпис из „%s“." - -#: lib/bitlk/bitlk.c:514 -msgid "Invalid or unknown signature for BITLK device." -msgstr "Неисправан или непознат потпис за „BITLK“ уређај." - -#: lib/bitlk/bitlk.c:520 +#: lib/bitlk/bitlk.c:451 msgid "BITLK version 1 is currently not supported." msgstr "„BITLK“ издање 1 тренутно није подржано." -#: lib/bitlk/bitlk.c:526 +#: lib/bitlk/bitlk.c:457 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Неисправан или непознат потпис учитавања за „BITLK“ уређај." -#: lib/bitlk/bitlk.c:538 +#: lib/bitlk/bitlk.c:469 #, c-format msgid "Unsupported sector size %." msgstr "Неподржана величина одељка „%“." -#: lib/bitlk/bitlk.c:546 +#: lib/bitlk/bitlk.c:477 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Нисам успео да прочитам „BITLK“ заглавље из „%s“." -#: lib/bitlk/bitlk.c:571 +#: lib/bitlk/bitlk.c:502 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Нисам успео да прочитам „BITLK FVE“ метаподатаке из „%s“." -#: lib/bitlk/bitlk.c:622 +#: lib/bitlk/bitlk.c:554 msgid "Unknown or unsupported encryption type." msgstr "Непозната или неподржана врста криптографије." -#: lib/bitlk/bitlk.c:655 +#: lib/bitlk/bitlk.c:587 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Нисам успео да прочитам уносе „BITLK“ метаподатака из „%s“." -#: lib/bitlk/bitlk.c:897 +#: lib/bitlk/bitlk.c:681 +msgid "Failed to convert BITLK volume description" +msgstr "Нисам успео да претворим опис „BITLK“ волумена" + +#: lib/bitlk/bitlk.c:841 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Нађох неочекивану врсту уноса метаподатака „%u“ приликом обраде спољног кључа." -#: lib/bitlk/bitlk.c:912 +#: lib/bitlk/bitlk.c:860 +#, c-format +msgid "BEK file GUID '%s' does not match GUID of the volume." +msgstr "ГУИД „%s“ датотеке „BEK“ не одговара ГУИД-у волумена." + +#: lib/bitlk/bitlk.c:864 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Нађох неочекивану вредност уноса метаподатака „%u“ приликом обраде спољног кључа." -#: lib/bitlk/bitlk.c:950 +#: lib/bitlk/bitlk.c:903 #, c-format msgid "Unsupported BEK metadata version %" msgstr "Неподржани „BEK“ метаподаци издање %" -#: lib/bitlk/bitlk.c:955 +#: lib/bitlk/bitlk.c:908 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "Неочекивана величина „BEK“ метаподатака % не одговара величини „BEK“ датотеке" -#: lib/bitlk/bitlk.c:980 +#: lib/bitlk/bitlk.c:933 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Нађох неочекивану врсту уноса метаподатака приликом обраде кључа почретања." -#: lib/bitlk/bitlk.c:1071 +#: lib/bitlk/bitlk.c:1029 msgid "This operation is not supported." msgstr "Радња није подржана." -#: lib/bitlk/bitlk.c:1079 +#: lib/bitlk/bitlk.c:1037 msgid "Unexpected key data size." msgstr "Неочекивана величина података кључа." -#: lib/bitlk/bitlk.c:1205 +#: lib/bitlk/bitlk.c:1163 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Овај „BITLK“ уређај је у неподржаном стању и не може бити активиран." -#: lib/bitlk/bitlk.c:1210 +#: lib/bitlk/bitlk.c:1168 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "„BITLK“ уређај са врстом „%s“ се не може активирати." -#: lib/bitlk/bitlk.c:1217 +#: lib/bitlk/bitlk.c:1175 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Активирање делимично дешифрованог „BITLK“ уређаја није подржано." -#: lib/bitlk/bitlk.c:1380 +#: lib/bitlk/bitlk.c:1216 +#, c-format +msgid "WARNING: BitLocker volume size % does not match the underlying device size %" +msgstr "УПОЗОРЕЊЕ: Величина волумена закључавача бита % не одговара величини садржаног уређаја %" + +#: lib/bitlk/bitlk.c:1343 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за „BITLK IV“." -#: lib/bitlk/bitlk.c:1384 +#: lib/bitlk/bitlk.c:1347 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за „BITLK Elephant“ дифузера." -#: lib/verity/verity.c:68 lib/verity/verity.c:179 +#: lib/bitlk/bitlk.c:1351 +msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." +msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за велику величину сектора." + +#: lib/bitlk/bitlk.c:1355 +msgid "Cannot activate device, kernel dm-zero module is missing." +msgstr "Не могу да активирам уређај, недостаје „dm-zero“ модул кернела." + +#: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." msgstr "Уређај тачности %s не користи заглавље на-диску." -#: lib/verity/verity.c:90 -#, c-format -msgid "Device %s is not a valid VERITY device." -msgstr "Уређај „%s“ није исправан „VERITY“ уређај." - -#: lib/verity/verity.c:97 +#: lib/verity/verity.c:96 #, c-format msgid "Unsupported VERITY version %d." msgstr "Неподржано издање „VERITY“ %d." -#: lib/verity/verity.c:128 +#: lib/verity/verity.c:131 msgid "VERITY header corrupted." msgstr "Заглавље „VERITY“ је оштећено." -#: lib/verity/verity.c:173 +#: lib/verity/verity.c:176 #, c-format msgid "Wrong VERITY UUID format provided on device %s." msgstr "Достављен је погрешан УЈИБ „VERITY“ запис на уређају „%s“." -#: lib/verity/verity.c:217 +#: lib/verity/verity.c:220 #, c-format msgid "Error during update of verity header on device %s." msgstr "Грешка приликом освежавања заглавља тачности на уређају „%s“." -#: lib/verity/verity.c:275 +#: lib/verity/verity.c:278 msgid "Root hash signature verification is not supported." msgstr "Провера хеш потписа корена није подржана." -#: lib/verity/verity.c:287 +#: lib/verity/verity.c:290 msgid "Errors cannot be repaired with FEC device." msgstr "Грешке се не могу поправити са „FEC“ уређајем." -#: lib/verity/verity.c:289 +#: lib/verity/verity.c:292 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "Нађох поправљиве грешке (%u) са „FEC“ уређајем." -#: lib/verity/verity.c:332 +#: lib/verity/verity.c:335 msgid "Kernel does not support dm-verity mapping." msgstr "Кернел не подржава мапирање дм-тачности." -#: lib/verity/verity.c:336 +#: lib/verity/verity.c:339 msgid "Kernel does not support dm-verity signature option." msgstr "Кернел не подржава опцију потписа дм-тачности." -#: lib/verity/verity.c:347 +#: lib/verity/verity.c:350 msgid "Verity device detected corruption after activation." msgstr "Уређај тачности је открио оштећење након покретања." @@ -1296,37 +1317,42 @@ msgid "Failed to write parity for RS block %." msgstr "Нисам успео да запишем паритет „RS“ блока %." -#: lib/verity/verity_fec.c:228 +#: lib/verity/verity_fec.c:208 msgid "Block sizes must match for FEC." msgstr "Величине блокова морају одговарати за „FEC“." -#: lib/verity/verity_fec.c:234 +#: lib/verity/verity_fec.c:214 msgid "Invalid number of parity bytes." msgstr "Неисправан број бајтова паритета." -#: lib/verity/verity_fec.c:239 +#: lib/verity/verity_fec.c:248 msgid "Invalid FEC segment length." msgstr "Неисправна дужина „FEC“ сегмента." -#: lib/verity/verity_fec.c:303 +#: lib/verity/verity_fec.c:316 #, c-format msgid "Failed to determine size for device %s." msgstr "Нисам успео да одредим величину за уређај „%s“." -#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355 +#: lib/integrity/integrity.c:57 +#, c-format +msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." +msgstr "Недоследни „dm-integrity“ метаподаци кернела (издање %u) су откривени на „%s“." + +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 msgid "Kernel does not support dm-integrity mapping." msgstr "Кернел не подржава мапирање дм-целовитости." -#: lib/integrity/integrity.c:278 +#: lib/integrity/integrity.c:283 msgid "Kernel does not support dm-integrity fixed metadata alignment." msgstr "Кернел не подржава поравнање фиксних метаподатака дм-целовитости." -#: lib/integrity/integrity.c:287 +#: lib/integrity/integrity.c:292 msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Кернел одбија да покрене небезбедну опцију поновног израчунавања (видите старе опције покретања да избегнете ово)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:973 -#: lib/luks2/luks2_json_metadata.c:1268 +#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 +#: lib/luks2/luks2_json_metadata.c:1413 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Нисам успео да остварим закључавање писања на уређају „%s“." @@ -1352,40 +1378,40 @@ msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "УПОЗОРЕЊЕ: област утора кључа (% бајта) је врло мала, доступан број ЛУКС2 утора кључа врло ограничен.\n" -#: lib/luks2/luks2_json_metadata.c:960 lib/luks2/luks2_json_metadata.c:1098 -#: lib/luks2/luks2_json_metadata.c:1174 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 +#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 #: lib/luks2/luks2_keyslot_luks2.c:114 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Нисам успео да остварим закључавање читања на уређају „%s“." -#: lib/luks2/luks2_json_metadata.c:1191 +#: lib/luks2/luks2_json_metadata.c:1336 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Забрањени ЛУКС2 захтеви су откривени у резерви „%s“." -#: lib/luks2/luks2_json_metadata.c:1232 +#: lib/luks2/luks2_json_metadata.c:1377 msgid "Data offset differ on device and backup, restore failed." msgstr "Померај података се разликује на уређају и резерви, враћање није успело." -#: lib/luks2/luks2_json_metadata.c:1238 +#: lib/luks2/luks2_json_metadata.c:1383 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Бинарно заглавље са областима утора кључа се разликује на уређају и резерви, враћање није успело." -#: lib/luks2/luks2_json_metadata.c:1245 +#: lib/luks2/luks2_json_metadata.c:1390 #, c-format msgid "Device %s %s%s%s%s" msgstr "Уређај %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1246 +#: lib/luks2/luks2_json_metadata.c:1391 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "не садржи ЛУКС2 заглавље. Замена заглавља може да уништи податке на том уређају." -#: lib/luks2/luks2_json_metadata.c:1247 +#: lib/luks2/luks2_json_metadata.c:1392 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "већ садржи „LUKS2“ заглавље. Замена заглавља ће уништити постојеће уторе кључева." -#: lib/luks2/luks2_json_metadata.c:1249 +#: lib/luks2/luks2_json_metadata.c:1394 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1395,7 +1421,7 @@ "УПОЗОРЕЊЕ: непознати ЛУКС2 захтеви су откривени у стварном заглављу уређаја!\n" "Замена заглавља резервом може оштетити податке на том уређају!" -#: lib/luks2/luks2_json_metadata.c:1251 +#: lib/luks2/luks2_json_metadata.c:1396 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1405,58 +1431,58 @@ "УПОЗОРЕЊЕ: Недовршено ван мрежно поновно шифровање је откривено на уређају!\n" "Замена заглавља резервом може оштетити податке." -#: lib/luks2/luks2_json_metadata.c:1349 +#: lib/luks2/luks2_json_metadata.c:1494 #, c-format msgid "Ignored unknown flag %s." msgstr "Занемарена непозната заставица „%s“." -#: lib/luks2/luks2_json_metadata.c:2054 lib/luks2/luks2_reencrypt.c:1843 +#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Недостаје кључ за „dm-crypt“ подеок %u" -#: lib/luks2/luks2_json_metadata.c:2066 lib/luks2/luks2_reencrypt.c:1857 +#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 msgid "Failed to set dm-crypt segment." msgstr "Нисам успео да подесим „dm-crypt“ подеок." -#: lib/luks2/luks2_json_metadata.c:2072 lib/luks2/luks2_reencrypt.c:1863 +#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 msgid "Failed to set dm-linear segment." msgstr "Нисам успео да подесим „dm-linear“ подеок." -#: lib/luks2/luks2_json_metadata.c:2199 +#: lib/luks2/luks2_json_metadata.c:2547 msgid "Unsupported device integrity configuration." msgstr "Неподржано подешавање целовитости уређаја." -#: lib/luks2/luks2_json_metadata.c:2285 +#: lib/luks2/luks2_json_metadata.c:2633 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Поновно шифровање је у току. Не могу да деактивирам уређај." -#: lib/luks2/luks2_json_metadata.c:2296 lib/luks2/luks2_reencrypt.c:3300 +#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Нисам успео да заменим обустављени уређај „%s“ са метом „dm-error“." -#: lib/luks2/luks2_json_metadata.c:2376 +#: lib/luks2/luks2_json_metadata.c:2724 msgid "Failed to read LUKS2 requirements." msgstr "Нисам успео да прочитам ЛУКС2 захтеве." -#: lib/luks2/luks2_json_metadata.c:2383 +#: lib/luks2/luks2_json_metadata.c:2731 msgid "Unmet LUKS2 requirements detected." msgstr "Неоствариви ЛУКС2 захтеви су откривени." -#: lib/luks2/luks2_json_metadata.c:2391 +#: lib/luks2/luks2_json_metadata.c:2739 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Радња је несагласна са уређајем означеним за старо поновно шифровање. Прекидам." -#: lib/luks2/luks2_json_metadata.c:2393 +#: lib/luks2/luks2_json_metadata.c:2741 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Радња је несагласна са уређајем означеним за ЛУКС2 поновно шифровање. Прекидам." -#: lib/luks2/luks2_keyslot.c:554 lib/luks2/luks2_keyslot.c:591 +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 msgid "Not enough available memory to open a keyslot." msgstr "Нема довољно доступне меморије за отварање утора кључа." -#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 msgid "Keyslot open failed." msgstr "Отварање утора кључа није успело." @@ -1465,348 +1491,406 @@ msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Не могу користити шифрер „%s-%s“ за шифровање утора кључа." -#: lib/luks2/luks2_keyslot_luks2.c:485 +#: lib/luks2/luks2_keyslot_luks2.c:496 msgid "No space for new keyslot." msgstr "Нема простора за нови утор кључа." -#: lib/luks2/luks2_luks1_convert.c:482 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#, c-format +msgid "Hash algorithm %s is not available." +msgstr "Алгоритам хеша „%s“ није доступан." + +#: lib/luks2/luks2_keyslot_reenc.c:593 +msgid "Invalid reencryption resilience mode change requested." +msgstr "Затражена је неисправна промена режима гипкости поновног шифровања." + +#: lib/luks2/luks2_keyslot_reenc.c:714 +#, c-format +msgid "Can not update resilience type. New type only provides % bytes, required space is: % bytes." +msgstr "Не могу да освежим врсту гипкости. Нова врста обезбеђује само % бајт(а), захтеван простор је: % бајт(а)." + +#: lib/luks2/luks2_keyslot_reenc.c:724 +msgid "Failed to refresh reencryption verification digest." +msgstr "Нисам успео да освежим упит потврђивања поновног шифровања." + +#: lib/luks2/luks2_luks1_convert.c:512 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Не могу да проверим стање уређаја са ујиб-ом: %s." -#: lib/luks2/luks2_luks1_convert.c:508 +#: lib/luks2/luks2_luks1_convert.c:538 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Не могу да претворим заглавље са „LUKSMETA“ додатним метаподацима." -#: lib/luks2/luks2_luks1_convert.c:548 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#, c-format +msgid "Unable to use cipher specification %s-%s for LUKS2." +msgstr "Не могу да користим спецификацију шифрера „%s-%s“ за ЛУКС2." + +#: lib/luks2/luks2_luks1_convert.c:584 msgid "Unable to move keyslot area. Not enough space." msgstr "Не могу да преместим област утора кључа. Нема довољно простора." -#: lib/luks2/luks2_luks1_convert.c:599 +#: lib/luks2/luks2_luks1_convert.c:619 +msgid "Cannot convert to LUKS2 format - invalid metadata." +msgstr "Не могу да претворим у ЛУКС2 запис – неисправни метаподаци." + +#: lib/luks2/luks2_luks1_convert.c:636 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Не могу да преместим област утора кључа. Област ЛУКС2 утора кључа је премала." -#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889 +#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 msgid "Unable to move keyslot area." msgstr "Не могу да преместим област утора кључа." -#: lib/luks2/luks2_luks1_convert.c:697 +#: lib/luks2/luks2_luks1_convert.c:732 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Не могу да претворим у ЛУКС1 запис – основна величина подеока 512 bytes." -#: lib/luks2/luks2_luks1_convert.c:705 +#: lib/luks2/luks2_luks1_convert.c:740 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Не могу да претворим у ЛУКС1 запис – прегледи утора кључа нису ЛУКС1 сагласни." -#: lib/luks2/luks2_luks1_convert.c:717 +#: lib/luks2/luks2_luks1_convert.c:752 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Не могу да претворим у ЛУКС1 запис – уређај користи умотаног шифрера кључа „%s“." -#: lib/luks2/luks2_luks1_convert.c:725 +#: lib/luks2/luks2_luks1_convert.c:757 +msgid "Cannot convert to LUKS1 format - device uses more segments." +msgstr "Не могу да претворим у ЛУКС2 запис – уређај користи више подеока." + +#: lib/luks2/luks2_luks1_convert.c:765 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Не могу да претворим у ЛУКС1 запис – ЛУКС2 заглавље садржи %u скупину(е)." -#: lib/luks2/luks2_luks1_convert.c:739 +#: lib/luks2/luks2_luks1_convert.c:779 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Не могу да претворим у ЛУКС1 запис – утор кључа %u је у неисправном стању." -#: lib/luks2/luks2_luks1_convert.c:744 +#: lib/luks2/luks2_luks1_convert.c:784 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Не могу да претворим у ЛУКС1 запис – утор %u (преко максимума утора) је још активан." -#: lib/luks2/luks2_luks1_convert.c:749 +#: lib/luks2/luks2_luks1_convert.c:789 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Не могу да претворим у ЛУКС1 запис – утор кључа %u није ЛУКС1 сагласан." -#: lib/luks2/luks2_reencrypt.c:993 +#: lib/luks2/luks2_reencrypt.c:1107 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Величина вруће зоне мора бити умножак прорачунатог поравнања зоне (%zu бајта)." -#: lib/luks2/luks2_reencrypt.c:998 +#: lib/luks2/luks2_reencrypt.c:1112 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Величина уређаја мора бити производ прорачунатог поравнања зоне (%zu бајта)." -#: lib/luks2/luks2_reencrypt.c:1042 -#, c-format -msgid "Unsupported resilience mode %s" -msgstr "Неподржан режим гипкости „%s“" - -#: lib/luks2/luks2_reencrypt.c:1259 lib/luks2/luks2_reencrypt.c:1414 -#: lib/luks2/luks2_reencrypt.c:1497 lib/luks2/luks2_reencrypt.c:1531 -#: lib/luks2/luks2_reencrypt.c:3140 +#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 +#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 +#: lib/luks2/luks2_reencrypt.c:3852 msgid "Failed to initialize old segment storage wrapper." msgstr "Нисам успео да покренем старог увијача смештаја подеока." -#: lib/luks2/luks2_reencrypt.c:1273 lib/luks2/luks2_reencrypt.c:1392 +#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 msgid "Failed to initialize new segment storage wrapper." msgstr "Нисам успео да покренем новог увијача смештаја подеока." -#: lib/luks2/luks2_reencrypt.c:1441 +#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +msgid "Failed to initialize hotzone protection." +msgstr "Нисам успео да покренем заштиту вруће зоне." + +#: lib/luks2/luks2_reencrypt.c:1532 msgid "Failed to read checksums for current hotzone." msgstr "Нисам успео да прочитам суму провере за текућу врућу зону." -#: lib/luks2/luks2_reencrypt.c:1448 lib/luks2/luks2_reencrypt.c:3148 +#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Нисам успео да прочитам област вруће зоне са почетком на %." -#: lib/luks2/luks2_reencrypt.c:1467 +#: lib/luks2/luks2_reencrypt.c:1558 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Нисам успео да дешифрујем област %zu." -#: lib/luks2/luks2_reencrypt.c:1473 +#: lib/luks2/luks2_reencrypt.c:1564 #, c-format msgid "Failed to recover sector %zu." msgstr "Нисам успео да опоравим област %zu." -#: lib/luks2/luks2_reencrypt.c:1956 +#: lib/luks2/luks2_reencrypt.c:2128 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Величине изворног и циљног уређаја не одговарају. Извор %, мета: %." -#: lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:2226 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Нисам успео да активирам уређај вруће зоне „%s“." -#: lib/luks2/luks2_reencrypt.c:2071 +#: lib/luks2/luks2_reencrypt.c:2243 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Нисам успео да активирам уређај преклапања „%s“ са стварном табелом порекла." -#: lib/luks2/luks2_reencrypt.c:2078 +#: lib/luks2/luks2_reencrypt.c:2250 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Нисам успео да учитам ново мапирање за уређај „%s“." -#: lib/luks2/luks2_reencrypt.c:2149 +#: lib/luks2/luks2_reencrypt.c:2321 msgid "Failed to refresh reencryption devices stack." msgstr "Нисам успео да освежим спремник уређаја поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:2309 +#: lib/luks2/luks2_reencrypt.c:2497 msgid "Failed to set new keyslots area size." msgstr "Нисам успео да подесим нову величину области утора кључа." -#: lib/luks2/luks2_reencrypt.c:2413 +#: lib/luks2/luks2_reencrypt.c:2633 +#, c-format +msgid "Data shift value is not aligned to encryption sector size (% bytes)." +msgstr "Вредност помака података није поравната на величину одељка шифровања (% бајта)." + +#: lib/luks2/luks2_reencrypt.c:2664 #, c-format -msgid "Data shift is not aligned to requested encryption sector size (% bytes)." -msgstr "Помак података није поравнат на захтевану величину одељка шифровања (% бајта)." +msgid "Unsupported resilience mode %s" +msgstr "Неподржан режим гипкости „%s“" + +#: lib/luks2/luks2_reencrypt.c:2741 +msgid "Moved segment size can not be greater than data shift value." +msgstr "Величина премештеног подеока не може бити већа од вредности помака података." + +#: lib/luks2/luks2_reencrypt.c:2799 +#, c-format +msgid "Moved segment too large. Requested size %, available space for: %." +msgstr "Премештени подеок је превелик. Захтевана величина је %, доступан простор за: %." + +#: lib/luks2/luks2_reencrypt.c:2886 +msgid "Failed to clear table." +msgstr "Нисам успео да очистим табелу." -#: lib/luks2/luks2_reencrypt.c:2434 +#: lib/luks2/luks2_reencrypt.c:2972 +msgid "Reduced data size is larger than real device size." +msgstr "Величина умањених података је већа од стварне величине уређаја." + +#: lib/luks2/luks2_reencrypt.c:2979 #, c-format -msgid "Data device is not aligned to requested encryption sector size (% bytes)." -msgstr "Уређај података није поравнат на захтевану величину одељка шифровања (% бајта)." +msgid "Data device is not aligned to encryption sector size (% bytes)." +msgstr "Уређај података није поравнат на величину одељка шифровања (% бајта)." -#: lib/luks2/luks2_reencrypt.c:2455 +#: lib/luks2/luks2_reencrypt.c:3013 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Помак података (% одељка) је мањи од будућег помераја података (% одељка)." -#: lib/luks2/luks2_reencrypt.c:2461 lib/luks2/luks2_reencrypt.c:2889 -#: lib/luks2/luks2_reencrypt.c:2910 +#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 +#: lib/luks2/luks2_reencrypt.c:3529 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Нисам успео да отворим „%s“ у искључивом режиму (већ мапиран или прикачен)." -#: lib/luks2/luks2_reencrypt.c:2629 +#: lib/luks2/luks2_reencrypt.c:3209 msgid "Device not marked for LUKS2 reencryption." msgstr "Уређај није означен за ЛУКС2 поновно шифровање." -#: lib/luks2/luks2_reencrypt.c:2635 lib/luks2/luks2_reencrypt.c:3415 +#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 msgid "Failed to load LUKS2 reencryption context." msgstr "Нисам успео да учитам контекст ЛУКС2 поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:2715 +#: lib/luks2/luks2_reencrypt.c:3306 msgid "Failed to get reencryption state." msgstr "Нисам успео да добавим стање поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:2719 +#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 msgid "Device is not in reencryption." msgstr "Уређај није у поновном шифровању." -#: lib/luks2/luks2_reencrypt.c:2726 +#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 msgid "Reencryption process is already running." msgstr "Процес поновног шифровања је већ покренут." -#: lib/luks2/luks2_reencrypt.c:2728 +#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 msgid "Failed to acquire reencryption lock." msgstr "Нисам успео да остварим закључавање поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:2746 +#: lib/luks2/luks2_reencrypt.c:3337 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Не могу да наставим са поновним шифровањем. Прво покрените опоравак поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:2860 +#: lib/luks2/luks2_reencrypt.c:3472 msgid "Active device size and requested reencryption size don't match." msgstr "Активна величина уређаја и величина затраженог поновног шифровања не одговарају." -#: lib/luks2/luks2_reencrypt.c:2874 +#: lib/luks2/luks2_reencrypt.c:3486 msgid "Illegal device size requested in reencryption parameters." msgstr "Неисправна величина уређаја је затражена у параметрима поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:2944 +#: lib/luks2/luks2_reencrypt.c:3563 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Поновно шифровање је у току. Не могу да обавим опоравак." -#: lib/luks2/luks2_reencrypt.c:3016 +#: lib/luks2/luks2_reencrypt.c:3732 msgid "LUKS2 reencryption already initialized in metadata." msgstr "ЛУКС2 поновно шифровање је већ покренуто у метаподацима." -#: lib/luks2/luks2_reencrypt.c:3023 +#: lib/luks2/luks2_reencrypt.c:3739 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Нисам успео да покренем ЛУКС2 поновно шифровање у метаподацима." -#: lib/luks2/luks2_reencrypt.c:3114 +#: lib/luks2/luks2_reencrypt.c:3834 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Нисам успео да поставим подеоке уређаја за следећу врућу зону поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3156 +#: lib/luks2/luks2_reencrypt.c:3886 msgid "Failed to write reencryption resilience metadata." msgstr "Нисам успео да запишем метаподатаке гипкости поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3163 +#: lib/luks2/luks2_reencrypt.c:3893 msgid "Decryption failed." msgstr "Дешифровање није успело." -#: lib/luks2/luks2_reencrypt.c:3168 +#: lib/luks2/luks2_reencrypt.c:3898 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Нисам успео да запишем област вруће зоне са почетком на %." -#: lib/luks2/luks2_reencrypt.c:3173 +#: lib/luks2/luks2_reencrypt.c:3903 msgid "Failed to sync data." msgstr "Нисам успео да усагласим податке." -#: lib/luks2/luks2_reencrypt.c:3181 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Нисам успео да освежим метаподатке након тренутно завршеног поновног шифровања вруће зоне." -#: lib/luks2/luks2_reencrypt.c:3248 +#: lib/luks2/luks2_reencrypt.c:4000 msgid "Failed to write LUKS2 metadata." msgstr "Нисам успео да запишем ЛУКС2 метаподатке." -#: lib/luks2/luks2_reencrypt.c:3271 -msgid "Failed to wipe backup segment data." -msgstr "Нисам успео да очистим податке подеока резерве." - -#: lib/luks2/luks2_reencrypt.c:3284 -msgid "Failed to disable reencryption requirement flag." -msgstr "Нисам успео да искључим заставицу захтева поновног шифровања." +#: lib/luks2/luks2_reencrypt.c:4023 +msgid "Failed to wipe unused data device area." +msgstr "Нисам успео да обришем област уређаја података." + +#: lib/luks2/luks2_reencrypt.c:4029 +#, c-format +msgid "Failed to remove unused (unbound) keyslot %d." +msgstr "Нисам успео да уклоним некоришћени (несвезани) утор кључа %d." + +#: lib/luks2/luks2_reencrypt.c:4039 +msgid "Failed to remove reencryption keyslot." +msgstr "Нисам успео да уклоним утор кључа поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3292 +#: lib/luks2/luks2_reencrypt.c:4049 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Кобна грешка приликом поновног шифровања комада који почиње на %, % подеока дуг." -#: lib/luks2/luks2_reencrypt.c:3296 +#: lib/luks2/luks2_reencrypt.c:4053 msgid "Online reencryption failed." msgstr "Поновно шифровање на мрежи није успело." -#: lib/luks2/luks2_reencrypt.c:3301 +#: lib/luks2/luks2_reencrypt.c:4058 msgid "Do not resume the device unless replaced with error target manually." msgstr "Не наставља са уређајем осим ако није ручно замењен метом грешке." -#: lib/luks2/luks2_reencrypt.c:3353 +#: lib/luks2/luks2_reencrypt.c:4112 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Не могу да наставим са поновним шифровањем. Неочекивано стање поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3359 +#: lib/luks2/luks2_reencrypt.c:4118 msgid "Missing or invalid reencrypt context." msgstr "Недостаје или неисправан контекст поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3366 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to initialize reencryption device stack." msgstr "Нисам успео да покренем поновно шифровање спремника уређаја." -#: lib/luks2/luks2_reencrypt.c:3385 lib/luks2/luks2_reencrypt.c:3428 +#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 msgid "Failed to update reencryption context." msgstr "Нисам успео да освежим контекст поновног шифровања." -#: src/cryptsetup.c:108 -msgid "Can't do passphrase verification on non-tty inputs." -msgstr "Не могу да одрадим проверу пропусне речи на не-конзолним улазима." +#: lib/luks2/luks2_reencrypt_digest.c:406 +msgid "Reencryption metadata is invalid." +msgstr "Метаподаци поновног шифровања нису исправни." -#: src/cryptsetup.c:171 +#: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Параметри шифровања утора кључа се могу поставити само за ЛУКС2 уређај." -#: src/cryptsetup.c:198 +#: src/cryptsetup.c:108 #, c-format msgid "Enter token PIN:" msgstr "Унесите ПИН скупине:" -#: src/cryptsetup.c:200 +#: src/cryptsetup.c:110 #, c-format msgid "Enter token %d PIN:" msgstr "Унесите %d ПИН скупине:" -#: src/cryptsetup.c:245 src/cryptsetup.c:1057 src/cryptsetup.c:1401 -#: src/cryptsetup.c:3288 src/cryptsetup_reencrypt.c:700 -#: src/cryptsetup_reencrypt.c:770 +#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 +#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Није откривен познат образац одреднице шифрера." -#: src/cryptsetup.c:253 +#: src/cryptsetup.c:167 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "УПОЗОРЕЊЕ: Параметар „--hash“ је занемарен у обичном режиму са наведеном кључном датотеком.\n" -#: src/cryptsetup.c:261 +#: src/cryptsetup.c:175 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "УПОЗОРЕЊЕ: Опција „--keyfile-size“ је занемарена, величина читања је иста као величина кључа шифровања.\n" -#: src/cryptsetup.c:301 +#: src/cryptsetup.c:215 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Открих потпис(е) уређаја на „%s“. Даље настављање може оштетити постојеће податке." -#: src/cryptsetup.c:307 src/cryptsetup.c:1197 src/cryptsetup.c:1253 -#: src/cryptsetup.c:1378 src/cryptsetup.c:1451 src/cryptsetup.c:2099 -#: src/cryptsetup.c:2805 src/cryptsetup.c:2927 src/integritysetup.c:176 +#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 +#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 +#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:275 msgid "Operation aborted.\n" msgstr "Радња је обустављена.\n" -#: src/cryptsetup.c:375 +#: src/cryptsetup.c:294 msgid "Option --key-file is required." msgstr "Захтевана је опција „--key-file“." -#: src/cryptsetup.c:426 +#: src/cryptsetup.c:345 msgid "Enter VeraCrypt PIM: " msgstr "Унесите „VeraCrypt PIM“: " -#: src/cryptsetup.c:435 +#: src/cryptsetup.c:354 msgid "Invalid PIM value: parse error." msgstr "Неисправна „PIM“ вредност: грешка обраде." -#: src/cryptsetup.c:438 +#: src/cryptsetup.c:357 msgid "Invalid PIM value: 0." msgstr "Неисправна „PIM“ вредност: 0." -#: src/cryptsetup.c:441 +#: src/cryptsetup.c:360 msgid "Invalid PIM value: outside of range." msgstr "Неисправна „PIM“ вредност: изван опсега." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:383 msgid "No device header detected with this passphrase." msgstr "Није откривено заглавље уређаја са овом пропусном речи." -#: src/cryptsetup.c:537 +#: src/cryptsetup.c:456 src/cryptsetup.c:632 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "Уређај „%s“ није исправан „BITLK“ уређај." -#: src/cryptsetup.c:545 +#: src/cryptsetup.c:464 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Не могу да одредим величину кључа за „BITLK“, користите „--key-size“ опцију." -#: src/cryptsetup.c:588 +#: src/cryptsetup.c:506 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1816,7 +1900,7 @@ "који омогућава приступ шифрованој партицији без лозинке.\n" "Овај избачај треба увек бити смештен шифрован на безбедном месту." -#: src/cryptsetup.c:661 src/cryptsetup.c:2125 +#: src/cryptsetup.c:573 src/cryptsetup.c:2019 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1826,88 +1910,104 @@ "који омогућава приступ шифрованој партицији без лозинке.\n" "Овај избачај треба бити смештен шифрован на безбедном месту." -#: src/cryptsetup.c:756 src/veritysetup.c:318 src/integritysetup.c:313 +#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Уређај „%s“ је још увек активан и заказан за одложено уклањање.\n" -#: src/cryptsetup.c:790 +#: src/cryptsetup.c:698 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Сразмеравање активног уређаја захтева кључ волумена у привеску кључева али је постављена „--disable-keyring“ опција." -#: src/cryptsetup.c:936 +#: src/cryptsetup.c:845 msgid "Benchmark interrupted." msgstr "Оцењивање је прекинуто." -#: src/cryptsetup.c:957 +#: src/cryptsetup.c:866 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "„PBKDF2-%-9s“ Н/Д\n" -#: src/cryptsetup.c:959 +#: src/cryptsetup.c:868 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "„PBKDF2-%-9s“ %7u понављања у секунди за %zu-битни кључ\n" -#: src/cryptsetup.c:973 +#: src/cryptsetup.c:882 #, c-format msgid "%-10s N/A\n" msgstr "%-10s Н/Д\n" -#: src/cryptsetup.c:975 +#: src/cryptsetup.c:884 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u понављања, %5u меморије, %1u паралелних нити (процесора) за %zu-битни кључ (захтева се %u ms време)\n" -#: src/cryptsetup.c:999 +#: src/cryptsetup.c:908 msgid "Result of benchmark is not reliable." msgstr "Резултат оцењивања није поуздан." -#: src/cryptsetup.c:1049 +#: src/cryptsetup.c:958 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Пробе су приближне користећи само меморију (без УИ смештаја).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1069 +#: src/cryptsetup.c:978 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Алгоритам | Кључ | Шифровање | Дешифровање\n" -#: src/cryptsetup.c:1073 +#: src/cryptsetup.c:982 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Шифрер „%s“ (са %i битним кључем) није доступан." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1092 +#: src/cryptsetup.c:1001 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Алгоритам | Кључ | Шифровање | Дешифровање\n" -#: src/cryptsetup.c:1103 +#: src/cryptsetup.c:1012 msgid "N/A" msgstr "Недоступно" -#: src/cryptsetup.c:1190 +#: src/cryptsetup.c:1037 msgid "" -"Seems device does not require reencryption recovery.\n" -"Do you want to proceed anyway?" +"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" +"and continue (upgrade metadata) only if you acknowledge the operation as genuine." msgstr "" -"Изгледа да уређај не захтева опоравак поновног шифровања.\n" -"Да ли желите да наставите?" +"Откривени су незаштићени ЛУКС2 метаподаци поновног шифровања. Проверите да ли је радња поновног шифровања пожељна (видите „luksDump“ излаз)\n" +"и наставите (са надоградњом метаподатака само ако знате да је радња безопасна." -#: src/cryptsetup.c:1196 +#: src/cryptsetup.c:1043 +msgid "Enter passphrase to protect and upgrade reencryption metadata: " +msgstr "Унесите пропусну реч да заштитите и надоградите метаподатке поновног шифровања: " + +#: src/cryptsetup.c:1087 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Да наставим са опоравком ЛУКС2 поновног шифровања?" -#: src/cryptsetup.c:1204 +#: src/cryptsetup.c:1096 +msgid "Enter passphrase to verify reencryption metadata digest: " +msgstr "Унесите пропусну реч да проверите упит метаподатака поновног шифровања: " + +#: src/cryptsetup.c:1098 msgid "Enter passphrase for reencryption recovery: " msgstr "Унесите пропусну реч за опоравак поновног шифровања: " -#: src/cryptsetup.c:1252 +#: src/cryptsetup.c:1153 msgid "Really try to repair LUKS device header?" msgstr "Стварно да покушам да поправим заглавље ЛУКС уређаја?" -#: src/cryptsetup.c:1277 src/integritysetup.c:90 +#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Брисање је прекинуто." + +#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -1915,113 +2015,119 @@ "Бришем уређај да бих започео суму провере целовитости.\n" "Можете прекинути ово притиском на „CTRL+c“ (остатак необрисаног уређаја садржаће неисправну суму провере).\n" -#: src/cryptsetup.c:1299 src/integritysetup.c:112 +#: src/cryptsetup.c:1204 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Не могу да деактивирам привремени уређај „%s“." -#: src/cryptsetup.c:1363 +#: src/cryptsetup.c:1255 msgid "Integrity option can be used only for LUKS2 format." msgstr "Опција целовитости се може користити само за ЛУКС2 запис." -#: src/cryptsetup.c:1368 src/cryptsetup.c:1428 +#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 msgid "Unsupported LUKS2 metadata size options." msgstr "Неподржана опција величине ЛУКС2 метаподатака." -#: src/cryptsetup.c:1377 +#: src/cryptsetup.c:1269 msgid "Header file does not exist, do you want to create it?" msgstr "Датотека заглавља не постоји, да ли желите да је направите?" -#: src/cryptsetup.c:1385 +#: src/cryptsetup.c:1277 #, c-format msgid "Cannot create header file %s." msgstr "Не могу да направим датотеку заглавља „%s“." -#: src/cryptsetup.c:1408 src/integritysetup.c:138 src/integritysetup.c:146 -#: src/integritysetup.c:155 src/integritysetup.c:230 src/integritysetup.c:238 -#: src/integritysetup.c:248 +#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 +#: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Није откривен познат образац одреднице целовитости." -#: src/cryptsetup.c:1421 +#: src/cryptsetup.c:1313 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Не могу да користим „%s“ као заглавље на-диску." -#: src/cryptsetup.c:1445 src/integritysetup.c:170 +#: src/cryptsetup.c:1337 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Ово ће неповратно да препише податке на „%s“." -#: src/cryptsetup.c:1478 src/cryptsetup.c:1814 src/cryptsetup.c:1879 -#: src/cryptsetup.c:1981 src/cryptsetup.c:2047 src/cryptsetup_reencrypt.c:530 +#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 +#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Нисам успео да подесим „pbkdf“ параметре." -#: src/cryptsetup.c:1563 +#: src/cryptsetup.c:1455 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Смањени померај података је допуштен само за откачена ЛУКС заглавља." -#: src/cryptsetup.c:1574 src/cryptsetup.c:1885 +#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Не могу да одредим величину кључа за ЛУКС без утора кључа, користите „--key-size“ опцију." -#: src/cryptsetup.c:1619 +#: src/cryptsetup.c:1512 msgid "Device activated but cannot make flags persistent." msgstr "Уређај је активиран али не могу да учиним заставице трајним." -#: src/cryptsetup.c:1698 src/cryptsetup.c:1766 +#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Утор кључа „%d“ је изабран за брисање." -#: src/cryptsetup.c:1710 src/cryptsetup.c:1770 +#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Ово је последњи утор кључа. Уређај ће постати неупотребљив након чишћења овог кључа." -#: src/cryptsetup.c:1711 +#: src/cryptsetup.c:1604 msgid "Enter any remaining passphrase: " msgstr "Унесите неку преосталу пропусну реч: " -#: src/cryptsetup.c:1712 src/cryptsetup.c:1772 +#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Радња је прекинута, утор кључа НИЈЕ обрисан.\n" -#: src/cryptsetup.c:1748 +#: src/cryptsetup.c:1641 msgid "Enter passphrase to be deleted: " msgstr "Унесите пропусну реч за брисање: " -#: src/cryptsetup.c:1828 src/cryptsetup.c:1900 src/cryptsetup.c:1934 +#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 +#: src/cryptsetup.c:2649 +#, c-format +msgid "Device %s is not a valid LUKS2 device." +msgstr "Уређај „%s“ није исправан ЛУКС2 уређај." + +#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 msgid "Enter new passphrase for key slot: " msgstr "Унесите нову пропусну реч за утор кључа: " -#: src/cryptsetup.c:1917 src/cryptsetup_reencrypt.c:1328 +#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Унесите неку постојећу пропусну реч: " -#: src/cryptsetup.c:1985 +#: src/cryptsetup.c:1880 msgid "Enter passphrase to be changed: " msgstr "Унесите пропусну реч за мењање: " -#: src/cryptsetup.c:2001 src/cryptsetup_reencrypt.c:1314 +#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Унесите нову пропусну реч: " -#: src/cryptsetup.c:2051 +#: src/cryptsetup.c:1946 msgid "Enter passphrase for keyslot to be converted: " msgstr "Унесите пропусну реч за утор кључа за претварање: " -#: src/cryptsetup.c:2075 +#: src/cryptsetup.c:1970 msgid "Only one device argument for isLuks operation is supported." msgstr "Подржан је само један аргумент уређаја за радњу „isLuks“." -#: src/cryptsetup.c:2190 +#: src/cryptsetup.c:2078 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Утор кључа %d не садржи несвезани кључ." -#: src/cryptsetup.c:2195 +#: src/cryptsetup.c:2083 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2029,40 +2135,40 @@ "Избачај заглавља са кључем волумена је осетљив податак\n" "Овај избачај треба увек бити смештен шифрован на безбедном месту." -#: src/cryptsetup.c:2286 src/cryptsetup.c:2314 +#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 #, c-format msgid "%s is not active %s device name." msgstr "„%s“ није назив активног „%s“ уређаја." -#: src/cryptsetup.c:2309 +#: src/cryptsetup.c:2193 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "„%s“ није назив активног ЛУКС уређаја или недостаје заглавље." -#: src/cryptsetup.c:2347 src/cryptsetup.c:2366 +#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 msgid "Option --header-backup-file is required." msgstr "Захтевана је опција „--header-backup-file“." -#: src/cryptsetup.c:2397 +#: src/cryptsetup.c:2305 #, c-format msgid "%s is not cryptsetup managed device." msgstr "„%s“ није уређај управљан криптоподешавањем." -#: src/cryptsetup.c:2408 +#: src/cryptsetup.c:2316 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Освежавање није подржано за врсту уређаја „%s“" -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2362 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Непозната врста уређаја метаподатака „%s“." -#: src/cryptsetup.c:2456 +#: src/cryptsetup.c:2364 msgid "Command requires device and mapped name as arguments." msgstr "Наредба захтева уређај и мапирани назив као аргумент." -#: src/cryptsetup.c:2477 +#: src/cryptsetup.c:2385 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2071,335 +2177,325 @@ "Ова радња ће обрисати све уторе кључева на уређају „%s“.\n" "Уређај ће постати неупотребљив након ове радње." -#: src/cryptsetup.c:2484 +#: src/cryptsetup.c:2392 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Радња је прекинута, утори кључева НИСУ обрисани.\n" -#: src/cryptsetup.c:2523 +#: src/cryptsetup.c:2431 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Неисправна ЛУКС врста, само „luks1“ и „luks2“ су подржане." -#: src/cryptsetup.c:2539 +#: src/cryptsetup.c:2447 #, c-format msgid "Device is already %s type." msgstr "Уређај је већ „%s“ врсте." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2454 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Ова радња ће претворити „%s“ у „%s“ запис.\n" -#: src/cryptsetup.c:2549 +#: src/cryptsetup.c:2457 msgid "Operation aborted, device was NOT converted.\n" msgstr "Радња је прекинута, уређај НИЈЕ претворен.\n" -#: src/cryptsetup.c:2589 +#: src/cryptsetup.c:2497 msgid "Option --priority, --label or --subsystem is missing." msgstr "Недостаје опција „--priority“, „--label“ или „--subsystem“." -#: src/cryptsetup.c:2623 src/cryptsetup.c:2660 src/cryptsetup.c:2680 +#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 #, c-format msgid "Token %d is invalid." msgstr "Скупина „%d“ није исправна." -#: src/cryptsetup.c:2626 src/cryptsetup.c:2683 +#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 #, c-format msgid "Token %d in use." msgstr "Скупина „%d“ је у употреби." -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2546 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Нисам успео да додам „luks2-keyring“ скупину „%d“." -#: src/cryptsetup.c:2646 src/cryptsetup.c:2709 +#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Нисам успео да доделим скупину „%d“ утору кључа %d." -#: src/cryptsetup.c:2663 +#: src/cryptsetup.c:2571 #, c-format msgid "Token %d is not in use." msgstr "Скупина „%d“ није у употреби." -#: src/cryptsetup.c:2700 +#: src/cryptsetup.c:2608 msgid "Failed to import token from file." msgstr "Нисам успео да увезем скупину из датотеке." -#: src/cryptsetup.c:2725 +#: src/cryptsetup.c:2633 #, c-format msgid "Failed to get token %d for export." msgstr "Нисам успео да добавим скупину „%d“ за извоз." -#: src/cryptsetup.c:2789 -#, c-format -msgid "Auto-detected active dm device '%s' for data device %s.\n" -msgstr "Самооткривени активан дм уређај „%sд за уређај података „%s“.\n" +#: src/cryptsetup.c:2682 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Опција „--tcrypt-hidden“, „--tcrypt-system“ или „--tcrypt-backup“ је подржана само за ТКРИПТ уређај." -#: src/cryptsetup.c:2793 -#, c-format -msgid "Device %s is not a block device.\n" -msgstr "Уређај „%s“ није блок уређај.\n" +#: src/cryptsetup.c:2685 +msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." +msgstr "Опција „--veracrypt“ или „--disable-veracrypt“ је подржана само за ТКРИПТ врсту уређаја." -#: src/cryptsetup.c:2795 -#, c-format -msgid "Failed to auto-detect device %s holders." -msgstr "Нисам успео да самооткријем држаче „%s“ уређаја." +#: src/cryptsetup.c:2688 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Опција „--veracrypt-pim“ је подржана само за „VeraCrypt“ сагласне уређаје." -#: src/cryptsetup.c:2799 -#, c-format -msgid "" -"Unable to decide if device %s is activated or not.\n" -"Are you sure you want to proceed with reencryption in offline mode?\n" -"It may lead to data corruption if the device is actually activated.\n" -"To run reencryption in online mode, use --active-name parameter instead.\n" -msgstr "" -"Не могу да одлучим да ли је уређај „%s“ активиран или није.\n" -"Да ли сигурно желите да наставите са поновним шифровањем у режиму ван мреже?\n" -"То може довести до оштећења података ако је уређај заправо активиран.\n" -"Да покренете поновно шифровање у режиму на мрежи, користите параметар „--active-name“.\n" +#: src/cryptsetup.c:2692 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Опција „--veracrypt-query-pim“ је подржана само за „VeraCrypt“ сагласне уређаје." -#: src/cryptsetup.c:2881 -msgid "Encryption is supported only for LUKS2 format." -msgstr "Шифровање је подржано само за ЛУКС2 запис." +#: src/cryptsetup.c:2694 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Опције „--veracrypt-pim“ и „--veracrypt-query-pim“ се узајамно искључују." -#: src/cryptsetup.c:2886 -msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." -msgstr "Шифровање без откаченог заглавља (--header) није могуће без смањења величине уређаја података (--reduce-device-size)." +#: src/cryptsetup.c:2703 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Опција „--persistent“ није допуштена са опцијом „--test-passphrase“." -#: src/cryptsetup.c:2891 -msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." -msgstr "Затражени померај података мора бити мањи или једнак половини параметра „--reduce-device-size“." +#: src/cryptsetup.c:2706 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Опције „--refresh“ и „--test-passphrase“ се узајамно искључују." -#: src/cryptsetup.c:2900 -#, c-format -msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" -msgstr "Подешавам „--reduce-device-size“ вредност на двоструко од „--offset“ % (подеока).\n" +#: src/cryptsetup.c:2709 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Опција „--shared“ је допуштена само за отварање обичног уређаја." -#: src/cryptsetup.c:2923 -#, c-format -msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" -msgstr "Откривен је ЛУКС уређај на „%s“. Да ли желите опет да шифрујете тај ЛУКС уређај?" +#: src/cryptsetup.c:2712 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Опција „--skip“ је подржана само за отварање обичних и упетљаних уређаја." -#: src/cryptsetup.c:2941 -#, c-format -msgid "Temporary header file %s already exists. Aborting." -msgstr "Привремена датотека заглавља „%s“ већ постоји. Прекидам." +#: src/cryptsetup.c:2715 +msgid "Option --offset with open action is only supported for plain and loopaes devices." +msgstr "Опција „--offset“ са отвореном радњом је подржана само за обичне и упетљане уређаје." -#: src/cryptsetup.c:2943 src/cryptsetup.c:2950 -#, c-format -msgid "Cannot create temporary header file %s." -msgstr "Не могу да направим привремену датотеку заглавља „%s“." +#: src/cryptsetup.c:2718 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Опција „--tcrypt-hidden“ не може бити обједињена са „--allow-discards“." -#: src/cryptsetup.c:2975 -msgid "LUKS2 metadata size is larger than data shift value." -msgstr "Величина ЛУКС2 метаподатака је већа од вредности помака података." +#: src/cryptsetup.c:2722 +msgid "Sector size option with open action is supported only for plain devices." +msgstr "Опција величине одељка са отвореном радњом је подржана само за обичне уређаје." -#: src/cryptsetup.c:3007 -#, c-format -msgid "Failed to place new header at head of device %s." -msgstr "Нисам успео да ставим ново заглавље на главу уређаја „%s“." +#: src/cryptsetup.c:2726 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Опција великих IV одељака је подржана само за отварање обичних уређаја са величином одељка већом од 512 бајта." -#: src/cryptsetup.c:3018 -#, c-format -msgid "%s/%s is now active and ready for online encryption.\n" -msgstr "„%s/%s“ је сада активно и спремно за шифровање на мрежи.\n" +#: src/cryptsetup.c:2730 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Опција „--test-passphrase“ је допуштена само за отварање ЛУКС, „TCRYPT“ и „BITLK“ уређаја." -#: src/cryptsetup.c:3055 -msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." -msgstr "ЛУКС2 дешифровање је подржано само са откаченим уређајем заглавља (са померајем података постављеним на 0)." +#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +msgid "Options --device-size and --size cannot be combined." +msgstr "Опције „--device-size“ и „--size“ се не могу комбиновати." -#: src/cryptsetup.c:3189 src/cryptsetup.c:3195 -msgid "Not enough free keyslots for reencryption." -msgstr "Нема довољно слободних утора кључева за поновно шифровање." +#: src/cryptsetup.c:2736 +msgid "Option --unbound is allowed only for open of luks device." +msgstr "Опција „--unbound“ је допуштена само за отварање лукс уређаја." + +#: src/cryptsetup.c:2739 +msgid "Option --unbound cannot be used without --test-passphrase." +msgstr "Опција „--unbound“ се не може користити без „--test-passphrase“." -#: src/cryptsetup.c:3215 src/cryptsetup_reencrypt.c:1279 -msgid "Key file can be used only with --key-slot or with exactly one key slot active." -msgstr "Датотека кључа може бити коришћена само са „--key-slot“ или са тачно једним активним утором кључа." +#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +msgid "Options --cancel-deferred and --deferred cannot be used at the same time." +msgstr "Опције „--cancel-deferred“ и „--deferred“ се не могу користити у исто време." -#: src/cryptsetup.c:3224 src/cryptsetup_reencrypt.c:1326 -#: src/cryptsetup_reencrypt.c:1337 -#, c-format -msgid "Enter passphrase for key slot %d: " -msgstr "Унесите пропусну реч за утор кључа %d: " +#: src/cryptsetup.c:2764 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Опције „--reduce-device-size“ и „--data-size“ се не могу комбиновати." -#: src/cryptsetup.c:3233 -#, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Унесите пропусну реч за утор кључа %u: " +#: src/cryptsetup.c:2767 +msgid "Option --active-name can be set only for LUKS2 device." +msgstr "Опција „--active-name“ се може поставити само за ЛУКС2 уређај." + +#: src/cryptsetup.c:2770 +msgid "Options --active-name and --force-offline-reencrypt cannot be combined." +msgstr "Опције „--active-name“ и „--force-offline-reencrypt“ се не могу комбиновати." -#: src/cryptsetup.c:3278 -#, c-format -msgid "Switching data encryption cipher to %s.\n" -msgstr "Пребацујем шифрера података на „%s“.\n" +#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +msgid "Keyslot specification is required." +msgstr "Одредба утора кључа је потребна." -#: src/cryptsetup.c:3415 -msgid "Command requires device as argument." -msgstr "Наредба захтева уређај као аргумент." +#: src/cryptsetup.c:2786 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Опције „--align-payload“ и „--offset“ се не могу комбиновати." -#: src/cryptsetup.c:3437 -msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." -msgstr "Само је ЛУКС2 запис тренутно подржан. Користите алат „cryptsetup-reencrypt“ за ЛУКС1." - -#: src/cryptsetup.c:3449 -msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." -msgstr "Старо ванмрежно поновно шифровање је већ у току. Користите помагало „cryptsetup-reencrypt“." +#: src/cryptsetup.c:2789 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Опција „--integrity-no-wipe“ се може користити само за радњу форматирања са проширењем целовитости." -#: src/cryptsetup.c:3459 src/cryptsetup_reencrypt.c:155 -msgid "Reencryption of device with integrity profile is not supported." -msgstr "Поновно шифровање уређаја са профилом целовитости није подржано." +#: src/cryptsetup.c:2792 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Дозвољена је само једна опција „--use-[u]random“." -#: src/cryptsetup.c:3467 -msgid "LUKS2 reencryption already initialized. Aborting operation." -msgstr "ЛУКС2 поновно шифровање је већ покренуто. Прекидам радњу." +#: src/cryptsetup.c:2800 +msgid "Key size is required with --unbound option." +msgstr "Величина кључа је потребна са опцијом „--unbound“." + +#: src/cryptsetup.c:2819 +msgid "Invalid token action." +msgstr "Неисправна радња скупине." + +#: src/cryptsetup.c:2822 +msgid "--key-description parameter is mandatory for token add action." +msgstr "„--key-description“ параметар је обавезан за радњу додавања скупине." -#: src/cryptsetup.c:3471 -msgid "LUKS2 device is not in reencryption." -msgstr "ЛУКС2 уређај није у поновном шифровању." +#: src/cryptsetup.c:2826 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Радња захтева нарочиту скупину. Користите параметар „--token-id“." -#: src/cryptsetup.c:3498 +#: src/cryptsetup.c:2840 msgid " [--type ] []" msgstr "<уређај> [--type <врста>] [<назив>]" -#: src/cryptsetup.c:3498 src/veritysetup.c:480 src/integritysetup.c:446 +#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 msgid "open device as " msgstr "отвара уређај као <назив>" -#: src/cryptsetup.c:3499 src/cryptsetup.c:3500 src/cryptsetup.c:3501 -#: src/veritysetup.c:481 src/veritysetup.c:482 src/integritysetup.c:447 -#: src/integritysetup.c:448 +#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 +#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "<назив>" -#: src/cryptsetup.c:3499 src/veritysetup.c:481 src/integritysetup.c:447 +#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "затвара уређај (уклања мапирање)" -#: src/cryptsetup.c:3500 +#: src/cryptsetup.c:2842 src/integritysetup.c:539 msgid "resize active device" msgstr "мења величину радног уређаја" -#: src/cryptsetup.c:3501 +#: src/cryptsetup.c:2843 msgid "show device status" msgstr "показује стање уређаја" -#: src/cryptsetup.c:3502 +#: src/cryptsetup.c:2844 msgid "[--cipher ]" msgstr "[--cipher <шифрер>]" -#: src/cryptsetup.c:3502 +#: src/cryptsetup.c:2844 msgid "benchmark cipher" msgstr "шифрер оцењивања" -#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505 -#: src/cryptsetup.c:3506 src/cryptsetup.c:3507 src/cryptsetup.c:3514 -#: src/cryptsetup.c:3515 src/cryptsetup.c:3516 src/cryptsetup.c:3517 -#: src/cryptsetup.c:3518 src/cryptsetup.c:3519 src/cryptsetup.c:3520 -#: src/cryptsetup.c:3521 src/cryptsetup.c:3522 +#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 +#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 +#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 +#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 +#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 msgid "" msgstr "<уређај>" -#: src/cryptsetup.c:3503 +#: src/cryptsetup.c:2845 msgid "try to repair on-disk metadata" msgstr "покушава да поправи метаподатке на-диску" -#: src/cryptsetup.c:3504 +#: src/cryptsetup.c:2846 msgid "reencrypt LUKS2 device" msgstr "ЛУКС2 уређај поновног шифровања" -#: src/cryptsetup.c:3505 +#: src/cryptsetup.c:2847 msgid "erase all keyslots (remove encryption key)" msgstr "брише све уторе кључева (уклања кључ шифровања)" -#: src/cryptsetup.c:3506 +#: src/cryptsetup.c:2848 msgid "convert LUKS from/to LUKS2 format" msgstr "претвара ЛУКС из/у ЛУКС2 запис" -#: src/cryptsetup.c:3507 +#: src/cryptsetup.c:2849 msgid "set permanent configuration options for LUKS2" msgstr "поставља трајне опције подешавања за ЛУКС2" -#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 +#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 msgid " []" msgstr "<уређај> [<нова датотека кључа>]" -#: src/cryptsetup.c:3508 +#: src/cryptsetup.c:2850 msgid "formats a LUKS device" msgstr "форматира ЛУКС уређај" -#: src/cryptsetup.c:3509 +#: src/cryptsetup.c:2851 msgid "add key to LUKS device" msgstr "додаје кључ у ЛУКС уређај" -#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3512 +#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 msgid " []" msgstr "<уређај> [<датотека кључа>]" -#: src/cryptsetup.c:3510 +#: src/cryptsetup.c:2852 msgid "removes supplied key or key file from LUKS device" msgstr "уклања достављени кључ или датотеку кључа из ЛУКС уређаја" -#: src/cryptsetup.c:3511 +#: src/cryptsetup.c:2853 msgid "changes supplied key or key file of LUKS device" msgstr "мења достављени кључ или датотеку кључа ЛУКС уређаја" -#: src/cryptsetup.c:3512 +#: src/cryptsetup.c:2854 msgid "converts a key to new pbkdf parameters" msgstr "претвара кључ у нове „pbkdf“ параметре" -#: src/cryptsetup.c:3513 +#: src/cryptsetup.c:2855 msgid " " msgstr "<уређај> <утор кључа>" -#: src/cryptsetup.c:3513 +#: src/cryptsetup.c:2855 msgid "wipes key with number from LUKS device" msgstr "брише кључ са бројем <утор кључа> са ЛУКС уређаја" -#: src/cryptsetup.c:3514 +#: src/cryptsetup.c:2856 msgid "print UUID of LUKS device" msgstr "исписује УЈИБ ЛУКС уређаја" -#: src/cryptsetup.c:3515 +#: src/cryptsetup.c:2857 msgid "tests for LUKS partition header" msgstr "испробава <уређај> за заглављем ЛУКС партиције" -#: src/cryptsetup.c:3516 +#: src/cryptsetup.c:2858 msgid "dump LUKS partition information" msgstr "исписује податке ЛУКС партиције" -#: src/cryptsetup.c:3517 +#: src/cryptsetup.c:2859 msgid "dump TCRYPT device information" msgstr "исписује податке ТКРИПТ уређаја" -#: src/cryptsetup.c:3518 +#: src/cryptsetup.c:2860 msgid "dump BITLK device information" msgstr "исписује податке „BITLK“ уређаја" -#: src/cryptsetup.c:3519 +#: src/cryptsetup.c:2861 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Обуставља ЛУКС уређај и брише кључ (сви УИ су замрзнути)" -#: src/cryptsetup.c:3520 +#: src/cryptsetup.c:2862 msgid "Resume suspended LUKS device" msgstr "Наставља са обустављеним ЛУКС уређајем" -#: src/cryptsetup.c:3521 +#: src/cryptsetup.c:2863 msgid "Backup LUKS device header and keyslots" msgstr "Прави резерву заглавља „LUKS“ уређаја и утора кључева" -#: src/cryptsetup.c:3522 +#: src/cryptsetup.c:2864 msgid "Restore LUKS device header and keyslots" msgstr "Враћа заглавље „LUKS“ уређаја и уторе кључева" -#: src/cryptsetup.c:3523 +#: src/cryptsetup.c:2865 msgid " " msgstr "<додај|уклони|увези|извези> <уређај>" -#: src/cryptsetup.c:3523 +#: src/cryptsetup.c:2865 msgid "Manipulate LUKS2 tokens" msgstr "Управља ЛУКС2 скупинама" -#: src/cryptsetup.c:3543 src/veritysetup.c:498 src/integritysetup.c:464 +#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2407,7 +2503,7 @@ "\n" "<радња> је једна од следећих:\n" -#: src/cryptsetup.c:3549 +#: src/cryptsetup.c:2890 msgid "" "\n" "You can also use old syntax aliases:\n" @@ -2419,7 +2515,7 @@ "\tотварање: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" "\tзатвори: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" -#: src/cryptsetup.c:3553 +#: src/cryptsetup.c:2894 #, c-format msgid "" "\n" @@ -2434,7 +2530,7 @@ "<утор кључа> је број ЛУКС утора кључа за мењање\n" "<датотека кључа> изборна датотека кључа за нови кључ за радњу „luksAddKey“\n" -#: src/cryptsetup.c:3560 +#: src/cryptsetup.c:2901 #, c-format msgid "" "\n" @@ -2443,7 +2539,7 @@ "\n" "Основни уграђени запис метаподатака је „%s“ (за „luksFormat“ радњу).\n" -#: src/cryptsetup.c:3565 src/cryptsetup.c:3568 +#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 #, c-format msgid "" "\n" @@ -2452,20 +2548,20 @@ "\n" "Подршка прикључка спољне скупине за „LUKS2“ је „%s“.\n" -#: src/cryptsetup.c:3565 +#: src/cryptsetup.c:2906 msgid "compiled-in" msgstr "преведено" -#: src/cryptsetup.c:3566 +#: src/cryptsetup.c:2907 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Путања прикључка спољне скупине за „LUKS2“: %s.\n" -#: src/cryptsetup.c:3568 +#: src/cryptsetup.c:2909 msgid "disabled" msgstr "искључено" -#: src/cryptsetup.c:3572 +#: src/cryptsetup.c:2913 #, c-format msgid "" "\n" @@ -2482,7 +2578,7 @@ "Основни „PBKDF“ за ЛУКС2: %s\n" "\tВреме понављања: %d, Захтевана меморија: %dkB, Паралелне нити: %d\n" -#: src/cryptsetup.c:3583 +#: src/cryptsetup.c:2924 #, c-format msgid "" "\n" @@ -2497,206 +2593,96 @@ "\tобично: %s, Кључ: %d бита, Хеширање лозинке: %s\n" "\tЛУКС: %s, Кључ: %d бита, Хеширање ЛУКС заглавља: %s, РНГ: %s\n" -#: src/cryptsetup.c:3592 +#: src/cryptsetup.c:2933 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tЛУКС: Основна величина кључа са „XTS“ режимом (два унутрашња кључа) биће удвостручена.\n" -#: src/cryptsetup.c:3610 src/veritysetup.c:637 src/integritysetup.c:620 +#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: захтева „%s“ као аргумент" -#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1379 -#: src/cryptsetup_reencrypt.c:1704 +#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 msgid "Key slot is invalid." msgstr "Утор кључа није исправан." -#: src/cryptsetup.c:3675 +#: src/cryptsetup.c:3024 msgid "Device size must be multiple of 512 bytes sector." msgstr "Величина уређаја мора бити умножак одељка од 512 бајта." -#: src/cryptsetup.c:3680 +#: src/cryptsetup.c:3029 msgid "Invalid max reencryption hotzone size specification." msgstr "Неисправна одредба највеће величине вруће зоне поновног шифровања." -#: src/cryptsetup.c:3694 src/cryptsetup.c:3706 src/cryptsetup_reencrypt.c:1623 +#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 msgid "Key size must be a multiple of 8 bits" msgstr "Величина кључа мора бити умножак од 8 бита" -#: src/cryptsetup.c:3711 +#: src/cryptsetup.c:3060 msgid "Maximum device reduce size is 1 GiB." msgstr "Највећа величина смањења уређаја је 1 GiB." -#: src/cryptsetup.c:3714 src/cryptsetup_reencrypt.c:1631 +#: src/cryptsetup.c:3063 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Величина смањивања мора бити умножак одељка од 512 бајта." -#: src/cryptsetup.c:3731 +#: src/cryptsetup.c:3080 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Опција „--priority“ може бити само „ignore/normal/prefer“." -#: src/cryptsetup.c:3741 src/veritysetup.c:561 src/integritysetup.c:543 -#: src/cryptsetup_reencrypt.c:1641 +#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 msgid "Show this help message" msgstr "Приказује ову поруку помоћи" -#: src/cryptsetup.c:3742 src/veritysetup.c:562 src/integritysetup.c:544 -#: src/cryptsetup_reencrypt.c:1642 +#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Прикажите кратку поруку о коришћењу" -#: src/cryptsetup.c:3743 src/veritysetup.c:563 src/integritysetup.c:545 -#: src/cryptsetup_reencrypt.c:1643 +#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 msgid "Print package version" msgstr "Исписује издање пакета" -#: src/cryptsetup.c:3754 src/veritysetup.c:574 src/integritysetup.c:556 -#: src/cryptsetup_reencrypt.c:1654 +#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 msgid "Help options:" msgstr "Опције помоћи:" -#: src/cryptsetup.c:3771 src/veritysetup.c:592 src/integritysetup.c:573 +#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[ОПЦИЈА...] <радња> <посебност-радње>" -#: src/cryptsetup.c:3780 src/veritysetup.c:601 src/integritysetup.c:584 +#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 msgid "Argument missing." msgstr "Недостаје аргумент <радња>." -#: src/cryptsetup.c:3850 src/veritysetup.c:632 src/integritysetup.c:615 +#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 msgid "Unknown action." msgstr "Непозната радња." -#: src/cryptsetup.c:3861 -msgid "Options --refresh and --test-passphrase are mutually exclusive." -msgstr "Опције „--refresh“ и „--test-passphrase“ се узајамно искључују." - -#: src/cryptsetup.c:3866 src/veritysetup.c:656 src/integritysetup.c:663 -msgid "Options --cancel-deferred and --deferred cannot be used at the same time." -msgstr "Опције „--cancel-deferred“ и „--deferred“ се не могу користити у исто време." - -#: src/cryptsetup.c:3872 -msgid "Option --shared is allowed only for open of plain device." -msgstr "Опција „--shared“ је допуштена само за отварање обичног уређаја." - -#: src/cryptsetup.c:3877 -msgid "Option --persistent is not allowed with --test-passphrase." -msgstr "Опција „--persistent“ није допуштена са опцијом „--test-passphrase“." - -#: src/cryptsetup.c:3882 -msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." -msgstr "Опција „--integrity-no-wipe“ се може користити само за радњу форматирања са проширењем целовитости." - -#: src/cryptsetup.c:3889 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Опција „--test-passphrase“ је допуштена само за отварање ЛУКС, „TCRYPT“ и „BITLK“ уређаја." - -#: src/cryptsetup.c:3901 +#: src/cryptsetup.c:3229 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Опција „--key-file“ има првенство над наведеним аргументом датотеке кључа." -#: src/cryptsetup.c:3907 +#: src/cryptsetup.c:3235 msgid "Only one --key-file argument is allowed." msgstr "Дозвољен је само један аргумент „--key-file“." -#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1689 -#: src/cryptsetup_reencrypt.c:1708 -msgid "Only one of --use-[u]random options is allowed." -msgstr "Дозвољена је само једна опција „--use-[u]random“." - -#: src/cryptsetup.c:3915 -msgid "Options --align-payload and --offset cannot be combined." -msgstr "Опције „--align-payload“ и „--offset“ се не могу комбиновати." - -#: src/cryptsetup.c:3921 -msgid "Option --skip is supported only for open of plain and loopaes devices." -msgstr "Опција „--skip“ је подржана само за отварање обичних и упетљаних уређаја." - -#: src/cryptsetup.c:3927 -msgid "Option --offset with open action is only supported for plain and loopaes devices." -msgstr "Опција „--offset“ са отвореном радњом је подржана само за обичне и упетљане уређаје." - -#: src/cryptsetup.c:3933 -msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." -msgstr "Опција „--tcrypt-hidden“, „--tcrypt-system“ или „--tcrypt-backup“ је подржана само за ТКРИПТ уређај." - -#: src/cryptsetup.c:3938 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." -msgstr "Опција „--tcrypt-hidden“ не може бити обједињена са „--allow-discards“." - -#: src/cryptsetup.c:3943 -msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." -msgstr "Опција „--veracrypt“ или „--disable-veracrypt“ је подржана само за ТКРИПТ врсту уређаја." - -#: src/cryptsetup.c:3948 -msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." -msgstr "Опција „--veracrypt-pim“ је подржана само за „VeraCrypt“ сагласне уређаје." - -#: src/cryptsetup.c:3954 -msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." -msgstr "Опција „--veracrypt-query-pim“ је подржана само за „VeraCrypt“ сагласне уређаје." - -#: src/cryptsetup.c:3958 -msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." -msgstr "Опције „--veracrypt-pim“ и „--veracrypt-query-pim“ се узајамно искључују." - -#: src/cryptsetup.c:3966 src/cryptsetup.c:4002 -msgid "Keyslot specification is required." -msgstr "Одредба утора кључа је потребна." - -#: src/cryptsetup.c:3971 src/cryptsetup_reencrypt.c:1694 +#: src/cryptsetup.c:3240 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Функција произилажења кључа заснованог на пропусној речи (PBKDF) може бити само „pbkdf2“ или „argon2i/argon2id“." -#: src/cryptsetup.c:3976 src/cryptsetup_reencrypt.c:1699 +#: src/cryptsetup.c:3245 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "„PBKDF“ присиљена понављања се не могу комбиновати са опцијом времена понављања." -#: src/cryptsetup.c:3983 -msgid "Sector size option with open action is supported only for plain devices." -msgstr "Опција величине одељка са отвореном радњом је подржана само за обичне уређаје." +#: src/cryptsetup.c:3256 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Опције „--keyslot-cipher“ и „--keyslot-key-size“ се морају користити заједно." -#: src/cryptsetup.c:3990 -msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." -msgstr "Опција великих IV одељака је подржана само за отварање обичних уређаја са величином одељка већом од 512 бајта." +#: src/cryptsetup.c:3264 +msgid "No action taken. Invoked with --test-args option.\n" +msgstr "Није предузета никаква радња. Призвана опцијом „--test-args“.\n" -#: src/cryptsetup.c:3996 -msgid "Key size is required with --unbound option." -msgstr "Величина кључа је потребна са опцијом „--unbound“." - -#: src/cryptsetup.c:4012 -msgid "LUKS2 decryption requires option --header." -msgstr "ЛУКС2 дешифровање захтева опцију „--header“." - -#: src/cryptsetup.c:4016 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "Опције „--reduce-device-size“ и „--data-size“ се не могу комбиновати." - -#: src/cryptsetup.c:4020 -msgid "Options --device-size and --size cannot be combined." -msgstr "Опције „--device-size“ и „--size“ се не могу комбиновати." - -#: src/cryptsetup.c:4024 -msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." -msgstr "Опције „--keyslot-cipher“ и „--keyslot-key-size“ се морају користити заједно." - -#: src/cryptsetup.c:4028 -msgid "No action taken. Invoked with --test-args option.\n" -msgstr "Није предузета никаква радња. Призвана опцијом „--test-args“.\n" - -#: src/cryptsetup.c:4040 -msgid "Invalid token action." -msgstr "Неисправна радња скупине." - -#: src/cryptsetup.c:4045 -msgid "--key-description parameter is mandatory for token add action." -msgstr "„--key-description“ параметар је обавезан за радњу додавања скупине." - -#: src/cryptsetup.c:4051 -msgid "Action requires specific token. Use --token-id parameter." -msgstr "Радња захтева нарочиту скупину. Користите параметар „--token-id“." - -#: src/cryptsetup.c:4062 +#: src/cryptsetup.c:3277 msgid "Cannot disable metadata locking." msgstr "Не могу да искључим закључавање метаподатака." @@ -2724,67 +2710,72 @@ msgid "Cannot write to root hash file %s." msgstr "Не могу да пишем у корену хеш датотеку „%s“." -#: src/veritysetup.c:210 src/veritysetup.c:227 +#: src/veritysetup.c:196 src/veritysetup.c:472 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Уређај „%s“ није исправан „VERITY“ уређај." + +#: src/veritysetup.c:213 src/veritysetup.c:230 #, c-format msgid "Cannot read root hash file %s." msgstr "Не могу да читам корену хеш датотеку „%s“." -#: src/veritysetup.c:215 +#: src/veritysetup.c:218 #, c-format msgid "Invalid root hash file %s." msgstr "Неисправна корена хеш датотека „%s“." -#: src/veritysetup.c:236 +#: src/veritysetup.c:239 msgid "Invalid root hash string specified." msgstr "Наведена је неисправна ниска хеша корена." -#: src/veritysetup.c:244 +#: src/veritysetup.c:247 #, c-format msgid "Invalid signature file %s." msgstr "Неисправна датотека потписа „%s“." -#: src/veritysetup.c:251 +#: src/veritysetup.c:254 #, c-format msgid "Cannot read signature file %s." msgstr "Не могу да прочитам датотеку потписа „%s“." -#: src/veritysetup.c:274 src/veritysetup.c:288 +#: src/veritysetup.c:277 src/veritysetup.c:291 msgid "Command requires or --root-hash-file option as argument." msgstr "Наредба захтева „“ или „--root-hash-file“ опцију као аргумент." -#: src/veritysetup.c:478 +#: src/veritysetup.c:485 msgid " " msgstr "<уређај_података> <уређај_хеша>" -#: src/veritysetup.c:478 src/integritysetup.c:445 +#: src/veritysetup.c:485 src/integritysetup.c:534 msgid "format device" msgstr "форматира уређај" -#: src/veritysetup.c:479 +#: src/veritysetup.c:486 msgid " []" msgstr "<уређај_података> <уређај_хеша> [<хеш_корена>]" -#: src/veritysetup.c:479 +#: src/veritysetup.c:486 msgid "verify device" msgstr "проверава уређај" -#: src/veritysetup.c:480 +#: src/veritysetup.c:487 msgid " []" msgstr "<уређај_података> <назив> <уређај_хеша> [<хеш_корена>]" -#: src/veritysetup.c:482 src/integritysetup.c:448 +#: src/veritysetup.c:489 src/integritysetup.c:537 msgid "show active device status" msgstr "показује стање радног уређаја" -#: src/veritysetup.c:483 +#: src/veritysetup.c:490 msgid "" msgstr "<уређај_хеша>" -#: src/veritysetup.c:483 src/integritysetup.c:449 +#: src/veritysetup.c:490 src/integritysetup.c:538 msgid "show on-disk information" msgstr "приказује податке на-диску" -#: src/veritysetup.c:502 +#: src/veritysetup.c:509 #, c-format msgid "" "\n" @@ -2799,7 +2790,7 @@ "<уређај_хеша> јесте уређај који садржи податке проверавања\n" "<хеш_корена> хеш кореног чвора на <уређају_хеша>\n" -#: src/veritysetup.c:509 +#: src/veritysetup.c:516 #, c-format msgid "" "\n" @@ -2810,28 +2801,46 @@ "Основни преведени параметри дм-тачности:\n" "\tХеш: %s, Блок података (бајта): %u, Блок хеша (бајта): %u, Величина присолка: %u, Запис хеша: %u\n" -#: src/veritysetup.c:646 +#: src/veritysetup.c:654 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Опције „--ignore-corruption“ и „--restart-on-corruption“ се не могу користити заједно." -#: src/veritysetup.c:651 +#: src/veritysetup.c:659 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Опције „--panic-on-corruption“ и „--restart-on-corruption“ се не могу користити заједно." -#: src/integritysetup.c:201 +#: src/integritysetup.c:177 +#, c-format +msgid "" +"This will overwrite data on %s and %s irrevocably.\n" +"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)." +msgstr "" +"Ово ће неповратно преписати податке на „%s“ и „%s“.\n" +"Да задржите уређај података користите опцију „--no-wipe“ (а затим активирајте са „--integrity-recalculate“)." + +#: src/integritysetup.c:212 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Форматирано ознаком величине %u, унутрашња целовитост „%s“.\n" -#: src/integritysetup.c:445 src/integritysetup.c:449 +#: src/integritysetup.c:289 +msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." +msgstr "Постављање заставице поновног рачунањ није подржано, можете узети у обзир коришћење опције „--wipe“." + +#: src/integritysetup.c:364 src/integritysetup.c:521 +#, c-format +msgid "Device %s is not a valid INTEGRITY device." +msgstr "Уређај „%s“ није исправан „INTEGRITY“ уређај." + +#: src/integritysetup.c:534 src/integritysetup.c:538 msgid "" msgstr "<уређај_целовитости>" -#: src/integritysetup.c:446 +#: src/integritysetup.c:535 msgid " " msgstr "<уређај_целовитости> <назив>" -#: src/integritysetup.c:468 +#: src/integritysetup.c:558 #, c-format msgid "" "\n" @@ -2842,7 +2851,7 @@ "<назив> јесте уређај за стварање под „%s“\n" "<уређај_целовитости> јесте уређај који садржи податке са ознакама целовитости\n" -#: src/integritysetup.c:473 +#: src/integritysetup.c:563 #, c-format msgid "" "\n" @@ -2855,241 +2864,44 @@ "\tАлгоритам провере суме: %s\n" " Највећа величина датотеке кључа: %dkB\n" -#: src/integritysetup.c:530 +#: src/integritysetup.c:620 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "Неисправна величина „--%s“. Највећа је %u бајта." -#: src/integritysetup.c:628 +#: src/integritysetup.c:720 msgid "Both key file and key size options must be specified." msgstr "Мора бити наведена и опција датотеке кључа и опција величине кључа." -#: src/integritysetup.c:632 +#: src/integritysetup.c:724 msgid "Both journal integrity key file and key size options must be specified." msgstr "Мора бити наведена и опција датотеке кључа целовитости журнала и опција величине кључа." -#: src/integritysetup.c:635 +#: src/integritysetup.c:727 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Алгоритам целовитости журнала мора бити наведен ако се користи кључ целовитости журнала." -#: src/integritysetup.c:639 +#: src/integritysetup.c:731 msgid "Both journal encryption key file and key size options must be specified." msgstr "Мора бити наведена и опција датотеке кључа шифровања журнала и опција величине кључа." -#: src/integritysetup.c:642 +#: src/integritysetup.c:734 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Алгоритам шифровања журнала мора бити наведен ако се користи кључ шифровања журнала." -#: src/integritysetup.c:646 +#: src/integritysetup.c:738 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "Опције режима опоравка и битмапе се узајамно искључују." -#: src/integritysetup.c:653 +#: src/integritysetup.c:745 msgid "Journal options cannot be used in bitmap mode." msgstr "Опције журнала се не могу користити у режиму битмапе." -#: src/integritysetup.c:658 +#: src/integritysetup.c:750 msgid "Bitmap options can be used only in bitmap mode." msgstr "Опције битмапе се могу користити само у режиму битмапе." -#: src/cryptsetup_reencrypt.c:149 -msgid "Reencryption already in-progress." -msgstr "Поновно шифровање је већ у току." - -#: src/cryptsetup_reencrypt.c:185 -#, c-format -msgid "Cannot exclusively open %s, device in use." -msgstr "Не могу изричито да отворим „%s“, уређај је у употреби." - -#: src/cryptsetup_reencrypt.c:199 src/cryptsetup_reencrypt.c:1120 -msgid "Allocation of aligned memory failed." -msgstr "Додела поређане меморије није успела." - -#: src/cryptsetup_reencrypt.c:206 -#, c-format -msgid "Cannot read device %s." -msgstr "Не могу да читам уређај „%s“." - -#: src/cryptsetup_reencrypt.c:217 -#, c-format -msgid "Marking LUKS1 device %s unusable." -msgstr "Означавам ЛУКС1 уређај „%s“ неупотребљивим." - -#: src/cryptsetup_reencrypt.c:221 -#, c-format -msgid "Setting LUKS2 offline reencrypt flag on device %s." -msgstr "Постављам заставицу ЛУКС2 ванмрежног поновног шифровања на уређају „%s“." - -#: src/cryptsetup_reencrypt.c:238 -#, c-format -msgid "Cannot write device %s." -msgstr "Не могу да пишем на уређају „%s“." - -#: src/cryptsetup_reencrypt.c:286 -msgid "Cannot write reencryption log file." -msgstr "Не могу да запишем датотеку дневника поновног шифровања." - -#: src/cryptsetup_reencrypt.c:342 -msgid "Cannot read reencryption log file." -msgstr "Не могу да прочитам датотеку дневника поновног шифровања." - -#: src/cryptsetup_reencrypt.c:353 -msgid "Wrong log format." -msgstr "Погрешан формат дневника." - -#: src/cryptsetup_reencrypt.c:380 -#, c-format -msgid "Log file %s exists, resuming reencryption.\n" -msgstr "Датотека дневника „%s“ постоји, настављам поновно шифровање.\n" - -#: src/cryptsetup_reencrypt.c:429 -msgid "Activating temporary device using old LUKS header." -msgstr "Покрећем привремени уређај користећи старо ЛУКС заглавље." - -#: src/cryptsetup_reencrypt.c:439 -msgid "Activating temporary device using new LUKS header." -msgstr "Покрећем привремени уређај користећи ново ЛУКС заглавље." - -#: src/cryptsetup_reencrypt.c:449 -msgid "Activation of temporary devices failed." -msgstr "Покретање привременог уређаја није успело." - -#: src/cryptsetup_reencrypt.c:536 -msgid "Failed to set data offset." -msgstr "Нисам успео да поставим померај података." - -#: src/cryptsetup_reencrypt.c:542 -msgid "Failed to set metadata size." -msgstr "Нисам успео да поставим величину метаподатака." - -#: src/cryptsetup_reencrypt.c:550 -#, c-format -msgid "New LUKS header for device %s created." -msgstr "Направљено је ново ЛУКС заглавље за уређај „%s“." - -#: src/cryptsetup_reencrypt.c:610 -#, c-format -msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." -msgstr "Ово издање „cryptsetup-reencrypt“ не може да ради са новом унутрашњом врстом скупине „%s“." - -#: src/cryptsetup_reencrypt.c:632 -msgid "Failed to read activation flags from backup header." -msgstr "Нисам успео да прочитам заставице активирања из заглавља резерве." - -#: src/cryptsetup_reencrypt.c:636 -msgid "Failed to write activation flags to new header." -msgstr "Нисам успео да упишем заставице активирања у ново заглавље." - -#: src/cryptsetup_reencrypt.c:640 src/cryptsetup_reencrypt.c:644 -msgid "Failed to read requirements from backup header." -msgstr "Нисам успео да прочитам потрепштине из заглавља резерве." - -#: src/cryptsetup_reencrypt.c:682 -#, c-format -msgid "%s header backup of device %s created." -msgstr "Направљена је резерва „%s“ заглавља за уређај „%s“." - -#: src/cryptsetup_reencrypt.c:745 -msgid "Creation of LUKS backup headers failed." -msgstr "Није успело прављење резерве ЛУКС заглавља." - -#: src/cryptsetup_reencrypt.c:878 -#, c-format -msgid "Cannot restore %s header on device %s." -msgstr "Не могу да повратим „%s“ заглавље на уређају „%s“." - -#: src/cryptsetup_reencrypt.c:880 -#, c-format -msgid "%s header on device %s restored." -msgstr "Повраћено је „%s“ заглавље на уређају „%s“." - -#: src/cryptsetup_reencrypt.c:1092 src/cryptsetup_reencrypt.c:1098 -msgid "Cannot open temporary LUKS device." -msgstr "Не могу да отворим привремени ЛУКС уређај." - -#: src/cryptsetup_reencrypt.c:1103 src/cryptsetup_reencrypt.c:1108 -msgid "Cannot get device size." -msgstr "Не могу да добавим величину уређаја." - -#: src/cryptsetup_reencrypt.c:1143 -msgid "IO error during reencryption." -msgstr "УИ грешка за време поновног шифровања." - -#: src/cryptsetup_reencrypt.c:1174 -msgid "Provided UUID is invalid." -msgstr "Достављени УУИД није исправан." - -#: src/cryptsetup_reencrypt.c:1408 -msgid "Cannot open reencryption log file." -msgstr "Не могу да отворим датотеку дневника поновног шифровања." - -#: src/cryptsetup_reencrypt.c:1414 -msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." -msgstr "Нема описа у напретку, достављени УУИД се може користити само за настављање заустављеног процеса дешифровања." - -#: src/cryptsetup_reencrypt.c:1489 -#, c-format -msgid "Changed pbkdf parameters in keyslot %i." -msgstr "Измењени су „pbkdf“ параметри у утору кључа %i." - -#: src/cryptsetup_reencrypt.c:1614 -msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "Само вредности између 1 MiB и 64 MiB су допуштене завеличину блока поновног шифровања." - -#: src/cryptsetup_reencrypt.c:1628 -msgid "Maximum device reduce size is 64 MiB." -msgstr "Највећа величина смањења уређаја је 64 MiB." - -#: src/cryptsetup_reencrypt.c:1669 -msgid "[OPTION...] " -msgstr "[ОПЦИЈА...] <уређај>" - -#: src/cryptsetup_reencrypt.c:1677 -#, c-format -msgid "Reencryption will change: %s%s%s%s%s%s." -msgstr "Поновно шифровање ће изменити: %s%s%s%s%s%s." - -#: src/cryptsetup_reencrypt.c:1678 -msgid "volume key" -msgstr "кључ волумена" - -#: src/cryptsetup_reencrypt.c:1680 -msgid "set hash to " -msgstr "поставља хеш на " - -#: src/cryptsetup_reencrypt.c:1681 -msgid ", set cipher to " -msgstr ", поставља шифрера на " - -#: src/cryptsetup_reencrypt.c:1685 -msgid "Argument required." -msgstr "Потребан је аргумент." - -#: src/cryptsetup_reencrypt.c:1712 -msgid "Option --new must be used together with --reduce-device-size or --header." -msgstr "Опција „--new“ се мора користити са „--reduce-device-size“ или „--header“." - -#: src/cryptsetup_reencrypt.c:1716 -msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." -msgstr "Опција „--keep-key“ може да се користи само са „--hash“, „--iter-time“ или „--pbkdf-force-iterations“." - -#: src/cryptsetup_reencrypt.c:1720 -msgid "Option --new cannot be used together with --decrypt." -msgstr "Опција „--new“ не може да се користи са „--decrypt“." - -#: src/cryptsetup_reencrypt.c:1726 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "Опција „--decrypt“ није сагласна са наведеним параметрима." - -#: src/cryptsetup_reencrypt.c:1730 -msgid "Option --uuid is allowed only together with --decrypt." -msgstr "Опција „--uuid“ је дозвољена само заједно са „--decrypt“." - -#: src/cryptsetup_reencrypt.c:1734 -msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." -msgstr "Неисправна лукс врста. Користите: „luks“, „luks1“ или „luks2“." - -#: src/utils_tools.c:119 +#: src/utils_tools.c:118 msgid "" "\n" "WARNING!\n" @@ -3100,7 +2912,7 @@ "========\n" #. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word. -#: src/utils_tools.c:121 +#: src/utils_tools.c:120 #, c-format msgid "" "%s\n" @@ -3111,147 +2923,173 @@ "\n" "Да ли сте сигурни? (Упишите „yes“ великим словима): " -#: src/utils_tools.c:127 +#: src/utils_tools.c:126 msgid "Error reading response from terminal." msgstr "Грешка читања одговора из терминала." -#: src/utils_tools.c:159 +#: src/utils_tools.c:158 msgid "Command successful." msgstr "Наредба је успела." -#: src/utils_tools.c:167 +#: src/utils_tools.c:166 msgid "wrong or missing parameters" msgstr "погрешни или недостајући параметри" -#: src/utils_tools.c:169 +#: src/utils_tools.c:168 msgid "no permission or bad passphrase" msgstr "нема овлашћења или је лоша пропусна реч" -#: src/utils_tools.c:171 +#: src/utils_tools.c:170 msgid "out of memory" msgstr "нема више меморије" -#: src/utils_tools.c:173 +#: src/utils_tools.c:172 msgid "wrong device or file specified" msgstr "наведен је погрешан уређај или датотека" -#: src/utils_tools.c:175 +#: src/utils_tools.c:174 msgid "device already exists or device is busy" msgstr "уређај већ постоји или је заузет" -#: src/utils_tools.c:177 +#: src/utils_tools.c:176 msgid "unknown error" msgstr "непозната грешка" -#: src/utils_tools.c:179 +#: src/utils_tools.c:178 #, c-format msgid "Command failed with code %i (%s)." msgstr "Наредба није успела са кодом %i (%s)." -#: src/utils_tools.c:257 +#: src/utils_tools.c:256 #, c-format msgid "Key slot %i created." msgstr "Утор кључа „%i“ је направљен." -#: src/utils_tools.c:259 +#: src/utils_tools.c:258 #, c-format msgid "Key slot %i unlocked." msgstr "Утор кључа „%i“ је откључан." -#: src/utils_tools.c:261 +#: src/utils_tools.c:260 #, c-format msgid "Key slot %i removed." msgstr "Утор кључа „%i“ је уклоњен." -#: src/utils_tools.c:270 +#: src/utils_tools.c:269 #, c-format msgid "Token %i created." msgstr "Скупина „%i“ је направљена." -#: src/utils_tools.c:272 +#: src/utils_tools.c:271 #, c-format msgid "Token %i removed." msgstr "Скупина „%i“ је уклоњена." -#: src/utils_tools.c:282 +#: src/utils_tools.c:281 msgid "No token could be unlocked with this PIN." msgstr "Ниједна скупина неће бити откључана овим ПИН-ом." -#: src/utils_tools.c:284 +#: src/utils_tools.c:283 #, c-format msgid "Token %i requires PIN." msgstr "Скупина „%i“ захтева ПИН." -#: src/utils_tools.c:286 +#: src/utils_tools.c:285 #, c-format msgid "Token (type %s) requires PIN." msgstr "Скупина (врста „%s“) захтева ПИН." -#: src/utils_tools.c:289 +#: src/utils_tools.c:288 #, c-format msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." msgstr "Скупина „%i“ не може да откључа додељени утор кључа (погрешна лозинка)." -#: src/utils_tools.c:291 +#: src/utils_tools.c:290 #, c-format msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." msgstr "Скупина (врста „%s“) не може да откључа додељени утор кључа (погрешна лозинка)." -#: src/utils_tools.c:294 +#: src/utils_tools.c:293 #, c-format msgid "Token %i requires additional missing resource." msgstr "Скупина „%i“ захтева додтни ресурс који недостаје." -#: src/utils_tools.c:296 +#: src/utils_tools.c:295 #, c-format msgid "Token (type %s) requires additional missing resource." msgstr "Скупина (врста „%s“) захтева додтни ресурс који недостаје." -#: src/utils_tools.c:299 +#: src/utils_tools.c:298 #, c-format msgid "No usable token (type %s) is available." msgstr "Нема доступне употребљиве скупине (врста „%s“)." -#: src/utils_tools.c:301 +#: src/utils_tools.c:300 msgid "No usable token is available." msgstr "Нема доступне употребљиве скупине." -#: src/utils_tools.c:463 -msgid "" -"\n" -"Wipe interrupted." -msgstr "" -"\n" -"Брисање је прекинуто." - -#: src/utils_tools.c:492 -msgid "" -"\n" -"Reencryption interrupted." -msgstr "" -"\n" -"Поновно шифровање је прекинуто." - -#: src/utils_tools.c:511 +#: src/utils_tools.c:393 #, c-format msgid "Cannot read keyfile %s." msgstr "Не могу да прочитам датотеку кључа „%s“." -#: src/utils_tools.c:516 +#: src/utils_tools.c:398 #, c-format msgid "Cannot read %d bytes from keyfile %s." msgstr "Не могу да прочитам %d бајта из датотеке кључа „%s“." -#: src/utils_tools.c:541 +#: src/utils_tools.c:423 #, c-format msgid "Cannot open keyfile %s for write." msgstr "Не могу да отворим датотеку кључа „%s“ за упис." -#: src/utils_tools.c:548 +#: src/utils_tools.c:430 #, c-format msgid "Cannot write to keyfile %s." msgstr "Не могу да пишем у датотеку кључа „%s“." +#: src/utils_progress.c:74 +#, c-format +msgid "%02m%02s" +msgstr "%02m%02s" + +#: src/utils_progress.c:76 +#, c-format +msgid "%02h%02m%02s" +msgstr "%02h%02m%02s" + +#: src/utils_progress.c:78 +#, c-format +msgid "%02 days" +msgstr "%02 дана" + +#: src/utils_progress.c:105 src/utils_progress.c:138 +#, c-format +msgid "%4 %s written" +msgstr "%4 „%s“ је записано" + +#: src/utils_progress.c:109 src/utils_progress.c:142 +#, c-format +msgid "speed %5.1f %s/s" +msgstr "брзина %5.1f %s/s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. 'eol' is always new-line or empty. +#. See above. +#. +#: src/utils_progress.c:118 +#, c-format +msgid "Progress: %5.1f%%, ETA %s, %s, %s%s" +msgstr "Напредовање: %5.1f%%, ETA %s, %s, %s%s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. See above +#. +#: src/utils_progress.c:150 +#, c-format +msgid "Finished, time %s, %s, %s\n" +msgstr "Завршено, време %s, %s, %s\n" + #: src/utils_password.c:41 src/utils_password.c:74 #, c-format msgid "Cannot check password quality: %s" @@ -3271,54 +3109,58 @@ msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Провера квалитета лозинке није успела: Лоша шифра (%s)" -#: src/utils_password.c:224 src/utils_password.c:238 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Грешка читања пропусне речи из терминала." -#: src/utils_password.c:236 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Провери пропусну реч: " -#: src/utils_password.c:243 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "Пропусне речи се не подударају." -#: src/utils_password.c:280 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Не могу да користим померај са улазом терминала." -#: src/utils_password.c:283 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "Унесите пропусну реч: " -#: src/utils_password.c:286 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "Унесите пропусну реч за „%s“: " -#: src/utils_password.c:317 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "Нема доступног кључа са овом пропусном речју." -#: src/utils_password.c:319 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Нема доступног употребљивог утора кључа." -#: src/utils_luks2.c:47 +#: src/utils_luks.c:67 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Не могу да одрадим проверу пропусне речи на не-конзолним улазима." + +#: src/utils_luks.c:182 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Нисам успео да отворим датотеку „%s“ у режиму само за читање." -#: src/utils_luks2.c:60 +#: src/utils_luks.c:195 msgid "Provide valid LUKS2 token JSON:\n" msgstr "Обезбеђује исправан „JSON“ ЛУКС2 скупине:\n" -#: src/utils_luks2.c:67 +#: src/utils_luks.c:202 msgid "Failed to read JSON file." msgstr "Нисам успео да прочитам „JSON“ датотеку." -#: src/utils_luks2.c:72 +#: src/utils_luks.c:207 msgid "" "\n" "Read interrupted." @@ -3326,12 +3168,12 @@ "\n" "Читање је прекинуто." -#: src/utils_luks2.c:113 +#: src/utils_luks.c:248 #, c-format msgid "Failed to open file %s in write mode." msgstr "Нисам успео да отворим датотеку „%s“ у режиму писања." -#: src/utils_luks2.c:122 +#: src/utils_luks.c:257 msgid "" "\n" "Write interrupted." @@ -3339,54 +3181,409 @@ "\n" "Писање је прекинуто." -#: src/utils_luks2.c:126 +#: src/utils_luks.c:261 msgid "Failed to write JSON file." msgstr "Нисам успео да упишем „JSON“ датотеку." -#: src/utils_blockdev.c:192 +#: src/utils_reencrypt.c:120 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Самооткривени активан дм уређај „%sд за уређај података „%s“.\n" + +#: src/utils_reencrypt.c:124 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Нисам успео да самооткријем држаче „%s“ уређаја." + +#: src/utils_reencrypt.c:130 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Уређај „%s“ није блок уређај.\n" + +#: src/utils_reencrypt.c:132 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Не могу да одлучим да ли је уређај „%s“ активиран или није.\n" +"Да ли сигурно желите да наставите са поновним шифровањем у режиму ван мреже?\n" +"То може довести до оштећења података ако је уређај заправо активиран.\n" +"Да покренете поновно шифровање у режиму на мрежи, користите параметар „--active-name“.\n" + +#: src/utils_reencrypt.c:175 +msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." +msgstr "Уређај није у ЛУКС2 шифровању. Сукобљавајућа опција „--encrypt“." + +#: src/utils_reencrypt.c:180 +msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." +msgstr "Уређај није у ЛУКС2 шифровању. Сукобљавајућа опција „--decrypt“." + +#: src/utils_reencrypt.c:187 +msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." +msgstr "Уређај је у поновном шифровању користећи гипкост помака података. Захтевана опција „--resilience“ се не може применити." + +#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 +#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Захтевана опција „--resilience“ се не може применити на текућој радњи поновног шифровања." + +#: src/utils_reencrypt.c:258 +msgid "Device requires reencryption recovery. Run repair first." +msgstr "Уређај захтева опоравак поновног шифровања. Прво покрените поправку." + +#: src/utils_reencrypt.c:268 +#, c-format +msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" +msgstr "Уређај „%s“ је већ у ЛУКС2 поновном шифровању. Да ли желите да наставите са претходно започетом радњом?" + +#: src/utils_reencrypt.c:314 +msgid "Legacy LUKS2 reencryption is no longer supported." +msgstr "Старо ЛУКС2 поновно шифровања више није подржано." + +#: src/utils_reencrypt.c:379 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Поновно шифровање уређаја са профилом целовитости није подржано." + +#: src/utils_reencrypt.c:410 +#, c-format +msgid "" +"Requested --sector-size % is incompatible with %s superblock\n" +"(block size: % bytes) detected on device %s." +msgstr "" +"Захтевано „--sector-size“ % је несагласно са „%s“ суперблоком\n" +"(величина блока: % бајта) је откривено на уређају „%s“." + +#: src/utils_reencrypt.c:455 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Шифровање без откаченог заглавља (--header) није могуће без смањења величине уређаја података (--reduce-device-size)." + +#: src/utils_reencrypt.c:461 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Затражени померај података мора бити мањи или једнак половини параметра „--reduce-device-size“." + +#: src/utils_reencrypt.c:471 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Подешавам „--reduce-device-size“ вредност на двоструко од „--offset“ % (подеока).\n" + +#: src/utils_reencrypt.c:501 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Привремена датотека заглавља „%s“ већ постоји. Прекидам." + +#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Не могу да направим привремену датотеку заглавља „%s“." + +#: src/utils_reencrypt.c:535 +msgid "LUKS2 metadata size is larger than data shift value." +msgstr "Величина ЛУКС2 метаподатака је већа од вредности помака података." + +#: src/utils_reencrypt.c:572 +#, c-format +msgid "Failed to place new header at head of device %s." +msgstr "Нисам успео да ставим ново заглавље на главу уређаја „%s“." + +#: src/utils_reencrypt.c:582 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "„%s/%s“ је сада активно и спремно за шифровање на мрежи.\n" + +#: src/utils_reencrypt.c:618 +#, c-format +msgid "Active device %s is not LUKS2." +msgstr "Радни уређај „%s“ није ЛУКС2." + +#: src/utils_reencrypt.c:646 +msgid "Restoring original LUKS2 header." +msgstr "Враћам изворно ЛУКС2 заглавље." + +#: src/utils_reencrypt.c:654 +msgid "Original LUKS2 header restore failed." +msgstr "Враћање изворног ЛУКС2 заглавља није успело." + +#: src/utils_reencrypt.c:722 +msgid "Failed to add read/write permissions to exported header file." +msgstr "Нисам успео да додам дозволе за читање/писање у извезену датотеку заглавља." + +#: src/utils_reencrypt.c:775 +#, c-format +msgid "Reencryption initialization failed. Header backup is available in %s." +msgstr "Покретање поновног шифровања није успело. Резерва заглавља је доступна у „%s“." + +#: src/utils_reencrypt.c:803 +msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." +msgstr "ЛУКС2 дешифровање је подржано само са откаченим уређајем заглавља (са померајем података постављеним на 0)." + +#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +msgid "Not enough free keyslots for reencryption." +msgstr "Нема довољно слободних утора кључева за поновно шифровање." + +#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Датотека кључа може бити коришћена само са „--key-slot“ или са тачно једним активним утором кључа." + +#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt_luks1.c:1158 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Унесите пропусну реч за утор кључа %d: " + +#: src/utils_reencrypt.c:985 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Унесите пропусну реч за утор кључа %u: " + +#: src/utils_reencrypt.c:1037 +#, c-format +msgid "Switching data encryption cipher to %s.\n" +msgstr "Пребацујем шифрера података на „%s“.\n" + +#: src/utils_reencrypt.c:1091 +msgid "No data segment parameters changed. Reencryption aborted." +msgstr "Никакви параметри подеока података нису измењени. Поновно шифровање је прекинуто." + +#: src/utils_reencrypt.c:1187 +msgid "" +"Encryption sector size increase on offline device is not supported.\n" +"Activate the device first or use --force-offline-reencrypt option (dangerous!)." +msgstr "" +"Повећање величине одељка шифровања на не прикљученом уређају није подржано.\n" +"Прво покрените уређај или користите опцију „--force-offline-reencrypt“ (опасно, вруће!!)." + +#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt_luks1.c:798 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Поновно шифровање је прекинуто." + +#: src/utils_reencrypt.c:1232 +msgid "Resuming LUKS reencryption in forced offline mode.\n" +msgstr "Настављам са ЛУКС2 поновним шифровањем у насилном ванмрежном режиму.\n" + +#: src/utils_reencrypt.c:1249 +#, c-format +msgid "Device %s contains broken LUKS metadata. Aborting operation." +msgstr "Уређај „%s“ садржи оштећене ЛУКС2 метаподатке. Прекидам радњу." + +#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#, c-format +msgid "Device %s is already LUKS device. Aborting operation." +msgstr "Уређај „%s“ већ јесте ЛУКС уређај. Прекидам радњу." + +#: src/utils_reencrypt.c:1293 +#, c-format +msgid "Device %s is already in LUKS reencryption. Aborting operation." +msgstr "Уређај „%s“ је већ у ЛУКС2 поновном шифровању. Прекидам радњу." + +#: src/utils_reencrypt.c:1366 +msgid "LUKS2 decryption requires --header option." +msgstr "ЛУКС2 дешифровање захтева опцију „--header“." + +#: src/utils_reencrypt.c:1414 +msgid "Command requires device as argument." +msgstr "Наредба захтева уређај као аргумент." + +#: src/utils_reencrypt.c:1427 +#, c-format +msgid "Conflicting versions. Device %s is LUKS1." +msgstr "Сукобљавајућа издања. Уређај „%s“ је ЛУКС1." + +#: src/utils_reencrypt.c:1433 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS1 reencryption." +msgstr "Сукобљавајућа издања. Уређај „%s“ је у ЛУКС1 поновном шифровању." + +#: src/utils_reencrypt.c:1439 +#, c-format +msgid "Conflicting versions. Device %s is LUKS2." +msgstr "Сукобљавајућа издања. Уређај „%s“ је ЛУКС2." + +#: src/utils_reencrypt.c:1445 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS2 reencryption." +msgstr "Сукобљавајућа издања. Уређај „%s“ је у ЛУКС2 поновном шифровању." + +#: src/utils_reencrypt.c:1451 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "ЛУКС2 поновно шифровање је већ покренуто. Прекидам радњу." + +#: src/utils_reencrypt.c:1458 +msgid "Device reencryption not in progress." +msgstr "Поновно шифровање уређаја није у току." + +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Не могу изричито да отворим „%s“, уређај је у употреби." + +#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945 +msgid "Allocation of aligned memory failed." +msgstr "Додела поређане меморије није успела." + +#: src/utils_reencrypt_luks1.c:150 +#, c-format +msgid "Cannot read device %s." +msgstr "Не могу да читам уређај „%s“." + +#: src/utils_reencrypt_luks1.c:161 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Означавам ЛУКС1 уређај „%s“ неупотребљивим." + +#: src/utils_reencrypt_luks1.c:177 +#, c-format +msgid "Cannot write device %s." +msgstr "Не могу да пишем на уређају „%s“." + +#: src/utils_reencrypt_luks1.c:226 +msgid "Cannot write reencryption log file." +msgstr "Не могу да запишем датотеку дневника поновног шифровања." + +#: src/utils_reencrypt_luks1.c:282 +msgid "Cannot read reencryption log file." +msgstr "Не могу да прочитам датотеку дневника поновног шифровања." + +#: src/utils_reencrypt_luks1.c:293 +msgid "Wrong log format." +msgstr "Погрешан формат дневника." + +#: src/utils_reencrypt_luks1.c:320 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Датотека дневника „%s“ постоји, настављам поновно шифровање.\n" + +#: src/utils_reencrypt_luks1.c:369 +msgid "Activating temporary device using old LUKS header." +msgstr "Покрећем привремени уређај користећи старо ЛУКС заглавље." + +#: src/utils_reencrypt_luks1.c:379 +msgid "Activating temporary device using new LUKS header." +msgstr "Покрећем привремени уређај користећи ново ЛУКС заглавље." + +#: src/utils_reencrypt_luks1.c:389 +msgid "Activation of temporary devices failed." +msgstr "Покретање привременог уређаја није успело." + +#: src/utils_reencrypt_luks1.c:449 +msgid "Failed to set data offset." +msgstr "Нисам успео да поставим померај података." + +#: src/utils_reencrypt_luks1.c:455 +msgid "Failed to set metadata size." +msgstr "Нисам успео да поставим величину метаподатака." + +#: src/utils_reencrypt_luks1.c:463 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Направљено је ново ЛУКС заглавље за уређај „%s“." + +#: src/utils_reencrypt_luks1.c:500 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Направљена је резерва „%s“ заглавља за уређај „%s“." + +#: src/utils_reencrypt_luks1.c:556 +msgid "Creation of LUKS backup headers failed." +msgstr "Није успело прављење резерве ЛУКС заглавља." + +#: src/utils_reencrypt_luks1.c:685 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Не могу да повратим „%s“ заглавље на уређају „%s“." + +#: src/utils_reencrypt_luks1.c:687 +#, c-format +msgid "%s header on device %s restored." +msgstr "Повраћено је „%s“ заглавље на уређају „%s“." + +#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923 +msgid "Cannot open temporary LUKS device." +msgstr "Не могу да отворим привремени ЛУКС уређај." + +#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933 +msgid "Cannot get device size." +msgstr "Не могу да добавим величину уређаја." + +#: src/utils_reencrypt_luks1.c:968 +msgid "IO error during reencryption." +msgstr "УИ грешка за време поновног шифровања." + +#: src/utils_reencrypt_luks1.c:998 +msgid "Provided UUID is invalid." +msgstr "Достављени УУИД није исправан." + +#: src/utils_reencrypt_luks1.c:1220 +msgid "Cannot open reencryption log file." +msgstr "Не могу да отворим датотеку дневника поновног шифровања." + +#: src/utils_reencrypt_luks1.c:1226 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Нема описа у напретку, достављени УУИД се може користити само за настављање заустављеног процеса дешифровања." + +#: src/utils_reencrypt_luks1.c:1280 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Поновно шифровање ће изменити: %s%s%s%s%s%s." + +#: src/utils_reencrypt_luks1.c:1281 +msgid "volume key" +msgstr "кључ волумена" + +#: src/utils_reencrypt_luks1.c:1283 +msgid "set hash to " +msgstr "поставља хеш на " + +#: src/utils_reencrypt_luks1.c:1284 +msgid ", set cipher to " +msgstr ", поставља шифрера на " + +#: src/utils_blockdev.c:189 #, c-format msgid "WARNING: Device %s already contains a '%s' partition signature.\n" msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис партиције.\n" -#: src/utils_blockdev.c:200 +#: src/utils_blockdev.c:197 #, c-format msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис суперблока.\n" -#: src/utils_blockdev.c:221 src/utils_blockdev.c:285 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 msgid "Failed to initialize device signature probes." msgstr "Нисам успео да покренем пробе потписа уређаја." -#: src/utils_blockdev.c:265 +#: src/utils_blockdev.c:274 #, c-format msgid "Failed to stat device %s." msgstr "Нисам успео да добавим податке уређаја „%s“." -#: src/utils_blockdev.c:278 -#, c-format -msgid "Device %s is in use. Cannot proceed with format operation." -msgstr "Уређај „%s“ је у употреби. Не могу да наставим са радњом форматирања." - -#: src/utils_blockdev.c:280 +#: src/utils_blockdev.c:289 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Нисам успео да отворим датотеку „%s“ у режиму читања/писања." -#: src/utils_blockdev.c:294 +#: src/utils_blockdev.c:307 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "Постојећи потпис „%s“ партиције на уређају „%s“ биће обрисан." -#: src/utils_blockdev.c:297 +#: src/utils_blockdev.c:310 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "Постојећи потпис „%s“ суперблока на уређају „%s“ биће обрисан." -#: src/utils_blockdev.c:300 +#: src/utils_blockdev.c:313 msgid "Failed to wipe device signature." msgstr "Нисам успео да обришем потпис уређаја." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:320 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Нисам успео да испробам уређај „%s“ за потписом." @@ -3396,16 +3593,16 @@ msgid "Invalid size specification in parameter --%s." msgstr "Неисправна одредба величине у параметру „--%s“." -#: src/utils_args.c:121 +#: src/utils_args.c:125 #, c-format msgid "Option --%s is not allowed with %s action." msgstr "Опција „--%s“ није дозвољена са радњом „%s“." -#: tokens/ssh/cryptsetup-ssh.c:108 +#: tokens/ssh/cryptsetup-ssh.c:110 msgid "Failed to write ssh token json." msgstr "Нисам успео да запишем „json“ скупине безбедне шкољке." -#: tokens/ssh/cryptsetup-ssh.c:126 +#: tokens/ssh/cryptsetup-ssh.c:128 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3421,110 +3618,110 @@ "\n" "Напомена: Информација достављена приликом додавања скупине (адреса сервера безбедне шкољке, корисник и путање) биће смештена у ЛУКС2 заглављу у обичном тексту." -#: tokens/ssh/cryptsetup-ssh.c:136 +#: tokens/ssh/cryptsetup-ssh.c:138 msgid " " msgstr "<радња> <уређај>" -#: tokens/ssh/cryptsetup-ssh.c:139 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "Options for the 'add' action:" msgstr "Опције за радњу „add“ (додај):" -#: tokens/ssh/cryptsetup-ssh.c:140 +#: tokens/ssh/cryptsetup-ssh.c:142 msgid "IP address/URL of the remote server for this token" msgstr "ИП адреса/УРЛ удаљеног сервера за ову скупину" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:143 msgid "Username used for the remote server" msgstr "Корисничко име коришћено за удаљени сервер" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:144 msgid "Path to the key file on the remote server" msgstr "Путања до датотеке кључа на удаљеном серверу" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:145 msgid "Path to the SSH key for connecting to the remote server" msgstr "Путања до кључа безбедне шкољке за повезивање на удаљени сервер" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:146 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Утор кључа коме се додељује скупина. Ако није наведено, скупина ће бити додељена првом утору кључа који поклопи достављену лозинку." -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:148 msgid "Generic options:" msgstr "Опште опције:" -#: tokens/ssh/cryptsetup-ssh.c:147 +#: tokens/ssh/cryptsetup-ssh.c:149 msgid "Shows more detailed error messages" msgstr "Приказује опширније поруке о грешкама" -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:150 msgid "Show debug messages" msgstr "Приказује поруке прочишћавања" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "Show debug messages including JSON metadata" msgstr "Приказује поруке прочишћавања укључујући „JSON“ метаподатке" -#: tokens/ssh/cryptsetup-ssh.c:260 +#: tokens/ssh/cryptsetup-ssh.c:262 msgid "Failed to open and import private key:\n" msgstr "Нисам успео да отворим и увезем приватни кључ:\n" -#: tokens/ssh/cryptsetup-ssh.c:264 +#: tokens/ssh/cryptsetup-ssh.c:266 msgid "Failed to import private key (password protected?).\n" msgstr "Нисам успео да увезем приватни кључ (заштићен лозинком?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:268 #, c-format msgid "%s@%s's password: " msgstr "„%s@%s“ лозинка: " -#: tokens/ssh/cryptsetup-ssh.c:355 +#: tokens/ssh/cryptsetup-ssh.c:357 #, c-format msgid "Failed to parse arguments.\n" msgstr "Нисам успео да обрадим аргументе.\n" -#: tokens/ssh/cryptsetup-ssh.c:366 +#: tokens/ssh/cryptsetup-ssh.c:368 #, c-format msgid "An action must be specified\n" msgstr "Мора бити наведена радња\n" -#: tokens/ssh/cryptsetup-ssh.c:372 +#: tokens/ssh/cryptsetup-ssh.c:374 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Уређај мора бити наведен за радњу „%s“.\n" -#: tokens/ssh/cryptsetup-ssh.c:377 +#: tokens/ssh/cryptsetup-ssh.c:379 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Сервер безбедне шкољке мора бити наведен за радњу „%s“.\n" -#: tokens/ssh/cryptsetup-ssh.c:382 +#: tokens/ssh/cryptsetup-ssh.c:384 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "Корисник безбедне шкољке мора бити наведен за радњу „%s“.\n" -#: tokens/ssh/cryptsetup-ssh.c:387 +#: tokens/ssh/cryptsetup-ssh.c:389 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "Путања безбедне шкољке мора бити наведена за радњу „%s“.\n" -#: tokens/ssh/cryptsetup-ssh.c:392 +#: tokens/ssh/cryptsetup-ssh.c:394 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "Путања кључа безбедне шкољке мора бити наведена за радњу „%s“.\n" -#: tokens/ssh/cryptsetup-ssh.c:399 +#: tokens/ssh/cryptsetup-ssh.c:401 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "Нисам успео да отворим „%s“ користећи достављена уверења.\n" -#: tokens/ssh/cryptsetup-ssh.c:415 +#: tokens/ssh/cryptsetup-ssh.c:417 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "Само радња „add“ (додај) је тренутно подржана овим прикључком.\n" -#: tokens/ssh/ssh-utils.c:46 tokens/ssh/ssh-utils.c:59 +#: tokens/ssh/ssh-utils.c:46 msgid "Cannot create sftp session: " msgstr "Не могу да направим сфтп сесију: " @@ -3532,6 +3729,10 @@ msgid "Cannot init sftp session: " msgstr "Не могу да покренем сфтп сесију: " +#: tokens/ssh/ssh-utils.c:59 +msgid "Cannot open sftp session: " +msgstr "Не могу да отворим сфтп сесију: " + #: tokens/ssh/ssh-utils.c:66 msgid "Cannot stat sftp file: " msgstr "Не могу да добавим податке сфтп датотеке: " @@ -3560,6 +3761,81 @@ msgid "Public key authentication error: " msgstr "Грешка потврђивања идентитета јавног кључа: " +#~ msgid "Failed to read BITLK signature from %s." +#~ msgstr "Нисам успео да прочитам „BITLK“ потпис из „%s“." + +#~ msgid "Invalid or unknown signature for BITLK device." +#~ msgstr "Неисправан или непознат потпис за „BITLK“ уређај." + +#~ msgid "Failed to wipe backup segment data." +#~ msgstr "Нисам успео да очистим податке подеока резерве." + +#~ msgid "Failed to disable reencryption requirement flag." +#~ msgstr "Нисам успео да искључим заставицу захтева поновног шифровања." + +#~ msgid "Encryption is supported only for LUKS2 format." +#~ msgstr "Шифровање је подржано само за ЛУКС2 запис." + +#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +#~ msgstr "Откривен је ЛУКС уређај на „%s“. Да ли желите опет да шифрујете тај ЛУКС уређај?" + +#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +#~ msgstr "Само је ЛУКС2 запис тренутно подржан. Користите алат „cryptsetup-reencrypt“ за ЛУКС1." + +#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +#~ msgstr "Старо ванмрежно поновно шифровање је већ у току. Користите помагало „cryptsetup-reencrypt“." + +#~ msgid "LUKS2 device is not in reencryption." +#~ msgstr "ЛУКС2 уређај није у поновном шифровању." + +#~ msgid "Setting LUKS2 offline reencrypt flag on device %s." +#~ msgstr "Постављам заставицу ЛУКС2 ванмрежног поновног шифровања на уређају „%s“." + +#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +#~ msgstr "Ово издање „cryptsetup-reencrypt“ не може да ради са новом унутрашњом врстом скупине „%s“." + +#~ msgid "Failed to read activation flags from backup header." +#~ msgstr "Нисам успео да прочитам заставице активирања из заглавља резерве." + +#~ msgid "Failed to read requirements from backup header." +#~ msgstr "Нисам успео да прочитам потрепштине из заглавља резерве." + +#~ msgid "Changed pbkdf parameters in keyslot %i." +#~ msgstr "Измењени су „pbkdf“ параметри у утору кључа %i." + +#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +#~ msgstr "Само вредности између 1 MiB и 64 MiB су допуштене завеличину блока поновног шифровања." + +#~ msgid "Maximum device reduce size is 64 MiB." +#~ msgstr "Највећа величина смањења уређаја је 64 MiB." + +#~ msgid "[OPTION...] " +#~ msgstr "[ОПЦИЈА...] <уређај>" + +#~ msgid "Argument required." +#~ msgstr "Потребан је аргумент." + +#~ msgid "Option --new must be used together with --reduce-device-size or --header." +#~ msgstr "Опција „--new“ се мора користити са „--reduce-device-size“ или „--header“." + +#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +#~ msgstr "Опција „--keep-key“ може да се користи само са „--hash“, „--iter-time“ или „--pbkdf-force-iterations“." + +#~ msgid "Option --new cannot be used together with --decrypt." +#~ msgstr "Опција „--new“ не може да се користи са „--decrypt“." + +#~ msgid "Option --decrypt is incompatible with specified parameters." +#~ msgstr "Опција „--decrypt“ није сагласна са наведеним параметрима." + +#~ msgid "Option --uuid is allowed only together with --decrypt." +#~ msgstr "Опција „--uuid“ је дозвољена само заједно са „--decrypt“." + +#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +#~ msgstr "Неисправна лукс врста. Користите: „luks“, „luks1“ или „luks2“." + +#~ msgid "Device %s is in use. Cannot proceed with format operation." +#~ msgstr "Уређај „%s“ је у употреби. Не могу да наставим са радњом форматирања." + #~ msgid "No free token slot." #~ msgstr "Нема слободног утора скупине." diff -Nru cryptsetup-2.5.0/po/sv.po cryptsetup-2.6.1/po/sv.po --- cryptsetup-2.5.0/po/sv.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/sv.po 2023-02-09 16:12:17.000000000 +0000 @@ -1,15 +1,15 @@ # Swedish translation for cryptsetup. -# Copyright © 2021 Free Software Foundation, Inc. +# Copyright © 2022 Free Software Foundation, Inc. # This file is distributed under the same license as the cryptsetup package. -# Daniel Nylander , 2009. -# Josef Andersson , 2016-2021. # +# Daniel Nylander , 2009. +# Josef Andersson , 2016-2022. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.4.2-rc0\n" -"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2021-11-11 19:08+0100\n" -"PO-Revision-Date: 2021-12-12 08:46+0100\n" +"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" +"POT-Creation-Date: 2022-07-14 14:04+0200\n" +"PO-Revision-Date: 2022-11-11 12:23+0100\n" "Last-Translator: Josef Andersson \n" "Language-Team: Swedish \n" "Language: sv\n" @@ -17,70 +17,70 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -"X-Generator: Poedit 3.0\n" +"X-Generator: Lokalize 22.08.3\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: lib/libdevmapper.c:396 +#: lib/libdevmapper.c:417 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Det går inte att initiera device-mapper, kör som icke-root-användare." -#: lib/libdevmapper.c:399 +#: lib/libdevmapper.c:420 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Det går inte att initiera device-mapper. Är kärnmodulen dm_mod inläst?" -#: lib/libdevmapper.c:1170 +#: lib/libdevmapper.c:1171 msgid "Requested deferred flag is not supported." msgstr "Begärd flagga deferred stöds inte." -#: lib/libdevmapper.c:1239 +#: lib/libdevmapper.c:1240 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID för enheten %s förkortades." -#: lib/libdevmapper.c:1567 +#: lib/libdevmapper.c:1570 msgid "Unknown dm target type." msgstr "Okänd måltyp dm." -#: lib/libdevmapper.c:1688 lib/libdevmapper.c:1693 lib/libdevmapper.c:1757 -#: lib/libdevmapper.c:1760 +#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 +#: lib/libdevmapper.c:1766 msgid "Requested dm-crypt performance options are not supported." msgstr "Begärd flagga för dm-crypt-prestanda stöds inte." -#: lib/libdevmapper.c:1700 lib/libdevmapper.c:1704 +#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Begärd flagga för dm-verity-dataintegritet stöds inte." -#: lib/libdevmapper.c:1708 +#: lib/libdevmapper.c:1714 msgid "Requested dm-verity FEC options are not supported." msgstr "Begärd flagga dm-verity FEC stöds inte." -#: lib/libdevmapper.c:1712 +#: lib/libdevmapper.c:1718 msgid "Requested data integrity options are not supported." msgstr "Begärd flagga för dataintegritet stöds inte." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1720 msgid "Requested sector_size option is not supported." msgstr "Begärd flagga sector_size stöds inte." -#: lib/libdevmapper.c:1719 lib/libdevmapper.c:1723 +#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Begärd automatisk beräkning av integritetstaggar stöds inte." -#: lib/libdevmapper.c:1727 lib/libdevmapper.c:1763 lib/libdevmapper.c:1766 -#: lib/luks2/luks2_json_metadata.c:2204 +#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 +#: lib/luks2/luks2_json_metadata.c:2552 msgid "Discard/TRIM is not supported." msgstr "Discard/TRIM stöds inte." -#: lib/libdevmapper.c:1731 +#: lib/libdevmapper.c:1737 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Begärt dm-integrity bitmap-läge stöds inte." -#: lib/libdevmapper.c:2705 +#: lib/libdevmapper.c:2763 #, c-format msgid "Failed to query dm-%s segment." msgstr "Misslyckades med att läsa dm-%s-segment." -#: lib/random.c:75 +#: lib/random.c:74 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -88,24 +88,24 @@ "Systemet fick slut på entropi under generering av volymnyckeln.\n" "Rör på musen eller skriv in text i ett annat fönster för att samla in slumpmässiga händelser.\n" -#: lib/random.c:79 +#: lib/random.c:78 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Genererar nyckel (%d%% done).\n" -#: lib/random.c:165 +#: lib/random.c:164 msgid "Running in FIPS mode." msgstr "Kör i FIPS-läge." -#: lib/random.c:171 +#: lib/random.c:170 msgid "Fatal error during RNG initialisation." msgstr "Ödesdigert fel under RNG-initiering." -#: lib/random.c:208 +#: lib/random.c:207 msgid "Unknown RNG quality requested." msgstr "Okänd RNG-kvalitet begärd." -#: lib/random.c:213 +#: lib/random.c:212 msgid "Error reading from RNG." msgstr "Fel vid läsning från RNG." @@ -117,7 +117,7 @@ msgid "Cannot initialize crypto backend." msgstr "Det går inte att initiera krypteringsbakände." -#: lib/setup.c:263 lib/setup.c:2079 lib/verity/verity.c:119 +#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Hashalgoritmen %s stöds inte." @@ -131,7 +131,7 @@ msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Det går inte att avgöra enhetstyp. Inkompatibel aktivering av enhet?" -#: lib/setup.c:338 lib/setup.c:3142 +#: lib/setup.c:338 lib/setup.c:3221 msgid "This operation is supported only for LUKS device." msgstr "Denna åtgärd stöds endast av LUKS-enheter." @@ -139,7 +139,7 @@ msgid "This operation is supported only for LUKS2 device." msgstr "Denna åtgärd stöds endast av LUKS2-enheter." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2440 +#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 msgid "All key slots full." msgstr "Alla nyckelplatser är upptagna." @@ -153,7 +153,7 @@ msgid "Key slot %d is full, please select another one." msgstr "Nyckelplats %d är full. Välj en annan." -#: lib/setup.c:522 lib/setup.c:2900 +#: lib/setup.c:522 lib/setup.c:2946 msgid "Device size is not aligned to device logical block size." msgstr "Storlek på enhet är inte justerad till enhetens logiska blockstorlek." @@ -162,7 +162,8 @@ msgid "Header detected but device %s is too small." msgstr "Huvud identifierat men enheten %s är för liten." -#: lib/setup.c:661 lib/setup.c:2845 +#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 +#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 msgid "This operation is not supported for this device type." msgstr "Denna åtgärd stöds inte för denna enhetstyp." @@ -170,396 +171,416 @@ msgid "Illegal operation with reencryption in-progress." msgstr "Ogiltig åtgärd under pågående omkryptering." -#: lib/setup.c:834 lib/luks1/keymanage.c:527 +#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 +#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 +#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 +#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 +#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 +#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Enheten %s är inte en giltig LUKS-enhet." + +#: lib/setup.c:836 lib/luks1/keymanage.c:527 #, c-format msgid "Unsupported LUKS version %d." msgstr "LUKS-versionen %d stöds inte." -#: lib/setup.c:1430 lib/setup.c:2610 lib/setup.c:2683 lib/setup.c:2695 -#: lib/setup.c:2853 lib/setup.c:4643 +#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 +#: lib/setup.c:2859 lib/setup.c:4807 #, c-format msgid "Device %s is not active." msgstr "Enheten %s är inte aktiv." -#: lib/setup.c:1447 +#: lib/setup.c:1448 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Underliggande enhet för krypteringsenhet %s försvann." -#: lib/setup.c:1527 +#: lib/setup.c:1528 msgid "Invalid plain crypt parameters." msgstr "Ogiltiga parametrar för plain-kryptering." -#: lib/setup.c:1532 lib/setup.c:1982 +#: lib/setup.c:1533 lib/setup.c:1983 msgid "Invalid key size." msgstr "Ogiltig nyckelstorlek." -#: lib/setup.c:1537 lib/setup.c:1987 lib/setup.c:2190 +#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 msgid "UUID is not supported for this crypt type." msgstr "UUID stöds inte för denna krypteringstyp." -#: lib/setup.c:1542 lib/setup.c:1992 +#: lib/setup.c:1543 lib/setup.c:1993 msgid "Detached metadata device is not supported for this crypt type." msgstr "Frånkopplad metadataenhet stöds ej av denna crypt-typ." -#: lib/setup.c:1552 lib/setup.c:1754 lib/luks2/luks2_reencrypt.c:2401 -#: src/cryptsetup.c:1358 src/cryptsetup.c:3723 +#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 +#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 msgid "Unsupported encryption sector size." msgstr "Stöder inte sektorstorleken för kryptering." -#: lib/setup.c:1560 lib/setup.c:1895 lib/setup.c:2894 +#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 msgid "Device size is not aligned to requested sector size." msgstr "Storlek på enhet är inte justerad till begärd sektorstorlek." -#: lib/setup.c:1612 lib/setup.c:1732 +#: lib/setup.c:1613 lib/setup.c:1733 msgid "Can't format LUKS without device." msgstr "Det går inte att formatera LUKS utan enhet." -#: lib/setup.c:1618 lib/setup.c:1738 +#: lib/setup.c:1619 lib/setup.c:1739 msgid "Requested data alignment is not compatible with data offset." msgstr "Begärd datajustering är inte kompatibel med dataoffset." -#: lib/setup.c:1686 lib/setup.c:1882 +#: lib/setup.c:1687 lib/setup.c:1883 msgid "WARNING: Data offset is outside of currently available data device.\n" msgstr "VARNING: Dataoffset ligger utanför aktuell dataenhet.\n" -#: lib/setup.c:1696 lib/setup.c:1912 lib/setup.c:1933 lib/setup.c:2202 +#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 #, c-format msgid "Cannot wipe header on device %s." msgstr "Det går inte att rensa huvudet på enheten %s." -#: lib/setup.c:1763 +#: lib/setup.c:1774 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "VARNING: Enhetsaktiveringen kommer att misslyckas, dm-crypt saknar stöd för begärd krypteringsektorstorlek.\n" -#: lib/setup.c:1786 +#: lib/setup.c:1797 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Volymnyckeln är för liten för kryptering med integritetstillägg." -#: lib/setup.c:1856 +#: lib/setup.c:1857 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Chiffret %s-%s (nyckelstorlek %zd bitar) är inte tillgängligt." -#: lib/setup.c:1885 +#: lib/setup.c:1886 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "VARNING: storlek på LUKS2-metadata ändrades till % byte.\n" -#: lib/setup.c:1889 +#: lib/setup.c:1890 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "VARNING: storlek på LUKS2-nyckelplatsområde ändrades till % byte.\n" -#: lib/setup.c:1915 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:2451 lib/luks2/luks2_reencrypt.c:3488 +#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 #, c-format msgid "Device %s is too small." msgstr "Enheten %s är för liten." -#: lib/setup.c:1926 lib/setup.c:1952 +#: lib/setup.c:1927 lib/setup.c:1953 #, c-format msgid "Cannot format device %s in use." msgstr "Det går inte att formatera enheten %s då den används." -#: lib/setup.c:1929 lib/setup.c:1955 +#: lib/setup.c:1930 lib/setup.c:1956 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Det går inte att formatera enheten %s, behörighet nekad." -#: lib/setup.c:1941 lib/setup.c:2262 +#: lib/setup.c:1942 lib/setup.c:2263 #, c-format msgid "Cannot format integrity for device %s." msgstr "Det går inte att formatera integritet för enheten %s." -#: lib/setup.c:1959 +#: lib/setup.c:1960 #, c-format msgid "Cannot format device %s." msgstr "Det går inte att formatera enheten %s." -#: lib/setup.c:1977 +#: lib/setup.c:1978 msgid "Can't format LOOPAES without device." msgstr "Kan inte formatera LOOPAES utan enhet." -#: lib/setup.c:2022 +#: lib/setup.c:2023 msgid "Can't format VERITY without device." msgstr "Det går inte att formatera VERITY utan enhet." -#: lib/setup.c:2033 lib/verity/verity.c:102 +#: lib/setup.c:2034 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "VERITY-hashtyp %d stöds inte." -#: lib/setup.c:2039 lib/verity/verity.c:110 +#: lib/setup.c:2040 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "VERITY-blockstorlek som inte stöds." -#: lib/setup.c:2044 lib/verity/verity.c:74 +#: lib/setup.c:2045 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "VERITY-hashoffset som inte stöds." -#: lib/setup.c:2049 +#: lib/setup.c:2050 msgid "Unsupported VERITY FEC offset." msgstr "VERITY-FEC-offset som inte stöds." -#: lib/setup.c:2073 +#: lib/setup.c:2074 msgid "Data area overlaps with hash area." msgstr "Dataområde spiller över på hashområdet." -#: lib/setup.c:2098 +#: lib/setup.c:2099 msgid "Hash area overlaps with FEC area." msgstr "Hashområde spiller över på FEC-mrådet." -#: lib/setup.c:2105 +#: lib/setup.c:2106 msgid "Data area overlaps with FEC area." msgstr "Dataområde spiller över på FEC-mrådet." -#: lib/setup.c:2241 +#: lib/setup.c:2242 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "VARNING: Begärd taggstorlek på %d byte skiljer sig från %s utdatastorlek (%d byte).\n" -#: lib/setup.c:2320 +#: lib/setup.c:2321 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Okänd typ av krypteringsenhet %s begärd." -#: lib/setup.c:2616 lib/setup.c:2688 lib/setup.c:2701 +#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 #, c-format msgid "Unsupported parameters on device %s." msgstr "Parametrar som inte stöds på enheten %s." -#: lib/setup.c:2622 lib/setup.c:2708 lib/luks2/luks2_reencrypt.c:2503 -#: lib/luks2/luks2_reencrypt.c:2847 +#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 +#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 #, c-format msgid "Mismatching parameters on device %s." msgstr "Kan inte rensa huvudet på enheten %s." -#: lib/setup.c:2728 +#: lib/setup.c:2731 msgid "Crypt devices mismatch." msgstr "Krypteringsenheter har matchningsfel." -#: lib/setup.c:2765 lib/setup.c:2770 lib/luks2/luks2_reencrypt.c:2143 -#: lib/luks2/luks2_reencrypt.c:3255 +#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 +#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 #, c-format msgid "Failed to reload device %s." msgstr "Misslyckades med att läsa om enhet %s." -#: lib/setup.c:2776 lib/setup.c:2782 lib/luks2/luks2_reencrypt.c:2114 -#: lib/luks2/luks2_reencrypt.c:2121 +#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 +#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 #, c-format msgid "Failed to suspend device %s." msgstr "Misslyckades med att försätta enhet %s i vänteläge." -#: lib/setup.c:2788 lib/luks2/luks2_reencrypt.c:2128 -#: lib/luks2/luks2_reencrypt.c:3190 lib/luks2/luks2_reencrypt.c:3259 +#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 +#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 +#: lib/luks2/luks2_reencrypt.c:4011 #, c-format msgid "Failed to resume device %s." msgstr "Misslyckades med att återuppta enhet %s." -#: lib/setup.c:2803 +#: lib/setup.c:2806 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Ödesdigert fel vid omläsning av enhet %s (ovanpå enhet %s)." -#: lib/setup.c:2806 lib/setup.c:2808 +#: lib/setup.c:2809 lib/setup.c:2811 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Misslyckades med att växla enhet %s till dm-error." -#: lib/setup.c:2885 +#: lib/setup.c:2891 msgid "Cannot resize loop device." msgstr "Det går inte att ändra storlek på loop-enhet." -#: lib/setup.c:2958 +#: lib/setup.c:2931 +msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" +msgstr "VARNING: Maximal storlek redan satt eller så stöder inte kärnan storleksändring.\n" + +#: lib/setup.c:2989 +msgid "Resize failed, the kernel doesn't support it." +msgstr "Misslyckades med storleksändring, kärnan stöder inte detta." + +#: lib/setup.c:3021 msgid "Do you really want to change UUID of device?" msgstr "Vill du verkligen ändra UUID för en enhet?" -#: lib/setup.c:3034 +#: lib/setup.c:3113 msgid "Header backup file does not contain compatible LUKS header." msgstr "Säkerhetskopian för huvud innehåller inte något giltigt LUKS-huvud." -#: lib/setup.c:3150 +#: lib/setup.c:3229 #, c-format msgid "Volume %s is not active." msgstr "Volymen %s är inte aktiv." -#: lib/setup.c:3161 +#: lib/setup.c:3240 #, c-format msgid "Volume %s is already suspended." msgstr "Volymen %s är redan i vänteläge." -#: lib/setup.c:3174 +#: lib/setup.c:3253 #, c-format msgid "Suspend is not supported for device %s." msgstr "Vänteläge stöds inte för enhet %s." -#: lib/setup.c:3176 +#: lib/setup.c:3255 #, c-format msgid "Error during suspending device %s." msgstr "Fel då enheten %s försattes i vänteläge." -#: lib/setup.c:3212 +#: lib/setup.c:3290 #, c-format msgid "Resume is not supported for device %s." msgstr "Att återuppta stöds inte för enhet %s." -#: lib/setup.c:3214 +#: lib/setup.c:3292 #, c-format msgid "Error during resuming device %s." msgstr "Fel då enheten %s återupptogs." -#: lib/setup.c:3248 lib/setup.c:3296 lib/setup.c:3366 +#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 +#: src/cryptsetup.c:2207 #, c-format msgid "Volume %s is not suspended." msgstr "Volymen %s är inte i vänteläge." -#: lib/setup.c:3381 lib/setup.c:3750 lib/setup.c:4423 lib/setup.c:4436 -#: lib/setup.c:4444 lib/setup.c:4457 lib/setup.c:4826 lib/setup.c:6008 +#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 +#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 msgid "Volume key does not match the volume." msgstr "Volymnyckeln stämmer inte överens med volymen." -#: lib/setup.c:3428 lib/setup.c:3633 +#: lib/setup.c:3540 lib/setup.c:3745 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Det går inte att lägga till nyckelplats. Alla platser är inaktiverade och ingen volymnyckel har angivits." -#: lib/setup.c:3585 +#: lib/setup.c:3697 msgid "Failed to swap new key slot." msgstr "Misslyckades med att byta ny nyckelplats." -#: lib/setup.c:3771 +#: lib/setup.c:3883 #, c-format msgid "Key slot %d is invalid." msgstr "Nyckelplats %d är ogiltig." -#: lib/setup.c:3777 src/cryptsetup.c:1701 src/cryptsetup.c:2041 -#: src/cryptsetup.c:2632 src/cryptsetup.c:2689 +#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 +#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 #, c-format msgid "Keyslot %d is not active." msgstr "Nyckelplats %d är inte aktiv." -#: lib/setup.c:3796 +#: lib/setup.c:3908 msgid "Device header overlaps with data area." msgstr "Dataområde spiller över på hashområdet." -#: lib/setup.c:4089 +#: lib/setup.c:4213 msgid "Reencryption in-progress. Cannot activate device." msgstr "Omkryptering pågår. Det går inte att aktivera enheten." -#: lib/setup.c:4091 lib/luks2/luks2_json_metadata.c:2287 -#: lib/luks2/luks2_reencrypt.c:2946 +#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 +#: lib/luks2/luks2_reencrypt.c:3565 msgid "Failed to get reencryption lock." msgstr "Misslyckades med att erhålla omkrypteringslås." -#: lib/setup.c:4104 lib/luks2/luks2_reencrypt.c:2965 +#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 msgid "LUKS2 reencryption recovery failed." msgstr "Misslyckades med återhämtning av LUKS2-omkryptering." -#: lib/setup.c:4235 lib/setup.c:4500 +#: lib/setup.c:4396 lib/setup.c:4661 msgid "Device type is not properly initialized." msgstr "Enhetstypen är inte korrekt initierad." -#: lib/setup.c:4283 +#: lib/setup.c:4444 #, c-format msgid "Device %s already exists." msgstr "Enheten %s finns redan." -#: lib/setup.c:4290 +#: lib/setup.c:4451 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Det går inte att använda enheten %s som fortfarande används eller har ett ogiltigt namn." -#: lib/setup.c:4410 +#: lib/setup.c:4571 msgid "Incorrect volume key specified for plain device." msgstr "Felaktig volymnyckel för plain-enhet." -#: lib/setup.c:4526 +#: lib/setup.c:4687 msgid "Incorrect root hash specified for verity device." msgstr "Felaktig rothash angiven för verity-enhet." -#: lib/setup.c:4533 +#: lib/setup.c:4697 msgid "Root hash signature required." msgstr "Root-hashsignatur krävs." -#: lib/setup.c:4542 +#: lib/setup.c:4706 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Kärnans nyckelring saknas: krävs för att skicka signatur till kärnan." -#: lib/setup.c:4559 lib/setup.c:6084 +#: lib/setup.c:4723 lib/setup.c:6218 msgid "Failed to load key in kernel keyring." msgstr "Misslyckades med att öppna nyckelringen för kärnan." -#: lib/setup.c:4615 +#: lib/setup.c:4779 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Misslyckades med att avbryta fördröjd borttagning från enheten %s." -#: lib/setup.c:4622 lib/setup.c:4638 lib/luks2/luks2_json_metadata.c:2340 -#: src/cryptsetup.c:2785 +#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Enheten %s används fortfarande." -#: lib/setup.c:4647 +#: lib/setup.c:4811 #, c-format msgid "Invalid device %s." msgstr "Ogiltig enhet %s." -#: lib/setup.c:4763 +#: lib/setup.c:4927 msgid "Volume key buffer too small." msgstr "Buffert för volymnyckelen är för liten." -#: lib/setup.c:4771 +#: lib/setup.c:4935 msgid "Cannot retrieve volume key for plain device." msgstr "Kan inte hämta volymnyckel för plain-enhet." -#: lib/setup.c:4788 +#: lib/setup.c:4952 msgid "Cannot retrieve root hash for verity device." msgstr "Det går inte att hämta root-hash för verity-enhet." -#: lib/setup.c:4792 +#: lib/setup.c:4956 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Denna åtgärd stöds inte för krypteringsenheter av typen %s." -#: lib/setup.c:4998 lib/setup.c:5009 +#: lib/setup.c:5130 lib/setup.c:5141 msgid "Dump operation is not supported for this device type." msgstr "Utskriftsåtgärden stöds inte för denna enhetstyp." -#: lib/setup.c:5337 +#: lib/setup.c:5471 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Dataförskjutning är inte en multipel av %u byte." -#: lib/setup.c:5622 +#: lib/setup.c:5756 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Det går inte konvertera enheten %s som fortfarande används." -#: lib/setup.c:5941 +#: lib/setup.c:6075 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Misslyckades med att tilldela nyckelplats %u som ny volymnyckel." -#: lib/setup.c:6014 +#: lib/setup.c:6148 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Misslyckades med att initiera standardnyckelplats för LUKS2-parametrar." -#: lib/setup.c:6020 +#: lib/setup.c:6154 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Misslyckades med att tilldela nyckelplats %d till kontrollsummor." -#: lib/setup.c:6151 +#: lib/setup.c:6285 msgid "Kernel keyring is not supported by the kernel." msgstr "Kärnans nyckelring stöds inte av kärnan." -#: lib/setup.c:6161 lib/luks2/luks2_reencrypt.c:3062 +#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Misslyckades med att läsa lösenfras från nyckelringsnyckel (fel %d)." -#: lib/setup.c:6185 +#: lib/setup.c:6319 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Misslyckades med att inhämta globalt minneshårt serialiseringslås." @@ -587,8 +608,8 @@ msgid "Cannot seek to requested keyfile offset." msgstr "Det går inte att söka till begärd nyckelfilsoffset." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:219 -#: src/utils_password.c:231 +#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Slut på minne vid läsning av lösenfras." @@ -609,7 +630,7 @@ msgstr "Det går inte läsa begärd mängd data." #: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 #, c-format msgid "Device %s does not exist or access denied." msgstr "Enheten %s finns inte eller åtkomst nekas." @@ -739,12 +760,12 @@ msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Låsningen avbruten. Låsningsökvägen %s/%s oanvändbar (%s är inte en katalog)." -#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:922 -#: src/cryptsetup_reencrypt.c:1010 +#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Det går inte att söka till enhetsoffset." -#: lib/utils_wipe.c:208 +#: lib/utils_wipe.c:247 #, c-format msgid "Device wipe error, offset %." msgstr "Fel vid radering av enhet, förskjutning %." @@ -768,7 +789,7 @@ #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 #: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1276 lib/luks2/luks2_keyslot.c:740 +#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Kan inte skriva till enhet %s, behörighet nekad." @@ -782,17 +803,17 @@ msgstr "Misslyckades med att komma åt temporär nyckellagringsenhet." #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "In-/utfel vid kryptering av nyckelplats." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:677 -#: lib/verity/verity.c:80 lib/verity/verity.c:193 lib/verity/verity_hash.c:320 +#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 +#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 #: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:251 lib/verity/verity_fec.c:263 -#: lib/verity/verity_fec.c:268 lib/luks2/luks2_json_metadata.c:1279 -#: src/cryptsetup_reencrypt.c:177 src/cryptsetup_reencrypt.c:189 +#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 +#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 +#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Det går inte att öppna enheten %s." @@ -813,43 +834,32 @@ msgid "LUKS keyslot %u is invalid." msgstr "LUKS-nyckelplats %u är ogiltig." -#: lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1107 src/cryptsetup.c:1557 -#: src/cryptsetup.c:1688 src/cryptsetup.c:1743 src/cryptsetup.c:1798 -#: src/cryptsetup.c:1863 src/cryptsetup.c:1966 src/cryptsetup.c:2030 -#: src/cryptsetup.c:2259 src/cryptsetup.c:2472 src/cryptsetup.c:2532 -#: src/cryptsetup.c:2597 src/cryptsetup.c:2741 src/cryptsetup.c:3423 -#: src/cryptsetup.c:3432 src/cryptsetup_reencrypt.c:1373 -#, c-format -msgid "Device %s is not a valid LUKS device." -msgstr "Enheten %s är inte en giltig LUKS-enhet." - -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1124 +#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 #, c-format msgid "Requested header backup file %s already exists." msgstr "Begärd säkerhetskopia %s av huvud finns redan." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1126 +#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 #, c-format msgid "Cannot create header backup file %s." msgstr "Det går inte att skapa säkerhetskopia för huvud %s." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1133 +#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 #, c-format msgid "Cannot write header backup file %s." msgstr "Det går inte skriva säkerhetskopia för huvud %s." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1185 +#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 msgid "Backup file does not contain valid LUKS header." msgstr "Säkerhetskopian innehåller inte något giltigt LUKS-huvud." #: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1206 +#: lib/luks2/luks2_json_metadata.c:1351 #, c-format msgid "Cannot open header backup file %s." msgstr "Det går inte att öppna säkerhetskopia för huvud %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1214 +#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 #, c-format msgid "Cannot read header backup file %s." msgstr "Det går inte att läsa säkerhetskopia för huvud %s." @@ -871,7 +881,7 @@ msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "innehåller redan LUKS-huvud. Ersättningen av huvud kommer att förstöra befintliga nyckelplatser." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1248 +#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -945,7 +955,7 @@ msgid "LUKS hash %s is invalid." msgstr "LUKS-hash %s är ogiltig." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1243 +#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 msgid "No known problems detected for LUKS header." msgstr "Inga kända problem identifierade för LUKS-huvud." @@ -964,8 +974,8 @@ msgstr "Data-offset för fristående LUKS-huvud måste vara antingen 0 eller större än huvudstorleken." #: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1015 -#: src/cryptsetup.c:2904 +#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 +#: src/utils_reencrypt.c:475 msgid "Wrong LUKS UUID format provided." msgstr "Felaktigt LUKS-UUID-format angavs." @@ -998,7 +1008,7 @@ msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Nyckelplats %d är ogiltig. Välj en nyckelplats mellan 0 och %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:744 +#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Kan inte rensa enheten %s." @@ -1029,205 +1039,213 @@ msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Högsta TCRYPT-lösenfraslängd (%zu) överskriden." -#: lib/tcrypt/tcrypt.c:602 +#: lib/tcrypt/tcrypt.c:601 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "PBKDF2-hashalgoritm %s ej tillgänglig, hoppar över." -#: lib/tcrypt/tcrypt.c:618 src/cryptsetup.c:1110 +#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 msgid "Required kernel crypto interface not available." msgstr "Begärt kryptogränssnitt för kärnan inte tillgängligt." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1112 +#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Försäkra dig om att kärnmodulen algif_skcipher är inläst." -#: lib/tcrypt/tcrypt.c:760 +#: lib/tcrypt/tcrypt.c:763 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Aktivering stöds inte för sektorstorlek %d." -#: lib/tcrypt/tcrypt.c:766 +#: lib/tcrypt/tcrypt.c:769 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Kärnan stöder inte aktivering för detta föråldrade TCRYPT-läge." -#: lib/tcrypt/tcrypt.c:797 +#: lib/tcrypt/tcrypt.c:800 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Aktiverar TCRYPT-systemkryptering för partition %s." -#: lib/tcrypt/tcrypt.c:875 +#: lib/tcrypt/tcrypt.c:883 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Kärnan stöder inte TCRYPT-kompatibel mappning." -#: lib/tcrypt/tcrypt.c:1088 +#: lib/tcrypt/tcrypt.c:1096 msgid "This function is not supported without TCRYPT header load." msgstr "Denna funktion stöds inte utan inläsning av TCRYPT-huvud." -#: lib/bitlk/bitlk.c:350 +#: lib/bitlk/bitlk.c:275 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av volymhuvudnyckel." -#: lib/bitlk/bitlk.c:397 +#: lib/bitlk/bitlk.c:328 msgid "Invalid string found when parsing Volume Master Key." msgstr "Ogiltig sträng funnen vid tolkning av volymhuvudnyckel." -#: lib/bitlk/bitlk.c:402 +#: lib/bitlk/bitlk.c:332 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Oväntad sträng (”%s”) funnen vid tolkning av volymhuvudnycklar som stöds." -#: lib/bitlk/bitlk.c:419 +#: lib/bitlk/bitlk.c:349 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "Oväntad metadatapostvärde av typ ”%u” funnen vid tolkning av volymhuvudnycklar som stöds." -#: lib/bitlk/bitlk.c:502 -#, c-format -msgid "Failed to read BITLK signature from %s." -msgstr "Misslyckades med att läsa BITLK-signatur från %s." - -#: lib/bitlk/bitlk.c:514 -msgid "Invalid or unknown signature for BITLK device." -msgstr "Ogiltig eller okänd signatur för BITLK-enhet." - -#: lib/bitlk/bitlk.c:520 +#: lib/bitlk/bitlk.c:451 msgid "BITLK version 1 is currently not supported." msgstr "BITLK version 1 stöds ej för närvarande." -#: lib/bitlk/bitlk.c:526 +#: lib/bitlk/bitlk.c:457 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Ogiltig eller okänd boot-signatur för BITLK-enhet." -#: lib/bitlk/bitlk.c:538 +#: lib/bitlk/bitlk.c:469 #, c-format msgid "Unsupported sector size %." msgstr "Stöder inte sektorstorleken %." -#: lib/bitlk/bitlk.c:546 +#: lib/bitlk/bitlk.c:477 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Misslyckades med att läsa BITLK-huvud från %s." -#: lib/bitlk/bitlk.c:571 +#: lib/bitlk/bitlk.c:502 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Misslyckades med att läsa BITLK FVE-metadata från %s." -#: lib/bitlk/bitlk.c:622 +#: lib/bitlk/bitlk.c:554 msgid "Unknown or unsupported encryption type." msgstr "Krypteringstypen är okänd eller stöds ej." -#: lib/bitlk/bitlk.c:655 +#: lib/bitlk/bitlk.c:587 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Misslyckades med att läsa BITLK -metadataposter från %s." -#: lib/bitlk/bitlk.c:897 +#: lib/bitlk/bitlk.c:681 +msgid "Failed to convert BITLK volume description" +msgstr "Misslyckades med att konvertera BITLK-volymbeskrivning" + +#: lib/bitlk/bitlk.c:841 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av extern nyckel." -#: lib/bitlk/bitlk.c:912 +#: lib/bitlk/bitlk.c:860 +#, c-format +msgid "BEK file GUID '%s' does not match GUID of the volume." +msgstr "BEK-filens GUID '%s' stämmer inte överens med GUID för volymen." + +#: lib/bitlk/bitlk.c:864 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Oväntad metadatapostvärde av typ ”%u” funnen vid tolkning av extern nyckel." -#: lib/bitlk/bitlk.c:950 +#: lib/bitlk/bitlk.c:903 #, c-format msgid "Unsupported BEK metadata version %" msgstr "Inget stöd för BEK metadata-version %" -#: lib/bitlk/bitlk.c:955 +#: lib/bitlk/bitlk.c:908 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "Oväntad BEK-metadatastorlek % matchar inte BEK-fillängd" -#: lib/bitlk/bitlk.c:980 +#: lib/bitlk/bitlk.c:933 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av uppstartsnyckel." -#: lib/bitlk/bitlk.c:1071 +#: lib/bitlk/bitlk.c:1029 msgid "This operation is not supported." msgstr "Denna åtgärd stöds ej." -#: lib/bitlk/bitlk.c:1079 +#: lib/bitlk/bitlk.c:1037 msgid "Unexpected key data size." msgstr "Oväntad nyckeldatastorlek." -#: lib/bitlk/bitlk.c:1205 +#: lib/bitlk/bitlk.c:1163 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Denna BITLK-enhet är i tillstånd som inte stöds och kan inte aktiveras." -#: lib/bitlk/bitlk.c:1210 +#: lib/bitlk/bitlk.c:1168 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Det går inte att aktivera BITLK-enheter av typen ”%s”." -#: lib/bitlk/bitlk.c:1217 +#: lib/bitlk/bitlk.c:1175 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Aktivering av delvis avkrypterade BITLK-enheter stöds ej." -#: lib/bitlk/bitlk.c:1380 +#: lib/bitlk/bitlk.c:1216 +#, c-format +msgid "WARNING: BitLocker volume size % does not match the underlying device size %" +msgstr "VARNING: BitLocker-volymstorlek % överensstämmer inte med underliggande enhetstorlek %" + +#: lib/bitlk/bitlk.c:1343 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Det går inte att aktivera enheten, kärnan dm-crypt saknar stöd för BITLK IV." -#: lib/bitlk/bitlk.c:1384 +#: lib/bitlk/bitlk.c:1347 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Det går inte att aktivera enheten, kärnan dm-crypt saknar stöd för BITLK Elephant diffuser." -#: lib/verity/verity.c:68 lib/verity/verity.c:179 +#: lib/bitlk/bitlk.c:1351 +msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." +msgstr "Det går inte att aktivera enheten, kärnan dm-crypt saknar stöd för stor sektorstorlek." + +#: lib/bitlk/bitlk.c:1355 +msgid "Cannot activate device, kernel dm-zero module is missing." +msgstr "Det går inte att aktivera enheten, kärnmodulen dm-zero saknas." + +#: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." msgstr "Verity-enheten %s använder inte huvud på disk." -#: lib/verity/verity.c:90 -#, c-format -msgid "Device %s is not a valid VERITY device." -msgstr "Enheten %s är inte en giltig VERITY-enhet." - -#: lib/verity/verity.c:97 +#: lib/verity/verity.c:96 #, c-format msgid "Unsupported VERITY version %d." msgstr "VERITY-versionen %d stöds inte." -#: lib/verity/verity.c:128 +#: lib/verity/verity.c:131 msgid "VERITY header corrupted." msgstr "VERITY-huvud är skadat." -#: lib/verity/verity.c:173 +#: lib/verity/verity.c:176 #, c-format msgid "Wrong VERITY UUID format provided on device %s." msgstr "Felaktigt VERITY-UUID-format angivet på enhet %s." -#: lib/verity/verity.c:217 +#: lib/verity/verity.c:220 #, c-format msgid "Error during update of verity header on device %s." msgstr "Fel vid uppdatering av verity-huvud på enheten %s." -#: lib/verity/verity.c:275 +#: lib/verity/verity.c:278 msgid "Root hash signature verification is not supported." msgstr "Begärd hashsignaturverifiering %s stöds inte." -#: lib/verity/verity.c:287 +#: lib/verity/verity.c:290 msgid "Errors cannot be repaired with FEC device." msgstr "Det går inte reparera fel med FEC-enhet." -#: lib/verity/verity.c:289 +#: lib/verity/verity.c:292 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "Fann %u reparerbara fel med FEC-enhet." -#: lib/verity/verity.c:332 +#: lib/verity/verity.c:335 msgid "Kernel does not support dm-verity mapping." msgstr "Kärnan stöder inte dm-verity-mappning." -#: lib/verity/verity.c:336 +#: lib/verity/verity.c:339 msgid "Kernel does not support dm-verity signature option." msgstr "Kärnan stöder inte flaggan för dm-verity-signatur." -#: lib/verity/verity.c:347 +#: lib/verity/verity.c:350 msgid "Verity device detected corruption after activation." msgstr "Verity-enhet identifierades som skadad efter aktivering." @@ -1299,37 +1317,42 @@ msgid "Failed to write parity for RS block %." msgstr "Misslyckades med att skriva paritet för RS block %." -#: lib/verity/verity_fec.c:228 +#: lib/verity/verity_fec.c:208 msgid "Block sizes must match for FEC." msgstr "Blockstorlekar måste matcha för FEC." -#: lib/verity/verity_fec.c:234 +#: lib/verity/verity_fec.c:214 msgid "Invalid number of parity bytes." msgstr "Ogiltigt antal paritet-byte." -#: lib/verity/verity_fec.c:239 +#: lib/verity/verity_fec.c:248 msgid "Invalid FEC segment length." msgstr "Ogiltig FEC-segmentlängd." -#: lib/verity/verity_fec.c:303 +#: lib/verity/verity_fec.c:316 #, c-format msgid "Failed to determine size for device %s." msgstr "Misslyckades med att bestämma storlek för enhet %s." -#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355 +#: lib/integrity/integrity.c:57 +#, c-format +msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." +msgstr "Inkompatibel kärnmetadata dm-integrity (version %u) identifierad på %s." + +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 msgid "Kernel does not support dm-integrity mapping." msgstr "Kärnan stöder inte dm-integrity-mappning." -#: lib/integrity/integrity.c:278 +#: lib/integrity/integrity.c:283 msgid "Kernel does not support dm-integrity fixed metadata alignment." msgstr "Kärnan stöder inte fast metadataförskjutning för dm-integrity." -#: lib/integrity/integrity.c:287 +#: lib/integrity/integrity.c:292 msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Kärnan tillåter inte att den osäkra flaggan recalculate aktiveras (se föråldrade aktiveringsflaggor för att åsidosätta)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:973 -#: lib/luks2/luks2_json_metadata.c:1268 +#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 +#: lib/luks2/luks2_json_metadata.c:1413 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Misslyckades med att få skrivlås på enheten %s." @@ -1355,40 +1378,40 @@ msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "VARNING: nyckelplatsområdet (% byte) är väldigt liten, tillgängligt LUKS2-nyckelplatsantal är väldigt begränsat.\n" -#: lib/luks2/luks2_json_metadata.c:960 lib/luks2/luks2_json_metadata.c:1098 -#: lib/luks2/luks2_json_metadata.c:1174 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 +#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 #: lib/luks2/luks2_keyslot_luks2.c:114 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Misslyckades med att erhålla läslås på enheten %s." -#: lib/luks2/luks2_json_metadata.c:1191 +#: lib/luks2/luks2_json_metadata.c:1336 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Förbjudna LUKS2-krav identifierade i säkerhetskopian %s." -#: lib/luks2/luks2_json_metadata.c:1232 +#: lib/luks2/luks2_json_metadata.c:1377 msgid "Data offset differ on device and backup, restore failed." msgstr "Dataoffset skiljer sig på enhet och säkerhetskopia. Återställningen misslyckades." -#: lib/luks2/luks2_json_metadata.c:1238 +#: lib/luks2/luks2_json_metadata.c:1383 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Binärhuvud med nyckelstorlek skiljer sig på enhet och säkerhetskopia. Återställningen misslyckades." -#: lib/luks2/luks2_json_metadata.c:1245 +#: lib/luks2/luks2_json_metadata.c:1390 #, c-format msgid "Device %s %s%s%s%s" msgstr "Enhet %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1246 +#: lib/luks2/luks2_json_metadata.c:1391 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "innehåller inget LUKS2-huvud. Ersättning av huvud kan förstöra data på enheten." -#: lib/luks2/luks2_json_metadata.c:1247 +#: lib/luks2/luks2_json_metadata.c:1392 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "innehåller redan LUKS2-huvud. Ersättningen av huvud kommer att förstöra befintliga nyckelplatser." -#: lib/luks2/luks2_json_metadata.c:1249 +#: lib/luks2/luks2_json_metadata.c:1394 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1398,7 +1421,7 @@ "VARNING:okända LUKS2-krav identifierade i huvudet för riktig enhet!\n" "Att ersätta huvudet med en säkerhetskopia kan göra data korrupt på enheten!" -#: lib/luks2/luks2_json_metadata.c:1251 +#: lib/luks2/luks2_json_metadata.c:1396 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1408,58 +1431,58 @@ "VARNING:Oavslutad frånkopplade kryptering identifierad på enheten!\n" "Att ersätta huvudet med en säkerhetskopia kan orsaka korrupt data." -#: lib/luks2/luks2_json_metadata.c:1349 +#: lib/luks2/luks2_json_metadata.c:1494 #, c-format msgid "Ignored unknown flag %s." msgstr "Ignorerade okänd flagga %s." -#: lib/luks2/luks2_json_metadata.c:2054 lib/luks2/luks2_reencrypt.c:1843 +#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Saknar nyckel för dm-crypt-segmentet %u" -#: lib/luks2/luks2_json_metadata.c:2066 lib/luks2/luks2_reencrypt.c:1857 +#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 msgid "Failed to set dm-crypt segment." msgstr "Misslyckades med att läsa dm-crypt-segment." -#: lib/luks2/luks2_json_metadata.c:2072 lib/luks2/luks2_reencrypt.c:1863 +#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 msgid "Failed to set dm-linear segment." msgstr "Misslyckades med att läsa dm-linear-segment." -#: lib/luks2/luks2_json_metadata.c:2199 +#: lib/luks2/luks2_json_metadata.c:2547 msgid "Unsupported device integrity configuration." msgstr "Integritetskonfiguration som ej stöds på enheten." -#: lib/luks2/luks2_json_metadata.c:2285 +#: lib/luks2/luks2_json_metadata.c:2633 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Omkryptering pågår. Det går inte att inaktivera enhet." -#: lib/luks2/luks2_json_metadata.c:2296 lib/luks2/luks2_reencrypt.c:3300 +#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Misslyckades med att ersätta inaktiverad enhet %s med målet dm-error." -#: lib/luks2/luks2_json_metadata.c:2376 +#: lib/luks2/luks2_json_metadata.c:2724 msgid "Failed to read LUKS2 requirements." msgstr "Misslyckades med att läsa LUKS2-krav." -#: lib/luks2/luks2_json_metadata.c:2383 +#: lib/luks2/luks2_json_metadata.c:2731 msgid "Unmet LUKS2 requirements detected." msgstr "Ej uppfyllt LUKS2-krav identifierat." -#: lib/luks2/luks2_json_metadata.c:2391 +#: lib/luks2/luks2_json_metadata.c:2739 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Åtgärden inkompatibel med enhet markerad för föråldrad omkryptering. Avbryter." -#: lib/luks2/luks2_json_metadata.c:2393 +#: lib/luks2/luks2_json_metadata.c:2741 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Åtgärden inkompatibel med enhet markerad för LUKS2-omkryptering. Avbryter." -#: lib/luks2/luks2_keyslot.c:554 lib/luks2/luks2_keyslot.c:591 +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 msgid "Not enough available memory to open a keyslot." msgstr "Inte nog med minne för att öppna en nyckelplats." -#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 msgid "Keyslot open failed." msgstr "Misslyckades med att öppna nyckelplats." @@ -1468,348 +1491,406 @@ msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Det går inte att använda %s-%s-chiffer för nyckelplatskryptering." -#: lib/luks2/luks2_keyslot_luks2.c:485 +#: lib/luks2/luks2_keyslot_luks2.c:496 msgid "No space for new keyslot." msgstr "Inget utrymme för ny nyckelplats." -#: lib/luks2/luks2_luks1_convert.c:482 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#, c-format +msgid "Hash algorithm %s is not available." +msgstr "Hashalgoritm %s är inte tillgänglig." + +#: lib/luks2/luks2_keyslot_reenc.c:593 +msgid "Invalid reencryption resilience mode change requested." +msgstr "Begärde ogiltigt återhämtningsläge för omkryptering." + +#: lib/luks2/luks2_keyslot_reenc.c:714 +#, c-format +msgid "Can not update resilience type. New type only provides % bytes, required space is: % bytes." +msgstr "Det går inte att uppdatera återhämtningstup. Ny typ tillhandahåller % byte, begärt utrymme är: % byte." + +#: lib/luks2/luks2_keyslot_reenc.c:724 +msgid "Failed to refresh reencryption verification digest." +msgstr "Misslyckades med att sammandrag för omkrypteringsverifikation." + +#: lib/luks2/luks2_luks1_convert.c:512 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Det går inte kontrollera status för enheten med uuid: %s." -#: lib/luks2/luks2_luks1_convert.c:508 +#: lib/luks2/luks2_luks1_convert.c:538 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Det går inte att konvertera huvud med ytterligare metadata för LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:548 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#, c-format +msgid "Unable to use cipher specification %s-%s for LUKS2." +msgstr "Det går inte att använda chiffer-spefikationen %s-%s för LUKS2." + +#: lib/luks2/luks2_luks1_convert.c:584 msgid "Unable to move keyslot area. Not enough space." msgstr "Kunde inte flytta nyckelplatsområde. Inte nog med utrymme." -#: lib/luks2/luks2_luks1_convert.c:599 +#: lib/luks2/luks2_luks1_convert.c:619 +msgid "Cannot convert to LUKS2 format - invalid metadata." +msgstr "Det går inte att konvertera till LUKS2-format - ogiltig metadata." + +#: lib/luks2/luks2_luks1_convert.c:636 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Kunde inte flytta nyckelplatsområde. Området för LUKS2-nyckelplatser är för litet." -#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889 +#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 msgid "Unable to move keyslot area." msgstr "Kunde inte flytta nyckelplatsområde." -#: lib/luks2/luks2_luks1_convert.c:697 +#: lib/luks2/luks2_luks1_convert.c:732 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Det går inte att konvertera till LUKS1-format - standardkrypteringstorleken är inte 512 byte." -#: lib/luks2/luks2_luks1_convert.c:705 +#: lib/luks2/luks2_luks1_convert.c:740 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Det går inte att konvertera till LUKS1-format - kontrollsummor för nyckelplatser är inte LUKS1-kompatibla." -#: lib/luks2/luks2_luks1_convert.c:717 +#: lib/luks2/luks2_luks1_convert.c:752 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Det går inte att konvertera till LUKS1-format - enheterna använder inbäddat nyckelchiffer %s." -#: lib/luks2/luks2_luks1_convert.c:725 +#: lib/luks2/luks2_luks1_convert.c:757 +msgid "Cannot convert to LUKS1 format - device uses more segments." +msgstr "Det går inte att konvertera till LUKS1-format - enheten använder flera segment." + +#: lib/luks2/luks2_luks1_convert.c:765 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Det går inte att konvertera till LUKS1-format - LUKS2-huvud innehåller %u token." -#: lib/luks2/luks2_luks1_convert.c:739 +#: lib/luks2/luks2_luks1_convert.c:779 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Det går inte att konvertera till LUKS1-format - nyckelplats %u är i ogiltigt tillstånd." -#: lib/luks2/luks2_luks1_convert.c:744 +#: lib/luks2/luks2_luks1_convert.c:784 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Det går inte att konvertera till LUKS1-format - plats %u (av maximalt antal platser) är fortfarande aktiv." -#: lib/luks2/luks2_luks1_convert.c:749 +#: lib/luks2/luks2_luks1_convert.c:789 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Det går inte att konvertera till LUKS1-format - nyckelplats %u är inte LUKS1-kompatibel." -#: lib/luks2/luks2_reencrypt.c:993 +#: lib/luks2/luks2_reencrypt.c:1107 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Hotzone-storleken måste vara en multipel av beräknad zonjustering (%zu-byte)." -#: lib/luks2/luks2_reencrypt.c:998 +#: lib/luks2/luks2_reencrypt.c:1112 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Enhetsstorleken måste vara en multipel av beräknad zonstorlek (%zu byte)." -#: lib/luks2/luks2_reencrypt.c:1042 -#, c-format -msgid "Unsupported resilience mode %s" -msgstr "Stöder inte motståndsläge %s" - -#: lib/luks2/luks2_reencrypt.c:1259 lib/luks2/luks2_reencrypt.c:1414 -#: lib/luks2/luks2_reencrypt.c:1497 lib/luks2/luks2_reencrypt.c:1531 -#: lib/luks2/luks2_reencrypt.c:3140 +#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 +#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 +#: lib/luks2/luks2_reencrypt.c:3852 msgid "Failed to initialize old segment storage wrapper." msgstr "Misslyckades med att initiera gammal segmentlagringsinbäddning." -#: lib/luks2/luks2_reencrypt.c:1273 lib/luks2/luks2_reencrypt.c:1392 +#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 msgid "Failed to initialize new segment storage wrapper." msgstr "Misslyckades med att initiera ny segmentlagringsinbäddning." -#: lib/luks2/luks2_reencrypt.c:1441 +#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +msgid "Failed to initialize hotzone protection." +msgstr "Misslyckades med att initiera skydd av hotzone." + +#: lib/luks2/luks2_reencrypt.c:1532 msgid "Failed to read checksums for current hotzone." msgstr "Misslyckades med att läsa kontrollsummor från aktuell varm zon." -#: lib/luks2/luks2_reencrypt.c:1448 lib/luks2/luks2_reencrypt.c:3148 +#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Misslyckades med att läsa område för varm zon med början %." -#: lib/luks2/luks2_reencrypt.c:1467 +#: lib/luks2/luks2_reencrypt.c:1558 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Misslyckades med att dekryptera sektor %zu." -#: lib/luks2/luks2_reencrypt.c:1473 +#: lib/luks2/luks2_reencrypt.c:1564 #, c-format msgid "Failed to recover sector %zu." msgstr "Misslyckades med återhämta sektor %zu." -#: lib/luks2/luks2_reencrypt.c:1956 +#: lib/luks2/luks2_reencrypt.c:2128 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Käll- och målenhetstorlekar stämmer inte överens. Källa %, mål: %." -#: lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:2226 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Misslyckades med att aktivera varm zon-enhet %s." -#: lib/luks2/luks2_reencrypt.c:2071 +#: lib/luks2/luks2_reencrypt.c:2243 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Misslyckades med att aktivera överlagringsenheten %s med aktuell ursprungstabell." -#: lib/luks2/luks2_reencrypt.c:2078 +#: lib/luks2/luks2_reencrypt.c:2250 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Misslyckades med att läsa in ny mappning för enhet %s." -#: lib/luks2/luks2_reencrypt.c:2149 +#: lib/luks2/luks2_reencrypt.c:2321 msgid "Failed to refresh reencryption devices stack." msgstr "Misslyckades med att uppdatera listan över omkrypteringsenheter." -#: lib/luks2/luks2_reencrypt.c:2309 +#: lib/luks2/luks2_reencrypt.c:2497 msgid "Failed to set new keyslots area size." msgstr "Misslyckades med att sätta en ny storlek på nyckelplatsområdet." -#: lib/luks2/luks2_reencrypt.c:2413 +#: lib/luks2/luks2_reencrypt.c:2633 +#, c-format +msgid "Data shift value is not aligned to encryption sector size (% bytes)." +msgstr "Dataskiftning är inte justerad till krypteringssektorstorlek (% byte)." + +#: lib/luks2/luks2_reencrypt.c:2664 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Stöder inte motståndsläge %s" + +#: lib/luks2/luks2_reencrypt.c:2741 +msgid "Moved segment size can not be greater than data shift value." +msgstr "Flyttat segmentstorlek kan inte vara större än dataskift-värdet." + +#: lib/luks2/luks2_reencrypt.c:2799 #, c-format -msgid "Data shift is not aligned to requested encryption sector size (% bytes)." -msgstr "Dataskiftning är inte justerad till begärd sektorstorlek (% byte)." +msgid "Moved segment too large. Requested size %, available space for: %." +msgstr "Flyttat segment för stor. Begärd storlek %, tillgänglig storlek för: %." -#: lib/luks2/luks2_reencrypt.c:2434 +#: lib/luks2/luks2_reencrypt.c:2886 +msgid "Failed to clear table." +msgstr "Misslyckades med att rensa tabellen." + +#: lib/luks2/luks2_reencrypt.c:2972 +msgid "Reduced data size is larger than real device size." +msgstr "Minskad datastorlek är större än den riktiga enhetsstorleken." + +#: lib/luks2/luks2_reencrypt.c:2979 #, c-format -msgid "Data device is not aligned to requested encryption sector size (% bytes)." -msgstr "Dataenhet är inte justerad till begärd sektorstorlek (% byte)." +msgid "Data device is not aligned to encryption sector size (% bytes)." +msgstr "Dataenhet är inte justerad till krypteringssektorstorlek (% byte)." -#: lib/luks2/luks2_reencrypt.c:2455 +#: lib/luks2/luks2_reencrypt.c:3013 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Dataskiftning (% sektorer) är mindre än framtida dataförskjutning (% sektorer)." -#: lib/luks2/luks2_reencrypt.c:2461 lib/luks2/luks2_reencrypt.c:2889 -#: lib/luks2/luks2_reencrypt.c:2910 +#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 +#: lib/luks2/luks2_reencrypt.c:3529 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Misslyckades med att öppna %s i exklusivt läge (redan mappad eller monterad)." -#: lib/luks2/luks2_reencrypt.c:2629 +#: lib/luks2/luks2_reencrypt.c:3209 msgid "Device not marked for LUKS2 reencryption." msgstr "Enheten är inte markerad för LUKS2-omkryptering." -#: lib/luks2/luks2_reencrypt.c:2635 lib/luks2/luks2_reencrypt.c:3415 +#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 msgid "Failed to load LUKS2 reencryption context." msgstr "Misslyckades med att läsa in LUKS2-omkrypteringskontext." -#: lib/luks2/luks2_reencrypt.c:2715 +#: lib/luks2/luks2_reencrypt.c:3306 msgid "Failed to get reencryption state." msgstr "Misslyckades med att erhålla status för omkryptering." -#: lib/luks2/luks2_reencrypt.c:2719 +#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 msgid "Device is not in reencryption." msgstr "Enheten är inte i omkryptering." -#: lib/luks2/luks2_reencrypt.c:2726 +#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 msgid "Reencryption process is already running." msgstr "Omkrypteringsprocessen pågår redan." -#: lib/luks2/luks2_reencrypt.c:2728 +#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 msgid "Failed to acquire reencryption lock." msgstr "Misslyckades med att erhålla skrivlås för omkryptering." -#: lib/luks2/luks2_reencrypt.c:2746 +#: lib/luks2/luks2_reencrypt.c:3337 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Det går inte att fortsätta med omkryptering. Kör återställning av omkryptering först." -#: lib/luks2/luks2_reencrypt.c:2860 +#: lib/luks2/luks2_reencrypt.c:3472 msgid "Active device size and requested reencryption size don't match." msgstr "Aktiv enhetsstorlek och begärd omkrypteringsstorlek skiljer sig åt." -#: lib/luks2/luks2_reencrypt.c:2874 +#: lib/luks2/luks2_reencrypt.c:3486 msgid "Illegal device size requested in reencryption parameters." msgstr "Ogiltig enhetsstorlek begärd i omkrypteringsparametrarna." -#: lib/luks2/luks2_reencrypt.c:2944 +#: lib/luks2/luks2_reencrypt.c:3563 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Omkryptering pågår redan. Det går inte att utföra återhämtning." -#: lib/luks2/luks2_reencrypt.c:3016 +#: lib/luks2/luks2_reencrypt.c:3732 msgid "LUKS2 reencryption already initialized in metadata." msgstr "LUKS2-omkryptering är redan initierad i metadata." -#: lib/luks2/luks2_reencrypt.c:3023 +#: lib/luks2/luks2_reencrypt.c:3739 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Misslyckades med att initiera LUKS2-omkryptering i metadata." -#: lib/luks2/luks2_reencrypt.c:3114 +#: lib/luks2/luks2_reencrypt.c:3834 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Misslyckades med sätta enhetssegment för nästa varm zon-omkryptering." -#: lib/luks2/luks2_reencrypt.c:3156 +#: lib/luks2/luks2_reencrypt.c:3886 msgid "Failed to write reencryption resilience metadata." msgstr "Misslyckades med att skriva motståndsmetadata för omkryptering." -#: lib/luks2/luks2_reencrypt.c:3163 +#: lib/luks2/luks2_reencrypt.c:3893 msgid "Decryption failed." msgstr "Avkryptering misslyckades." -#: lib/luks2/luks2_reencrypt.c:3168 +#: lib/luks2/luks2_reencrypt.c:3898 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Misslyckades med att skriva område för varm zon med början vid %." -#: lib/luks2/luks2_reencrypt.c:3173 +#: lib/luks2/luks2_reencrypt.c:3903 msgid "Failed to sync data." msgstr "Misslyckades med att synkronisera data." -#: lib/luks2/luks2_reencrypt.c:3181 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Misslyckades med att uppdatera metadata efter aktuell varm zon för omkrypteringär färdigställd." -#: lib/luks2/luks2_reencrypt.c:3248 +#: lib/luks2/luks2_reencrypt.c:4000 msgid "Failed to write LUKS2 metadata." msgstr "Misslyckades med att skriva LUKS2-metadata." -#: lib/luks2/luks2_reencrypt.c:3271 -msgid "Failed to wipe backup segment data." -msgstr "Misslyckades med att radera säkerhetskopia av segmentdata." - -#: lib/luks2/luks2_reencrypt.c:3284 -msgid "Failed to disable reencryption requirement flag." -msgstr "Misslyckades med att inaktivera flaggan för omkrypteringskrav." +#: lib/luks2/luks2_reencrypt.c:4023 +msgid "Failed to wipe unused data device area." +msgstr "Misslyckades med att radera oanvänt område på dataenheten." + +#: lib/luks2/luks2_reencrypt.c:4029 +#, c-format +msgid "Failed to remove unused (unbound) keyslot %d." +msgstr "Misslyckades med att ta bort oanvänd (obunden) nyckelplats %d." + +#: lib/luks2/luks2_reencrypt.c:4039 +msgid "Failed to remove reencryption keyslot." +msgstr "Misslyckades med att ta bort nyckelplats för omkryptering." -#: lib/luks2/luks2_reencrypt.c:3292 +#: lib/luks2/luks2_reencrypt.c:4049 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Ödesdigert fel vid omkrypteringschunk med start vid %, % sektorer lång." -#: lib/luks2/luks2_reencrypt.c:3296 +#: lib/luks2/luks2_reencrypt.c:4053 msgid "Online reencryption failed." msgstr "Misslyckades med omkryptering." -#: lib/luks2/luks2_reencrypt.c:3301 +#: lib/luks2/luks2_reencrypt.c:4058 msgid "Do not resume the device unless replaced with error target manually." msgstr "Återuppta inte enheten om inte den ersatts med felmål manuellt." -#: lib/luks2/luks2_reencrypt.c:3353 +#: lib/luks2/luks2_reencrypt.c:4112 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Det går inte att fortsätta med omkryptering. Oväntat omkrypteringsläge." -#: lib/luks2/luks2_reencrypt.c:3359 +#: lib/luks2/luks2_reencrypt.c:4118 msgid "Missing or invalid reencrypt context." msgstr "Saknat eller ogiltigt omkrypteringskontext." -#: lib/luks2/luks2_reencrypt.c:3366 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to initialize reencryption device stack." msgstr "Misslyckades med att initiera listan för omkrypteringsenheter." -#: lib/luks2/luks2_reencrypt.c:3385 lib/luks2/luks2_reencrypt.c:3428 +#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 msgid "Failed to update reencryption context." msgstr "Misslyckades med att uppdatera omkrypteringskontext." -#: src/cryptsetup.c:108 -msgid "Can't do passphrase verification on non-tty inputs." -msgstr "Kan inte verifiera lösenfras på icke-tty-ingångar." +#: lib/luks2/luks2_reencrypt_digest.c:406 +msgid "Reencryption metadata is invalid." +msgstr "Omkryperingsmetadata är ogiltigt." -#: src/cryptsetup.c:171 +#: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Krypteringsparametrar för nyckelplatser stöds endast av LUKS2-enheter." -#: src/cryptsetup.c:198 +#: src/cryptsetup.c:108 #, c-format msgid "Enter token PIN:" msgstr "Ange token-PIN:" -#: src/cryptsetup.c:200 +#: src/cryptsetup.c:110 #, c-format msgid "Enter token %d PIN:" msgstr "Ange token-PIN %d :" -#: src/cryptsetup.c:245 src/cryptsetup.c:1057 src/cryptsetup.c:1401 -#: src/cryptsetup.c:3288 src/cryptsetup_reencrypt.c:700 -#: src/cryptsetup_reencrypt.c:770 +#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 +#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Inget känt chifferspecifikationsmönster kunde identifieras." -#: src/cryptsetup.c:253 +#: src/cryptsetup.c:167 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "VARNING: parametern --hash ignoreras i plain-läge med specificerad nyckelfil.\n" -#: src/cryptsetup.c:261 +#: src/cryptsetup.c:175 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "VARNING: flaggan --keyfile-size ignoreras, lässtorleken är densamma som storleken för krypteringsnyckeln.\n" -#: src/cryptsetup.c:301 +#: src/cryptsetup.c:215 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Identfierar enhetssignatur(er) på %s. Att fortsätta kan skada befintlig data." -#: src/cryptsetup.c:307 src/cryptsetup.c:1197 src/cryptsetup.c:1253 -#: src/cryptsetup.c:1378 src/cryptsetup.c:1451 src/cryptsetup.c:2099 -#: src/cryptsetup.c:2805 src/cryptsetup.c:2927 src/integritysetup.c:176 +#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 +#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 +#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:275 msgid "Operation aborted.\n" msgstr "Åtgärd avbruten.\n" -#: src/cryptsetup.c:375 +#: src/cryptsetup.c:294 msgid "Option --key-file is required." msgstr "Flaggan --key-file krävs." -#: src/cryptsetup.c:426 +#: src/cryptsetup.c:345 msgid "Enter VeraCrypt PIM: " msgstr "Ange VeraCrypt PIM: " -#: src/cryptsetup.c:435 +#: src/cryptsetup.c:354 msgid "Invalid PIM value: parse error." msgstr "Ogiltigt PIM-värde:tolkningsfel." -#: src/cryptsetup.c:438 +#: src/cryptsetup.c:357 msgid "Invalid PIM value: 0." msgstr "Ogiltigt PIM-värde: 0." -#: src/cryptsetup.c:441 +#: src/cryptsetup.c:360 msgid "Invalid PIM value: outside of range." msgstr "Ogiltigt PIM-värde:utanför intervallet." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:383 msgid "No device header detected with this passphrase." msgstr "Inget enhetshuvud finns tillgängligt med denna lösenfras." -#: src/cryptsetup.c:537 +#: src/cryptsetup.c:456 src/cryptsetup.c:632 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "Enheten %s är inte en giltig BITLK-enhet." -#: src/cryptsetup.c:545 +#: src/cryptsetup.c:464 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Det går inte att avgöra volymens nyckelstorlek för BTLK, använd flaggan --key-size." -#: src/cryptsetup.c:588 +#: src/cryptsetup.c:506 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1819,7 +1900,7 @@ "som tillåter åtkomst till krypterad partition utan lösenfras.\n" "Denna utskrift bör alltid lagras krypterad på ett säkert ställe." -#: src/cryptsetup.c:661 src/cryptsetup.c:2125 +#: src/cryptsetup.c:573 src/cryptsetup.c:2019 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1829,88 +1910,104 @@ "som tillåter åtkomst till krypterad partition utan lösenfras.\n" "Denna utskrift bör alltid lagras krypterad på ett säkert ställe." -#: src/cryptsetup.c:756 src/veritysetup.c:318 src/integritysetup.c:313 +#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Enheten %s är fortfarande aktiv och schemalagd för uppskjuten borttagning.\n" -#: src/cryptsetup.c:790 +#: src/cryptsetup.c:698 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Att ändra storlek på aktiv enhet kräver volymnyckel i nyckelringen, men -flaggan --disable-keyring är angiven." -#: src/cryptsetup.c:936 +#: src/cryptsetup.c:845 msgid "Benchmark interrupted." msgstr "Prestandamätning avbruten." -#: src/cryptsetup.c:957 +#: src/cryptsetup.c:866 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s N/A\n" -#: src/cryptsetup.c:959 +#: src/cryptsetup.c:868 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u iterationer per sekund för %zu-bitnyckel\n" -#: src/cryptsetup.c:973 +#: src/cryptsetup.c:882 #, c-format msgid "%-10s N/A\n" msgstr "%-10s N/A\n" -#: src/cryptsetup.c:975 +#: src/cryptsetup.c:884 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u iterationer, %5u minne, %1u parallella trådar (CPU:er) för %zu-bitnyckelplats (begärde %u ms)\n" -#: src/cryptsetup.c:999 +#: src/cryptsetup.c:908 msgid "Result of benchmark is not reliable." msgstr "Resultat från prestandamätningen är inte pålitligt." -#: src/cryptsetup.c:1049 +#: src/cryptsetup.c:958 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Tester är ungefärliga och använder endast minne (ingen lagrings-IO).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1069 +#: src/cryptsetup.c:978 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algoritm | Nyckel | Kryptering | Avkryptering\n" -#: src/cryptsetup.c:1073 +#: src/cryptsetup.c:982 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Chiffret %s (med nyckel av %i bitar) är inte tillgängligt." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1092 +#: src/cryptsetup.c:1001 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algoritm | Nyckel | Kryptering | AVkryptering\n" -#: src/cryptsetup.c:1103 +#: src/cryptsetup.c:1012 msgid "N/A" msgstr "N/A" -#: src/cryptsetup.c:1190 +#: src/cryptsetup.c:1037 msgid "" -"Seems device does not require reencryption recovery.\n" -"Do you want to proceed anyway?" +"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" +"and continue (upgrade metadata) only if you acknowledge the operation as genuine." msgstr "" -"Verkar som enheten inte kräver omkrypteringsåterställning.\n" -"Vill du ändå fortsätta?" +"Oskyddad LUKS2-omkryperingsmetadata identiferad. Vänligen verifiera att omkryperingsåtgärden behövs (se luksDump-utdata)\n" +"och fortsätt (uppgradera metadata) endast om du anser åtgärden som behövd." + +#: src/cryptsetup.c:1043 +msgid "Enter passphrase to protect and upgrade reencryption metadata: " +msgstr "Ange lösenfras för att skydda och uppgradera omkrypteringmetadata:" -#: src/cryptsetup.c:1196 +#: src/cryptsetup.c:1087 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Vill du verkligen fortsätta med LUKS2-omkrypteringsåterställning?" -#: src/cryptsetup.c:1204 +#: src/cryptsetup.c:1096 +msgid "Enter passphrase to verify reencryption metadata digest: " +msgstr "Ange lösenfras för att verifiera sammandrag för metadata-omkryptering:" + +#: src/cryptsetup.c:1098 msgid "Enter passphrase for reencryption recovery: " msgstr "Ange lösenfras för omkrypteringsåterhämtning: " -#: src/cryptsetup.c:1252 +#: src/cryptsetup.c:1153 msgid "Really try to repair LUKS device header?" msgstr "Vill du verkligen försöka att reparera LUKS-enhetshuvud?" -#: src/cryptsetup.c:1277 src/integritysetup.c:90 +#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Skrivning avbruten." + +#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -1918,113 +2015,119 @@ "Rensar enheten för att initialisera kontrollsumma för integritet.\n" "Du kan avbryta detta genom att trycka ned CTRL+c (resten av den ej rensade enheten kommer att innehålla en ogiltigt kontrollsumma).\n" -#: src/cryptsetup.c:1299 src/integritysetup.c:112 +#: src/cryptsetup.c:1204 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Det går inte att inaktivera temporär enhet %s." -#: src/cryptsetup.c:1363 +#: src/cryptsetup.c:1255 msgid "Integrity option can be used only for LUKS2 format." msgstr "Flaggan för integritet kan endast användas för formatet LUKS2." -#: src/cryptsetup.c:1368 src/cryptsetup.c:1428 +#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 msgid "Unsupported LUKS2 metadata size options." msgstr "Flaggorna för storlekar på LUKS2-metadata stöds inte." -#: src/cryptsetup.c:1377 +#: src/cryptsetup.c:1269 msgid "Header file does not exist, do you want to create it?" msgstr "Deklarationsfilen existerar inte, vill du skapa den?" -#: src/cryptsetup.c:1385 +#: src/cryptsetup.c:1277 #, c-format msgid "Cannot create header file %s." msgstr "Det går inte att skapa huvudfil %s." -#: src/cryptsetup.c:1408 src/integritysetup.c:138 src/integritysetup.c:146 -#: src/integritysetup.c:155 src/integritysetup.c:230 src/integritysetup.c:238 -#: src/integritysetup.c:248 +#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 +#: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Inga kända integritetspecifikationsmönster identifierat." -#: src/cryptsetup.c:1421 +#: src/cryptsetup.c:1313 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Det går inte att använda %s som diskhuvud." -#: src/cryptsetup.c:1445 src/integritysetup.c:170 +#: src/cryptsetup.c:1337 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Detta kommer att skriva över data på %s och går inte att ångra." -#: src/cryptsetup.c:1478 src/cryptsetup.c:1814 src/cryptsetup.c:1879 -#: src/cryptsetup.c:1981 src/cryptsetup.c:2047 src/cryptsetup_reencrypt.c:530 +#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 +#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Misslyckades med att sätta pbkdf-parametrar." -#: src/cryptsetup.c:1563 +#: src/cryptsetup.c:1455 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Förminskad dataoffset endast tillåtet för fristående LUKS-huvuden." -#: src/cryptsetup.c:1574 src/cryptsetup.c:1885 +#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Det går inte att avgöra volymens nyckelstorlek för LUKS utan nyckelplatser, använd flaggen --key-size." -#: src/cryptsetup.c:1619 +#: src/cryptsetup.c:1512 msgid "Device activated but cannot make flags persistent." msgstr "Enheten aktiverad men kan inte spara undan flaggorna." -#: src/cryptsetup.c:1698 src/cryptsetup.c:1766 +#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Nyckelplats %d markerad för borttagning." -#: src/cryptsetup.c:1710 src/cryptsetup.c:1770 +#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Detta är sista nyckelplatsen. Enheten kommer att bli oanvändbar efter att denna nyckel tagits bort." -#: src/cryptsetup.c:1711 +#: src/cryptsetup.c:1604 msgid "Enter any remaining passphrase: " msgstr "Ange eventuell återstående lösenfras: " -#: src/cryptsetup.c:1712 src/cryptsetup.c:1772 +#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Åtgärden avbröts, nyckelplatsen raderades INTE.\n" -#: src/cryptsetup.c:1748 +#: src/cryptsetup.c:1641 msgid "Enter passphrase to be deleted: " msgstr "Ange lösenfras att ta bort: " -#: src/cryptsetup.c:1828 src/cryptsetup.c:1900 src/cryptsetup.c:1934 +#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 +#: src/cryptsetup.c:2649 +#, c-format +msgid "Device %s is not a valid LUKS2 device." +msgstr "Enheten %s är inte en giltig LUKS2-enhet." + +#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 msgid "Enter new passphrase for key slot: " msgstr "Ange ny lösenfras för nyckelplats: " -#: src/cryptsetup.c:1917 src/cryptsetup_reencrypt.c:1328 +#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Ange valfri existerande lösenfras: " -#: src/cryptsetup.c:1985 +#: src/cryptsetup.c:1880 msgid "Enter passphrase to be changed: " msgstr "Ange lösenfras att ändra: " -#: src/cryptsetup.c:2001 src/cryptsetup_reencrypt.c:1314 +#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Ange ny lösenfras: " -#: src/cryptsetup.c:2051 +#: src/cryptsetup.c:1946 msgid "Enter passphrase for keyslot to be converted: " msgstr "Ange lösenfras för nyckelplats att konvertera: " -#: src/cryptsetup.c:2075 +#: src/cryptsetup.c:1970 msgid "Only one device argument for isLuks operation is supported." msgstr "Endast ett enhetsargument för operationen isLuks stöds." -#: src/cryptsetup.c:2190 +#: src/cryptsetup.c:2078 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Nyckelplats %d innehåller inte obunden nyckel." -#: src/cryptsetup.c:2195 +#: src/cryptsetup.c:2083 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2032,40 +2135,40 @@ "Utskrift av huvudet med obunden nyckel är känslig information.\n" "Denna utskrift bör alltid lagras krypterad på ett säkert ställe." -#: src/cryptsetup.c:2286 src/cryptsetup.c:2314 +#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 #, c-format msgid "%s is not active %s device name." msgstr "%s är inte ett aktivt %s-enhetsnamn." -#: src/cryptsetup.c:2309 +#: src/cryptsetup.c:2193 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s är inte ett aktivt LUKS-enhetsnamn eller så saknas deklaration." -#: src/cryptsetup.c:2347 src/cryptsetup.c:2366 +#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 msgid "Option --header-backup-file is required." msgstr "Flaggan --header-backup-file krävs." -#: src/cryptsetup.c:2397 +#: src/cryptsetup.c:2305 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s är inte en cryptsetup-hanterad enhet." -#: src/cryptsetup.c:2408 +#: src/cryptsetup.c:2316 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Att uppdatera stöds inte för enhetstypen %s" -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2362 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Okänd metadata för enhetstypen %s." -#: src/cryptsetup.c:2456 +#: src/cryptsetup.c:2364 msgid "Command requires device and mapped name as arguments." msgstr "Kommandot kräver enhet och mappat namn som argument." -#: src/cryptsetup.c:2477 +#: src/cryptsetup.c:2385 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2074,335 +2177,325 @@ "Denna åtgärd kommer att ta bort alla nyckelplatser på enhet %s.\n" "Enheten kommer att bli oanvändbar efter denna åtgärd." -#: src/cryptsetup.c:2484 +#: src/cryptsetup.c:2392 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Åtgärden avbryten, nyckelplatser raderades EJ.\n" -#: src/cryptsetup.c:2523 +#: src/cryptsetup.c:2431 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Ogiltig LUKS-typ, endast luks1 och luks2 stöds." -#: src/cryptsetup.c:2539 +#: src/cryptsetup.c:2447 #, c-format msgid "Device is already %s type." msgstr "Enheten är redan av %s-typ." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2454 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Denna åtgärd kommer att konvertera %s till %s-format.\n" -#: src/cryptsetup.c:2549 +#: src/cryptsetup.c:2457 msgid "Operation aborted, device was NOT converted.\n" msgstr "Åtgärden avbröts, enheten konverterades INTE.\n" -#: src/cryptsetup.c:2589 +#: src/cryptsetup.c:2497 msgid "Option --priority, --label or --subsystem is missing." msgstr "Saknar flaggan --priority, --label eller --subsystem." -#: src/cryptsetup.c:2623 src/cryptsetup.c:2660 src/cryptsetup.c:2680 +#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 #, c-format msgid "Token %d is invalid." msgstr "Token %d är ogiltig." -#: src/cryptsetup.c:2626 src/cryptsetup.c:2683 +#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 #, c-format msgid "Token %d in use." msgstr "Token %d används." -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2546 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Misslyckades med att lägga till luks2-nyckelringsstoken %d." -#: src/cryptsetup.c:2646 src/cryptsetup.c:2709 +#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Misslyckades med att tilldela token %d till nyckelplats %d." -#: src/cryptsetup.c:2663 +#: src/cryptsetup.c:2571 #, c-format msgid "Token %d is not in use." msgstr "Token %d används ej." -#: src/cryptsetup.c:2700 +#: src/cryptsetup.c:2608 msgid "Failed to import token from file." msgstr "Misslyckades med att importera token från fil." -#: src/cryptsetup.c:2725 +#: src/cryptsetup.c:2633 #, c-format msgid "Failed to get token %d for export." msgstr "Misslyckades med att hämta token %d för export." -#: src/cryptsetup.c:2789 -#, c-format -msgid "Auto-detected active dm device '%s' for data device %s.\n" -msgstr "Auto-identifierade aktiv dm-enhet ”%s” för dataenheten %s.\n" +#: src/cryptsetup.c:2682 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Flaggorna --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup stöds endast på TCRYPT-enhet." -#: src/cryptsetup.c:2793 -#, c-format -msgid "Device %s is not a block device.\n" -msgstr "Enheten %s är inte en giltig blockenhet.\n" +#: src/cryptsetup.c:2685 +msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." +msgstr "Flaggan --veracrypt eller --disable-veracrypt stöds endast för TCRYPT-enhetstyper." -#: src/cryptsetup.c:2795 -#, c-format -msgid "Failed to auto-detect device %s holders." -msgstr "Misslyckades med att identifiera kopplingarna till enhet %s." +#: src/cryptsetup.c:2688 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Flaggan --veracrypt-pim stöds endast för VeraCrypt-kompatibla enheter." -#: src/cryptsetup.c:2799 -#, c-format -msgid "" -"Unable to decide if device %s is activated or not.\n" -"Are you sure you want to proceed with reencryption in offline mode?\n" -"It may lead to data corruption if the device is actually activated.\n" -"To run reencryption in online mode, use --active-name parameter instead.\n" -msgstr "" -"Det går inte att avgöra om enheten %s är aktiverade eller ej.\n" -"Är du säker på att du vill fortsätta kryptera om i frånkopplat läge?\n" -"Det kan leda till datakorruption om enheten är aktiverad.\n" -"För att kryptera om i uppkopplat läge, använd istället flaggan --active-name.\n" +#: src/cryptsetup.c:2692 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Flaggan --veracrypt-query-pim stöds endast för VeraCrypt-kompatibla enheter." -#: src/cryptsetup.c:2881 -msgid "Encryption is supported only for LUKS2 format." -msgstr "Kryptering stöds endast för formatet LUKS2." +#: src/cryptsetup.c:2694 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Flaggorna --veracrypt-pim och --veracrypt-query-pim är ömsesidigt uteslutande." -#: src/cryptsetup.c:2886 -msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." -msgstr "Kryptering utan frånkopplat huvud (--header) är inte möjligt utan att minska datastorleken på enheten (--reduce-device-size)." +#: src/cryptsetup.c:2703 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Flaggan --persistent är ej tillåtet med --test-passphrase." -#: src/cryptsetup.c:2891 -msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." -msgstr "Begärd dataförskjutning måste vara mindre än, eller lika med halva av parametern --reduce-device-size." +#: src/cryptsetup.c:2706 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Flaggorna --refresh och --test-passphrase är ömsesidigt uteslutande." -#: src/cryptsetup.c:2900 -#, c-format -msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" -msgstr "Justera värdet av --reduce-device-size-värdet till dubbla --offset % (sektorer).\n" +#: src/cryptsetup.c:2709 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Flaggan --shared är endast tillåten för öppning av plain-enhet." -#: src/cryptsetup.c:2923 -#, c-format -msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" -msgstr "Identifierade LUKS-enhet på %s. Vill du kryptera LUKS-enheten igen?" +#: src/cryptsetup.c:2712 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Flaggan --skip stöds endast för öppning av plain-enheter och loopaes-enheter." -#: src/cryptsetup.c:2941 -#, c-format -msgid "Temporary header file %s already exists. Aborting." -msgstr "Tillfällig huvudfil %s finns redan. Avbryter." +#: src/cryptsetup.c:2715 +msgid "Option --offset with open action is only supported for plain and loopaes devices." +msgstr "Flaggan --offset med åtgärden öppna stöds endast för öppning av plain-enheter och loopaes-enheter." -#: src/cryptsetup.c:2943 src/cryptsetup.c:2950 -#, c-format -msgid "Cannot create temporary header file %s." -msgstr "Det går inte att skapa tillfällig huvudfil %s." +#: src/cryptsetup.c:2718 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Flaggan --tcrypt-hidden kan inte kombineras med --allow-discards." -#: src/cryptsetup.c:2975 -msgid "LUKS2 metadata size is larger than data shift value." -msgstr "LUKS2-metadatastorleken är större än dataskift-värdet." +#: src/cryptsetup.c:2722 +msgid "Sector size option with open action is supported only for plain devices." +msgstr "Flaggan för sektorstorlek med åtgärden öppna stöds endast för plain-enheter." -#: src/cryptsetup.c:3007 -#, c-format -msgid "Failed to place new header at head of device %s." -msgstr "Misslyckades med att placera ny header i början på enheten %s." +#: src/cryptsetup.c:2726 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Flaggan för stora IV-sektorer stöds endast för att öppna enheter av plain-typ med sektorstorlek större än 512 byte." -#: src/cryptsetup.c:3018 -#, c-format -msgid "%s/%s is now active and ready for online encryption.\n" -msgstr "%s/%s är nu aktiv och redo för uppkopplad kryptering.\n" +#: src/cryptsetup.c:2730 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Flaggan --test-passphrase är endast tillåten för open för LUKS-, TCRYPT-, och BITLK-enheter." -#: src/cryptsetup.c:3055 -msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." -msgstr "LUKS2-dekryptering stöds endast för enheter med fristående header (med data-offset satt till 0)." +#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +msgid "Options --device-size and --size cannot be combined." +msgstr "Flaggan --device-size och --size kan inte kombineras." -#: src/cryptsetup.c:3189 src/cryptsetup.c:3195 -msgid "Not enough free keyslots for reencryption." -msgstr "Inte nog med fria nyckelplatser för omkryptering." +#: src/cryptsetup.c:2736 +msgid "Option --unbound is allowed only for open of luks device." +msgstr "Flaggan --unbound är endast tillåten för öppning av luks-enhet." + +#: src/cryptsetup.c:2739 +msgid "Option --unbound cannot be used without --test-passphrase." +msgstr "Flaggan --unbound kan inte användas utan --test-passphrase." -#: src/cryptsetup.c:3215 src/cryptsetup_reencrypt.c:1279 -msgid "Key file can be used only with --key-slot or with exactly one key slot active." -msgstr "Nyckelfil kan endast användas med --key-slot eller precis en aktiv nyckelplats." +#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +msgid "Options --cancel-deferred and --deferred cannot be used at the same time." +msgstr "Flaggorna --cancel-deferred och --deferred går inte att använda samtidigt." -#: src/cryptsetup.c:3224 src/cryptsetup_reencrypt.c:1326 -#: src/cryptsetup_reencrypt.c:1337 -#, c-format -msgid "Enter passphrase for key slot %d: " -msgstr "Ange lösenfras för nyckelplats %d: " +#: src/cryptsetup.c:2764 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Flaggan --reduce-device-size och --data-size kan inte kombineras." -#: src/cryptsetup.c:3233 -#, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Ange lösenfras för nyckelplats %u: " +#: src/cryptsetup.c:2767 +msgid "Option --active-name can be set only for LUKS2 device." +msgstr "Flaggan --active-name kan endast anges för LUKS2-enheter." + +#: src/cryptsetup.c:2770 +msgid "Options --active-name and --force-offline-reencrypt cannot be combined." +msgstr "Flaggan --active-name och --force-offline-reencrypt kan inte kombineras." -#: src/cryptsetup.c:3278 -#, c-format -msgid "Switching data encryption cipher to %s.\n" -msgstr "Byter krypteringschiffer till %s.\n" +#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +msgid "Keyslot specification is required." +msgstr "Specifikation för nyckelplats krävs." -#: src/cryptsetup.c:3415 -msgid "Command requires device as argument." -msgstr "Kommandot kräver en enhet som argument." +#: src/cryptsetup.c:2786 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Flaggan --align-payload och --offset kan inte kombineras." -#: src/cryptsetup.c:3437 -msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." -msgstr "Stödjer endast LUKS2-formatet. Använd verktyget cryptsetup-reencrypt för LUKS1." - -#: src/cryptsetup.c:3449 -msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." -msgstr "Föråldrad frånkopplad omkryptering pågår redan. Använd verktyget cryptsetup-reencrypt." +#: src/cryptsetup.c:2789 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Flaggan --integrity-no-wipe kan endast användas för åtgärden formatera med integritetsutökningar." -#: src/cryptsetup.c:3459 src/cryptsetup_reencrypt.c:155 -msgid "Reencryption of device with integrity profile is not supported." -msgstr "Kryptering för enhet med integritetsprofil stöds ej." +#: src/cryptsetup.c:2792 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Endast en av flaggorna --use-[u]random är tillåten." -#: src/cryptsetup.c:3467 -msgid "LUKS2 reencryption already initialized. Aborting operation." -msgstr "LUKS2-omkryptering är redan initierad. Avbryter åtgärd." +#: src/cryptsetup.c:2800 +msgid "Key size is required with --unbound option." +msgstr "Nyckelstorlek krävs med flaggan --unbound." + +#: src/cryptsetup.c:2819 +msgid "Invalid token action." +msgstr "Ogiltig tokenåtgärd." + +#: src/cryptsetup.c:2822 +msgid "--key-description parameter is mandatory for token add action." +msgstr "parametern --key-description krävs för åtgärden lägg till token." -#: src/cryptsetup.c:3471 -msgid "LUKS2 device is not in reencryption." -msgstr "LUKS2-enheten är inte i omkryptering." +#: src/cryptsetup.c:2826 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Åtgärden kräver specifik token. Använd parametern --token-id." -#: src/cryptsetup.c:3498 +#: src/cryptsetup.c:2840 msgid " [--type ] []" msgstr " [--type ] []" -#: src/cryptsetup.c:3498 src/veritysetup.c:480 src/integritysetup.c:446 +#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 msgid "open device as " msgstr "öppna enhet som " -#: src/cryptsetup.c:3499 src/cryptsetup.c:3500 src/cryptsetup.c:3501 -#: src/veritysetup.c:481 src/veritysetup.c:482 src/integritysetup.c:447 -#: src/integritysetup.c:448 +#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 +#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "" -#: src/cryptsetup.c:3499 src/veritysetup.c:481 src/integritysetup.c:447 +#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "stäng enhet (ta bort mappning)" -#: src/cryptsetup.c:3500 +#: src/cryptsetup.c:2842 src/integritysetup.c:539 msgid "resize active device" msgstr "ändra storlek på aktiv enhet" -#: src/cryptsetup.c:3501 +#: src/cryptsetup.c:2843 msgid "show device status" msgstr "visa enhetsstatus" -#: src/cryptsetup.c:3502 +#: src/cryptsetup.c:2844 msgid "[--cipher ]" msgstr "[--cipher ]" -#: src/cryptsetup.c:3502 +#: src/cryptsetup.c:2844 msgid "benchmark cipher" msgstr "prestandamät chiffer" -#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505 -#: src/cryptsetup.c:3506 src/cryptsetup.c:3507 src/cryptsetup.c:3514 -#: src/cryptsetup.c:3515 src/cryptsetup.c:3516 src/cryptsetup.c:3517 -#: src/cryptsetup.c:3518 src/cryptsetup.c:3519 src/cryptsetup.c:3520 -#: src/cryptsetup.c:3521 src/cryptsetup.c:3522 +#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 +#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 +#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 +#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 +#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 msgid "" msgstr "" -#: src/cryptsetup.c:3503 +#: src/cryptsetup.c:2845 msgid "try to repair on-disk metadata" msgstr "försök att reparera metadata på disken" -#: src/cryptsetup.c:3504 +#: src/cryptsetup.c:2846 msgid "reencrypt LUKS2 device" msgstr "omkryptering av LUKS2-enhet" -#: src/cryptsetup.c:3505 +#: src/cryptsetup.c:2847 msgid "erase all keyslots (remove encryption key)" msgstr "ta bort alla nyckelplatser (ta bort krypteringsnyckeln)" -#: src/cryptsetup.c:3506 +#: src/cryptsetup.c:2848 msgid "convert LUKS from/to LUKS2 format" msgstr "konvertera LUKS från/till LUKS2-format" -#: src/cryptsetup.c:3507 +#: src/cryptsetup.c:2849 msgid "set permanent configuration options for LUKS2" msgstr "ange permanenta konfigurationsflaggor för LUKS2" -#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 +#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 msgid " []" msgstr " []" -#: src/cryptsetup.c:3508 +#: src/cryptsetup.c:2850 msgid "formats a LUKS device" msgstr "formaterar en LUKS-enhet" -#: src/cryptsetup.c:3509 +#: src/cryptsetup.c:2851 msgid "add key to LUKS device" msgstr "lägg till nyckel till LUKS-enhet" -#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3512 +#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 msgid " []" msgstr " []" -#: src/cryptsetup.c:3510 +#: src/cryptsetup.c:2852 msgid "removes supplied key or key file from LUKS device" msgstr "tar bort angiven nyckel eller nyckelfil från LUKS-enhet" -#: src/cryptsetup.c:3511 +#: src/cryptsetup.c:2853 msgid "changes supplied key or key file of LUKS device" msgstr "ändrar angiven nyckel eller nyckelfil för LUKS-enhet" -#: src/cryptsetup.c:3512 +#: src/cryptsetup.c:2854 msgid "converts a key to new pbkdf parameters" msgstr "konverterar en nyckel till nya pbkdf-parametrar" -#: src/cryptsetup.c:3513 +#: src/cryptsetup.c:2855 msgid " " msgstr " " -#: src/cryptsetup.c:3513 +#: src/cryptsetup.c:2855 msgid "wipes key with number from LUKS device" msgstr "rensar nyckeln med nummer från LUKS-enhet" -#: src/cryptsetup.c:3514 +#: src/cryptsetup.c:2856 msgid "print UUID of LUKS device" msgstr "skriv ut UUID för LUKS-enhet" -#: src/cryptsetup.c:3515 +#: src/cryptsetup.c:2857 msgid "tests for LUKS partition header" msgstr "testar för LUKS-partitionshuvud" -#: src/cryptsetup.c:3516 +#: src/cryptsetup.c:2858 msgid "dump LUKS partition information" msgstr "skriver ut information om LUKS-partition" -#: src/cryptsetup.c:3517 +#: src/cryptsetup.c:2859 msgid "dump TCRYPT device information" msgstr "skriver ut information om TCRYPT-partition" -#: src/cryptsetup.c:3518 +#: src/cryptsetup.c:2860 msgid "dump BITLK device information" msgstr "skriv ut BITLK-enhetsinformation" -#: src/cryptsetup.c:3519 +#: src/cryptsetup.c:2861 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Försätt LUKS-enhet i vänteläge och rensa nyckel (alla in-/ut-åtgärder är frusna)" -#: src/cryptsetup.c:3520 +#: src/cryptsetup.c:2862 msgid "Resume suspended LUKS device" msgstr "Återuppta LUKS-enhet i vänteläge" -#: src/cryptsetup.c:3521 +#: src/cryptsetup.c:2863 msgid "Backup LUKS device header and keyslots" msgstr "Säkerhetskopiera huvud och nyckelplatser från LUKS-enhet" -#: src/cryptsetup.c:3522 +#: src/cryptsetup.c:2864 msgid "Restore LUKS device header and keyslots" msgstr "Återställ huvud och nyckelplatser för LUKS-enhet" -#: src/cryptsetup.c:3523 +#: src/cryptsetup.c:2865 msgid " " msgstr " " -#: src/cryptsetup.c:3523 +#: src/cryptsetup.c:2865 msgid "Manipulate LUKS2 tokens" msgstr "Manipulera LUKS2-token" -#: src/cryptsetup.c:3543 src/veritysetup.c:498 src/integritysetup.c:464 +#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2410,7 +2503,7 @@ "\n" "<åtgärd> är en av:\n" -#: src/cryptsetup.c:3549 +#: src/cryptsetup.c:2890 msgid "" "\n" "You can also use old syntax aliases:\n" @@ -2422,7 +2515,7 @@ "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkOpen\n" -#: src/cryptsetup.c:3553 +#: src/cryptsetup.c:2894 #, c-format msgid "" "\n" @@ -2437,7 +2530,7 @@ " är numret för LUKS-nyckelplatsen att ändra\n" " valfri nyckelfil för den nya nyckeln för luksAddKey-åtgärden\n" -#: src/cryptsetup.c:3560 +#: src/cryptsetup.c:2901 #, c-format msgid "" "\n" @@ -2446,7 +2539,7 @@ "\n" "Inkompilerat standardmetadataformat är %s (för luksFormat-åtgärd).\n" -#: src/cryptsetup.c:3565 src/cryptsetup.c:3568 +#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 #, c-format msgid "" "\n" @@ -2455,20 +2548,20 @@ "\n" "Stöd för externa LUKS2-insticksmoduler är %s.\n" -#: src/cryptsetup.c:3565 +#: src/cryptsetup.c:2906 msgid "compiled-in" msgstr "inkompilerad" -#: src/cryptsetup.c:3566 +#: src/cryptsetup.c:2907 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Sökväg för externa LUKS2-insticksmoduler är %s.\n" -#: src/cryptsetup.c:3568 +#: src/cryptsetup.c:2909 msgid "disabled" msgstr "inaktiverad" -#: src/cryptsetup.c:3572 +#: src/cryptsetup.c:2913 #, c-format msgid "" "\n" @@ -2485,7 +2578,7 @@ "Standard-PBKDF för LUKS2: %s\n" "\tIterationstid: %d, Minne: %dkB, Parallella trådar: %d\n" -#: src/cryptsetup.c:3583 +#: src/cryptsetup.c:2924 #, c-format msgid "" "\n" @@ -2500,294 +2593,189 @@ "\tplain: %s, Nyckel: %d bitar, Lösenordshashning: %s\n" "\tLUKS1: %s, Nyckel: %d bitar, LUKS-huvudhashning %s, RNG: %s\n" -#: src/cryptsetup.c:3592 +#: src/cryptsetup.c:2933 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: Standardnyckelstorlek med XTS-läge (två interna nycklar) kommer att dubbleras.\n" -#: src/cryptsetup.c:3610 src/veritysetup.c:637 src/integritysetup.c:620 +#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: kräver %s som argument" -#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1379 -#: src/cryptsetup_reencrypt.c:1704 +#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 msgid "Key slot is invalid." msgstr "Nyckelplatsen är ogiltig." -#: src/cryptsetup.c:3675 +#: src/cryptsetup.c:3024 msgid "Device size must be multiple of 512 bytes sector." msgstr "Enhetsstorlek måste vara en multipel av sektor på 512-byte." -#: src/cryptsetup.c:3680 +#: src/cryptsetup.c:3029 msgid "Invalid max reencryption hotzone size specification." msgstr "Ogiltig högsta storlekspecifikation för varm zon-omkryptering." -#: src/cryptsetup.c:3694 src/cryptsetup.c:3706 src/cryptsetup_reencrypt.c:1623 +#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 msgid "Key size must be a multiple of 8 bits" msgstr "Nyckelstorlek måste vara en multipel av 8 bitar" -#: src/cryptsetup.c:3711 +#: src/cryptsetup.c:3060 msgid "Maximum device reduce size is 1 GiB." msgstr "Högsta förminskningsstorlek för enhet är 1 GiB." -#: src/cryptsetup.c:3714 src/cryptsetup_reencrypt.c:1631 +#: src/cryptsetup.c:3063 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Minskningsstorlek måste vara en multipel av 512-bytesektor." -#: src/cryptsetup.c:3731 +#: src/cryptsetup.c:3080 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Flaggan --priority kan endast vara ignore/normal/prefer." -#: src/cryptsetup.c:3741 src/veritysetup.c:561 src/integritysetup.c:543 -#: src/cryptsetup_reencrypt.c:1641 +#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 msgid "Show this help message" msgstr "Visa detta hjälpmeddelande" -#: src/cryptsetup.c:3742 src/veritysetup.c:562 src/integritysetup.c:544 -#: src/cryptsetup_reencrypt.c:1642 +#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Visa kort information om användning" -#: src/cryptsetup.c:3743 src/veritysetup.c:563 src/integritysetup.c:545 -#: src/cryptsetup_reencrypt.c:1643 +#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 msgid "Print package version" msgstr "Skriv ut paketversion" -#: src/cryptsetup.c:3754 src/veritysetup.c:574 src/integritysetup.c:556 -#: src/cryptsetup_reencrypt.c:1654 +#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 msgid "Help options:" msgstr "Hjälpflaggor:" -#: src/cryptsetup.c:3771 src/veritysetup.c:592 src/integritysetup.c:573 +#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[FLAGGA…] <åtgärd> <åtgärdsspecifik>" -#: src/cryptsetup.c:3780 src/veritysetup.c:601 src/integritysetup.c:584 +#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 msgid "Argument missing." msgstr "Argumentet <åtgärd> saknas." -#: src/cryptsetup.c:3850 src/veritysetup.c:632 src/integritysetup.c:615 +#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 msgid "Unknown action." msgstr "Okänd åtgärd." -#: src/cryptsetup.c:3861 -msgid "Options --refresh and --test-passphrase are mutually exclusive." -msgstr "Flaggorna --refresh och --test-passphrase är ömsesidigt uteslutande." - -#: src/cryptsetup.c:3866 src/veritysetup.c:656 src/integritysetup.c:663 -msgid "Options --cancel-deferred and --deferred cannot be used at the same time." -msgstr "Flaggorna --cancel-deferred och --deferred går inte att använda samtidigt." - -#: src/cryptsetup.c:3872 -msgid "Option --shared is allowed only for open of plain device." -msgstr "Flaggan --shared är endast tillåten för öppning av plain-enhet." - -#: src/cryptsetup.c:3877 -msgid "Option --persistent is not allowed with --test-passphrase." -msgstr "Flaggan --persistent är ej tillåtet med --test-passphrase." - -#: src/cryptsetup.c:3882 -msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." -msgstr "Flaggan --integrity-no-wipe kan endast användas för åtgärden formatera med integritetsutökningar." - -#: src/cryptsetup.c:3889 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Flaggan --test-passphrase är endast tillåten för open för LUKS-, TCRYPT-, och BITLK-enheter." - -#: src/cryptsetup.c:3901 +#: src/cryptsetup.c:3229 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Flaggan --key-file åsidosätter specificerade nyckelfilsargument." -#: src/cryptsetup.c:3907 +#: src/cryptsetup.c:3235 msgid "Only one --key-file argument is allowed." msgstr "Endast ett argument för --key-file är tillåtet." -#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1689 -#: src/cryptsetup_reencrypt.c:1708 -msgid "Only one of --use-[u]random options is allowed." -msgstr "Endast en av flaggorna --use-[u]random är tillåten." +#: src/cryptsetup.c:3240 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Password-based key derivation function (PBKDF) kan endast vara pbkdf2 eller argon2i/argon2id." -#: src/cryptsetup.c:3915 -msgid "Options --align-payload and --offset cannot be combined." -msgstr "Flaggan --align-payload och --offset kan inte kombineras." +#: src/cryptsetup.c:3245 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Tvingade PBKDF-iterationer går inte att kombinera med flaggan iteration time." -#: src/cryptsetup.c:3921 -msgid "Option --skip is supported only for open of plain and loopaes devices." -msgstr "Flaggan --skip stöds endast för öppning av plain-enheter och loopaes-enheter." +#: src/cryptsetup.c:3256 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Flaggorna --keyslot-cipher och --keyslot-key-size måste användas tillsammans." -#: src/cryptsetup.c:3927 -msgid "Option --offset with open action is only supported for plain and loopaes devices." -msgstr "Flaggan --offset med åtgärden öppna stöds endast för öppning av plain-enheter och loopaes-enheter." +#: src/cryptsetup.c:3264 +msgid "No action taken. Invoked with --test-args option.\n" +msgstr "Ingen åtgärd utfördes. Startades med flaggan --test-args\n" -#: src/cryptsetup.c:3933 -msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." -msgstr "Flaggorna --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup stöds endast på TCRYPT-enhet." +#: src/cryptsetup.c:3277 +msgid "Cannot disable metadata locking." +msgstr "Det går inte att inaktivera metadatalås." -#: src/cryptsetup.c:3938 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." -msgstr "Flaggan --tcrypt-hidden kan inte kombineras med --allow-discards." +#: src/veritysetup.c:54 +msgid "Invalid salt string specified." +msgstr "Angav ogiltig saltsträng." -#: src/cryptsetup.c:3943 -msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." -msgstr "Flaggan --veracrypt eller --disable-veracrypt stöds endast för TCRYPT-enhetstyper." +#: src/veritysetup.c:87 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Kan inte skapa hashavbild %s för skrivning." -#: src/cryptsetup.c:3948 -msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." -msgstr "Flaggan --veracrypt-pim stöds endast för VeraCrypt-kompatibla enheter." +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Det går inte att skapa FEC-avbild %s för skrivning." -#: src/cryptsetup.c:3954 -msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." -msgstr "Flaggan --veracrypt-query-pim stöds endast för VeraCrypt-kompatibla enheter." - -#: src/cryptsetup.c:3958 -msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." -msgstr "Flaggorna --veracrypt-pim och --veracrypt-query-pim är ömsesidigt uteslutande." - -#: src/cryptsetup.c:3966 src/cryptsetup.c:4002 -msgid "Keyslot specification is required." -msgstr "Specifikation för nyckelplats krävs." - -#: src/cryptsetup.c:3971 src/cryptsetup_reencrypt.c:1694 -msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." -msgstr "Password-based key derivation function (PBKDF) kan endast vara pbkdf2 eller argon2i/argon2id." - -#: src/cryptsetup.c:3976 src/cryptsetup_reencrypt.c:1699 -msgid "PBKDF forced iterations cannot be combined with iteration time option." -msgstr "Tvingade PBKDF-iterationer går inte att kombinera med flaggan iteration time." - -#: src/cryptsetup.c:3983 -msgid "Sector size option with open action is supported only for plain devices." -msgstr "Flaggan för sektorstorlek med åtgärden öppna stöds endast för plain-enheter." - -#: src/cryptsetup.c:3990 -msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." -msgstr "Flaggan för stora IV-sektorer stöds endast för att öppna enheter av plain-typ med sektorstorlek större än 512 byte." - -#: src/cryptsetup.c:3996 -msgid "Key size is required with --unbound option." -msgstr "Nyckelstorlek krävs med flaggan --unbound." - -#: src/cryptsetup.c:4012 -msgid "LUKS2 decryption requires option --header." -msgstr "LUKS2-dekryptering kräver flaggan --header." - -#: src/cryptsetup.c:4016 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "Flaggan --reduce-device-size och --data-size kan inte kombineras." - -#: src/cryptsetup.c:4020 -msgid "Options --device-size and --size cannot be combined." -msgstr "Flaggan --device-size och --size kan inte kombineras." - -#: src/cryptsetup.c:4024 -msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." -msgstr "Flaggorna --keyslot-cipher och --keyslot-key-size måste användas tillsammans." - -#: src/cryptsetup.c:4028 -msgid "No action taken. Invoked with --test-args option.\n" -msgstr "Ingen åtgärd utfördes. Startades med flaggan --test-args\n" - -#: src/cryptsetup.c:4040 -msgid "Invalid token action." -msgstr "Ogiltig tokenåtgärd." - -#: src/cryptsetup.c:4045 -msgid "--key-description parameter is mandatory for token add action." -msgstr "parametern --key-description krävs för åtgärden lägg till token." - -#: src/cryptsetup.c:4051 -msgid "Action requires specific token. Use --token-id parameter." -msgstr "Åtgärden kräver specifik token. Använd parametern --token-id." - -#: src/cryptsetup.c:4062 -msgid "Cannot disable metadata locking." -msgstr "Det går inte att inaktivera metadatalås." - -#: src/veritysetup.c:54 -msgid "Invalid salt string specified." -msgstr "Angav ogiltig saltsträng." - -#: src/veritysetup.c:87 -#, c-format -msgid "Cannot create hash image %s for writing." -msgstr "Kan inte skapa hashavbild %s för skrivning." - -#: src/veritysetup.c:97 -#, c-format -msgid "Cannot create FEC image %s for writing." -msgstr "Det går inte att skapa FEC-avbild %s för skrivning." - -#: src/veritysetup.c:136 -#, c-format -msgid "Cannot create root hash file %s for writing." -msgstr "Kan inte skapa root-hashfil %s för skrivning." +#: src/veritysetup.c:136 +#, c-format +msgid "Cannot create root hash file %s for writing." +msgstr "Kan inte skapa root-hashfil %s för skrivning." #: src/veritysetup.c:143 #, c-format msgid "Cannot write to root hash file %s." msgstr "Det går inte att skriva till root-hash-filen %s." -#: src/veritysetup.c:210 src/veritysetup.c:227 +#: src/veritysetup.c:196 src/veritysetup.c:472 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Enheten %s är inte en giltig VERITY-enhet." + +#: src/veritysetup.c:213 src/veritysetup.c:230 #, c-format msgid "Cannot read root hash file %s." msgstr "Det går inte att läsa rot-hash-filen %s." -#: src/veritysetup.c:215 +#: src/veritysetup.c:218 #, c-format msgid "Invalid root hash file %s." msgstr "Ogiltig rothashsträng %s." -#: src/veritysetup.c:236 +#: src/veritysetup.c:239 msgid "Invalid root hash string specified." msgstr "Angav ogiltig rothashsträng." -#: src/veritysetup.c:244 +#: src/veritysetup.c:247 #, c-format msgid "Invalid signature file %s." msgstr "Ogiltig signaturfil %s." -#: src/veritysetup.c:251 +#: src/veritysetup.c:254 #, c-format msgid "Cannot read signature file %s." msgstr "Det går inte att läsa signaturfilen %s." -#: src/veritysetup.c:274 src/veritysetup.c:288 +#: src/veritysetup.c:277 src/veritysetup.c:291 msgid "Command requires or --root-hash-file option as argument." msgstr "Kommandot kräver eller flaggan --root-hash-file som argument." -#: src/veritysetup.c:478 +#: src/veritysetup.c:485 msgid " " msgstr " " -#: src/veritysetup.c:478 src/integritysetup.c:445 +#: src/veritysetup.c:485 src/integritysetup.c:534 msgid "format device" msgstr "formatera enhet" -#: src/veritysetup.c:479 +#: src/veritysetup.c:486 msgid " []" msgstr " " -#: src/veritysetup.c:479 +#: src/veritysetup.c:486 msgid "verify device" msgstr "verifiera enhet" -#: src/veritysetup.c:480 +#: src/veritysetup.c:487 msgid " []" msgstr " []" -#: src/veritysetup.c:482 src/integritysetup.c:448 +#: src/veritysetup.c:489 src/integritysetup.c:537 msgid "show active device status" msgstr "visa statistik för aktiv enhet" -#: src/veritysetup.c:483 +#: src/veritysetup.c:490 msgid "" msgstr "" -#: src/veritysetup.c:483 src/integritysetup.c:449 +#: src/veritysetup.c:490 src/integritysetup.c:538 msgid "show on-disk information" msgstr "visa information från disk" -#: src/veritysetup.c:502 +#: src/veritysetup.c:509 #, c-format msgid "" "\n" @@ -2802,7 +2790,7 @@ " är enheten som innehåller verifieringsdata\n" " hash för rotnoden på \n" -#: src/veritysetup.c:509 +#: src/veritysetup.c:516 #, c-format msgid "" "\n" @@ -2813,28 +2801,46 @@ "Inkompilerade standardparametrar för dm-verity:\n" "\tHash: %s, Datablock (byte): %u, Hashblock (byte): %u, Saltstorlek: %u, Hashformat: %u\n" -#: src/veritysetup.c:646 +#: src/veritysetup.c:654 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Flaggorna --ignore-corruption och --restart-on-corruption kan inte användas tillsammans." -#: src/veritysetup.c:651 +#: src/veritysetup.c:659 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Det går inte att använda flaggorna --panic-on-corruption och --restart-on-corruption tillsammans." -#: src/integritysetup.c:201 +#: src/integritysetup.c:177 +#, c-format +msgid "" +"This will overwrite data on %s and %s irrevocably.\n" +"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)." +msgstr "" +"Det här kommer oåterkalligen tatt skriva över data på %s och %s.\n" +"För att bevara dataenheten använd flaggan --no-wipe (och aktivera sedan med --integrity-recalculate).:w " + +#: src/integritysetup.c:212 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Formaterad med taggstorlek %u, intern integritet %s.\n" -#: src/integritysetup.c:445 src/integritysetup.c:449 +#: src/integritysetup.c:289 +msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." +msgstr "Att sätta flaggan för att räkna om stöds ej, överväg att använda --wipe istället." + +#: src/integritysetup.c:364 src/integritysetup.c:521 +#, c-format +msgid "Device %s is not a valid INTEGRITY device." +msgstr "Enheten %s är inte en giltig INTEGRITY-enhet." + +#: src/integritysetup.c:534 src/integritysetup.c:538 msgid "" msgstr "" -#: src/integritysetup.c:446 +#: src/integritysetup.c:535 msgid " " msgstr " " -#: src/integritysetup.c:468 +#: src/integritysetup.c:558 #, c-format msgid "" "\n" @@ -2845,7 +2851,7 @@ " är enheten att skapa under %s\n" " är enheten som innehåller data med integritetstaggar\n" -#: src/integritysetup.c:473 +#: src/integritysetup.c:563 #, c-format msgid "" "\n" @@ -2859,241 +2865,44 @@ "\tMaximal nyckelfilstorlek: %dkB\n" "\n" -#: src/integritysetup.c:530 +#: src/integritysetup.c:620 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "Ogiltig --%s-storlek. Maximal storlek är %u byte." -#: src/integritysetup.c:628 +#: src/integritysetup.c:720 msgid "Both key file and key size options must be specified." msgstr "Både flaggor för nyckelfil och nyckelstorlek måste specifiiceras." -#: src/integritysetup.c:632 +#: src/integritysetup.c:724 msgid "Both journal integrity key file and key size options must be specified." msgstr "Både flaggor för nyckelfil för journalintegritet och nyckelstorlek måste specificeras." -#: src/integritysetup.c:635 +#: src/integritysetup.c:727 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Integritetsalgoritm för journal måste anges om integritetsnyckel för journal används." -#: src/integritysetup.c:639 +#: src/integritysetup.c:731 msgid "Both journal encryption key file and key size options must be specified." msgstr "Både flaggor för nyckelfil för journalkryptering och nyckelstorlek måste specificeras." -#: src/integritysetup.c:642 +#: src/integritysetup.c:734 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Krypteringsalgoritm för journal måste anges om integritetsnyckel för journal används." -#: src/integritysetup.c:646 +#: src/integritysetup.c:738 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "Flaggorna för återställning- och bitmap-läge är ömsesidigt uteslutande." -#: src/integritysetup.c:653 +#: src/integritysetup.c:745 msgid "Journal options cannot be used in bitmap mode." msgstr "Det går inte att använda journalflaggor i bitmap-läge." -#: src/integritysetup.c:658 +#: src/integritysetup.c:750 msgid "Bitmap options can be used only in bitmap mode." msgstr "Flaggan för integritet kan endast användas i bitmap-läge." -#: src/cryptsetup_reencrypt.c:149 -msgid "Reencryption already in-progress." -msgstr "Omkryptering pågår redan." - -#: src/cryptsetup_reencrypt.c:185 -#, c-format -msgid "Cannot exclusively open %s, device in use." -msgstr "Kan inte öppna %s exklusivt, enheten används." - -#: src/cryptsetup_reencrypt.c:199 src/cryptsetup_reencrypt.c:1120 -msgid "Allocation of aligned memory failed." -msgstr "Misslyckades med allokering av justerat minne." - -#: src/cryptsetup_reencrypt.c:206 -#, c-format -msgid "Cannot read device %s." -msgstr "Det går inte att läsa enheten %s." - -#: src/cryptsetup_reencrypt.c:217 -#, c-format -msgid "Marking LUKS1 device %s unusable." -msgstr "Markerar LUKS1-enhet %s som oanvändbar." - -#: src/cryptsetup_reencrypt.c:221 -#, c-format -msgid "Setting LUKS2 offline reencrypt flag on device %s." -msgstr "Sätter LUKS2-flaggan för att kryptera om på enheten %s." - -#: src/cryptsetup_reencrypt.c:238 -#, c-format -msgid "Cannot write device %s." -msgstr "Det går inte att skriva till enheten %s." - -#: src/cryptsetup_reencrypt.c:286 -msgid "Cannot write reencryption log file." -msgstr "Det går inte att skriva loggfil för omkryptering." - -#: src/cryptsetup_reencrypt.c:342 -msgid "Cannot read reencryption log file." -msgstr "Det går inte att läsa loggfil för omkryptering." - -#: src/cryptsetup_reencrypt.c:353 -msgid "Wrong log format." -msgstr "Fel loggformat." - -#: src/cryptsetup_reencrypt.c:380 -#, c-format -msgid "Log file %s exists, resuming reencryption.\n" -msgstr "Loggfilen %s existerar, återupptar kryptering.\n" - -#: src/cryptsetup_reencrypt.c:429 -msgid "Activating temporary device using old LUKS header." -msgstr "Aktiverar temporär enhet användandes gammalt LUKS-huvud." - -#: src/cryptsetup_reencrypt.c:439 -msgid "Activating temporary device using new LUKS header." -msgstr "Aktiverar temporär enhet användandes nytt LUKS-huvud." - -#: src/cryptsetup_reencrypt.c:449 -msgid "Activation of temporary devices failed." -msgstr "Aktivering av temporära enheter misslyckades." - -#: src/cryptsetup_reencrypt.c:536 -msgid "Failed to set data offset." -msgstr "Misslyckades med att sätta dataoffset." - -#: src/cryptsetup_reencrypt.c:542 -msgid "Failed to set metadata size." -msgstr "Misslyckades med att sätta metadatastorlek." - -#: src/cryptsetup_reencrypt.c:550 -#, c-format -msgid "New LUKS header for device %s created." -msgstr "Skapade nytt LUKS-huvud för enhet %s." - -#: src/cryptsetup_reencrypt.c:610 -#, c-format -msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." -msgstr "Denna version av cryptsetup-reencrypt kan inte hantera ny interna tokentypen %s." - -#: src/cryptsetup_reencrypt.c:632 -msgid "Failed to read activation flags from backup header." -msgstr "Misslyckades med att läsa aktiveringsflaggor från säkerhetskopia av huvud." - -#: src/cryptsetup_reencrypt.c:636 -msgid "Failed to write activation flags to new header." -msgstr "Misslyckades med att skriva aktiveringsflaggor till nytt huvud." - -#: src/cryptsetup_reencrypt.c:640 src/cryptsetup_reencrypt.c:644 -msgid "Failed to read requirements from backup header." -msgstr "Misslyckades med att läsa krav från säkerhetskopiehuvud." - -#: src/cryptsetup_reencrypt.c:682 -#, c-format -msgid "%s header backup of device %s created." -msgstr "Skapade säkerhetskopia av %s-huvud på enhet %s." - -#: src/cryptsetup_reencrypt.c:745 -msgid "Creation of LUKS backup headers failed." -msgstr "Misslyckades med att skapa en säkerhetskopia av LUKS-huvuden." - -#: src/cryptsetup_reencrypt.c:878 -#, c-format -msgid "Cannot restore %s header on device %s." -msgstr "Det går inte återställa %s-huvudet på enheten %s." - -#: src/cryptsetup_reencrypt.c:880 -#, c-format -msgid "%s header on device %s restored." -msgstr "Återställde %s-huvudet på enheten %s." - -#: src/cryptsetup_reencrypt.c:1092 src/cryptsetup_reencrypt.c:1098 -msgid "Cannot open temporary LUKS device." -msgstr "Misslyckades med att öppna temporär LUKS-enhet." - -#: src/cryptsetup_reencrypt.c:1103 src/cryptsetup_reencrypt.c:1108 -msgid "Cannot get device size." -msgstr "Det går inte att hämta enhetsstorlek." - -#: src/cryptsetup_reencrypt.c:1143 -msgid "IO error during reencryption." -msgstr "In-/utfel under återkryptering." - -#: src/cryptsetup_reencrypt.c:1174 -msgid "Provided UUID is invalid." -msgstr "Angivet UUID är ogiltigt." - -#: src/cryptsetup_reencrypt.c:1408 -msgid "Cannot open reencryption log file." -msgstr "Det går inte att öppna loggfilen för omkryptering." - -#: src/cryptsetup_reencrypt.c:1414 -msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." -msgstr "Ingen dekryptering pågår, givet UUID kan endast användas för att återuppta vilande dekrypteringsprocess." - -#: src/cryptsetup_reencrypt.c:1489 -#, c-format -msgid "Changed pbkdf parameters in keyslot %i." -msgstr "Ändrade pbkdf-parametrarna i nyckelplatsen %i." - -#: src/cryptsetup_reencrypt.c:1614 -msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "Endast värden mellan 1 MiB och 64 MiB är tillåtna som blockstorlek för omkryptering." - -#: src/cryptsetup_reencrypt.c:1628 -msgid "Maximum device reduce size is 64 MiB." -msgstr "Högsta förminskningsstorlek för enhet är 64 MiB." - -#: src/cryptsetup_reencrypt.c:1669 -msgid "[OPTION...] " -msgstr "[FLAGGA…] " - -#: src/cryptsetup_reencrypt.c:1677 -#, c-format -msgid "Reencryption will change: %s%s%s%s%s%s." -msgstr "Omkryptering kommer att ändra: %s%s%s%s%s%s." - -#: src/cryptsetup_reencrypt.c:1678 -msgid "volume key" -msgstr "volymnyckeln" - -#: src/cryptsetup_reencrypt.c:1680 -msgid "set hash to " -msgstr "sätt hash till " - -#: src/cryptsetup_reencrypt.c:1681 -msgid ", set cipher to " -msgstr ", sätt chiffer till " - -#: src/cryptsetup_reencrypt.c:1685 -msgid "Argument required." -msgstr "Kräver argument." - -#: src/cryptsetup_reencrypt.c:1712 -msgid "Option --new must be used together with --reduce-device-size or --header." -msgstr "Flaggan --new måste användas tillsammans med --reduce-device-size eller --header." - -#: src/cryptsetup_reencrypt.c:1716 -msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." -msgstr "Flaggan --keep-key kan endast användas med --hash, --iter-time eller --pbkdf-force-iterations." - -#: src/cryptsetup_reencrypt.c:1720 -msgid "Option --new cannot be used together with --decrypt." -msgstr "Flaggan --new kan inte användas tillsammans med --decrypt." - -#: src/cryptsetup_reencrypt.c:1726 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "Flaggan --decrypt är inkompatibel med specificerade parametrar." - -#: src/cryptsetup_reencrypt.c:1730 -msgid "Option --uuid is allowed only together with --decrypt." -msgstr "Flaggan --uuid är endast tillåten tillsammans med --decrypt." - -#: src/cryptsetup_reencrypt.c:1734 -msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." -msgstr "Ogiltig luks-typ. Använd en av dessa: 'luks', 'luks1' or 'luks2'." - -#: src/utils_tools.c:119 +#: src/utils_tools.c:118 msgid "" "\n" "WARNING!\n" @@ -3104,7 +2913,7 @@ "========\n" #. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word. -#: src/utils_tools.c:121 +#: src/utils_tools.c:120 #, c-format msgid "" "%s\n" @@ -3115,147 +2924,173 @@ "\n" "Är du säker (Ange 'yes' i versaler): " -#: src/utils_tools.c:127 +#: src/utils_tools.c:126 msgid "Error reading response from terminal." msgstr "Fel vid läsning av svar från terminal." -#: src/utils_tools.c:159 +#: src/utils_tools.c:158 msgid "Command successful." msgstr "Kommandot lyckades." -#: src/utils_tools.c:167 +#: src/utils_tools.c:166 msgid "wrong or missing parameters" msgstr "fel eller saknar parametrar" -#: src/utils_tools.c:169 +#: src/utils_tools.c:168 msgid "no permission or bad passphrase" msgstr "ingen behörighet eller dålig lösenfras" -#: src/utils_tools.c:171 +#: src/utils_tools.c:170 msgid "out of memory" msgstr "slut på minne" -#: src/utils_tools.c:173 +#: src/utils_tools.c:172 msgid "wrong device or file specified" msgstr "angav fel enhet eller fil" -#: src/utils_tools.c:175 +#: src/utils_tools.c:174 msgid "device already exists or device is busy" msgstr "enheten existerar redan eller så är enheten upptagen" -#: src/utils_tools.c:177 +#: src/utils_tools.c:176 msgid "unknown error" msgstr "okänt fel" -#: src/utils_tools.c:179 +#: src/utils_tools.c:178 #, c-format msgid "Command failed with code %i (%s)." msgstr "Kommandot misslyckades med kod %i (%s)." -#: src/utils_tools.c:257 +#: src/utils_tools.c:256 #, c-format msgid "Key slot %i created." msgstr "Nyckelplats %i är ändrad." -#: src/utils_tools.c:259 +#: src/utils_tools.c:258 #, c-format msgid "Key slot %i unlocked." msgstr "Nyckelplats %i är upplåst." -#: src/utils_tools.c:261 +#: src/utils_tools.c:260 #, c-format msgid "Key slot %i removed." msgstr "Nyckelplats %i är upplåst." -#: src/utils_tools.c:270 +#: src/utils_tools.c:269 #, c-format msgid "Token %i created." msgstr "Token %i används." -#: src/utils_tools.c:272 +#: src/utils_tools.c:271 #, c-format msgid "Token %i removed." msgstr "Token %i används." -#: src/utils_tools.c:282 +#: src/utils_tools.c:281 msgid "No token could be unlocked with this PIN." msgstr "Ingen token kunde låsas upp med denna PIN." -#: src/utils_tools.c:284 +#: src/utils_tools.c:283 #, c-format msgid "Token %i requires PIN." msgstr "Token %i kräver PIN." -#: src/utils_tools.c:286 +#: src/utils_tools.c:285 #, c-format msgid "Token (type %s) requires PIN." msgstr "Token (type %s) kräver PIN." -#: src/utils_tools.c:289 +#: src/utils_tools.c:288 #, c-format msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." msgstr "Token %i kan inte låsa upp tilldelade nyckelplatser (felaktigt lösenord)." -#: src/utils_tools.c:291 +#: src/utils_tools.c:290 #, c-format msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." msgstr "Token (typ %s) kan inte låsa upp tilldelade nyckelplatser (felaktigt lösenord)." -#: src/utils_tools.c:294 +#: src/utils_tools.c:293 #, c-format msgid "Token %i requires additional missing resource." msgstr "Token %i kräver en saknad resurs." -#: src/utils_tools.c:296 +#: src/utils_tools.c:295 #, c-format msgid "Token (type %s) requires additional missing resource." msgstr "Token (typ %s) kräver en saknad resurs." -#: src/utils_tools.c:299 +#: src/utils_tools.c:298 #, c-format msgid "No usable token (type %s) is available." msgstr "Ingen användbar token (typ %s) tillgänglig." -#: src/utils_tools.c:301 +#: src/utils_tools.c:300 msgid "No usable token is available." msgstr "Ingen användbar token tillgänglig." -#: src/utils_tools.c:463 -msgid "" -"\n" -"Wipe interrupted." -msgstr "" -"\n" -"Skrivning avbruten." - -#: src/utils_tools.c:492 -msgid "" -"\n" -"Reencryption interrupted." -msgstr "" -"\n" -"Omkryptering avbryten." - -#: src/utils_tools.c:511 +#: src/utils_tools.c:393 #, c-format msgid "Cannot read keyfile %s." msgstr "Det går inte att läsa nyckelfilen %s." -#: src/utils_tools.c:516 +#: src/utils_tools.c:398 #, c-format msgid "Cannot read %d bytes from keyfile %s." msgstr "Det går inte att läsa %d byte från nyckelfilen %s." -#: src/utils_tools.c:541 +#: src/utils_tools.c:423 #, c-format msgid "Cannot open keyfile %s for write." msgstr "Det går inte att öppna nyckelfilen %s för skrivning." -#: src/utils_tools.c:548 +#: src/utils_tools.c:430 #, c-format msgid "Cannot write to keyfile %s." msgstr "Det går inte att skriva till nyckelfilen %s." +#: src/utils_progress.c:74 +#, c-format +msgid "%02m%02s" +msgstr "%02m%02s" + +#: src/utils_progress.c:76 +#, c-format +msgid "%02h%02m%02s" +msgstr "%02t%02m%02s" + +#: src/utils_progress.c:78 +#, c-format +msgid "%02 days" +msgstr "%02 dagar" + +#: src/utils_progress.c:105 src/utils_progress.c:138 +#, c-format +msgid "%4 %s written" +msgstr "skrev %4 %s" + +#: src/utils_progress.c:109 src/utils_progress.c:142 +#, c-format +msgid "speed %5.1f %s/s" +msgstr "hastighet %5.1f %s/s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. 'eol' is always new-line or empty. +#. See above. +#. +#: src/utils_progress.c:118 +#, c-format +msgid "Progress: %5.1f%%, ETA %s, %s, %s%s" +msgstr "Förlopp: %5.1f%%, ETA %s, %s, %s%s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. See above +#. +#: src/utils_progress.c:150 +#, c-format +msgid "Finished, time %s, %s, %s\n" +msgstr "Avslutad, tid %s, %s, %s\n" + #: src/utils_password.c:41 src/utils_password.c:74 #, c-format msgid "Cannot check password quality: %s" @@ -3275,54 +3110,58 @@ msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Misslyckades med kvalitetskontroll av lösenord: Dålig lösenfras (%s)" -#: src/utils_password.c:224 src/utils_password.c:238 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Fel vid läsning av lösenfras från terminal." -#: src/utils_password.c:236 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Verifiera lösenfras: " -#: src/utils_password.c:243 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "Lösenfraserna stämmer inte överens." -#: src/utils_password.c:280 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Det går inte att använda offset med terminalinmatning." -#: src/utils_password.c:283 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "Ange lösenfras: " -#: src/utils_password.c:286 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "Ange lösenfras för %s: " -#: src/utils_password.c:317 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "Ingen nyckel finns tillgänglig med denna lösenfras." -#: src/utils_password.c:319 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Ingen tillgänglig användbar nyckelplats." -#: src/utils_luks2.c:47 +#: src/utils_luks.c:67 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Kan inte verifiera lösenfras på icke-tty-ingångar." + +#: src/utils_luks.c:182 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Misslyckades med att öppna filen %s i skrivskyddat läge." -#: src/utils_luks2.c:60 +#: src/utils_luks.c:195 msgid "Provide valid LUKS2 token JSON:\n" msgstr "Tillhandahåll giltig JSON för LUKS2-token:\n" -#: src/utils_luks2.c:67 +#: src/utils_luks.c:202 msgid "Failed to read JSON file." msgstr "Misslyckades med att läsa in JSON-filen." -#: src/utils_luks2.c:72 +#: src/utils_luks.c:207 msgid "" "\n" "Read interrupted." @@ -3330,12 +3169,12 @@ "\n" "Läsning avbryten." -#: src/utils_luks2.c:113 +#: src/utils_luks.c:248 #, c-format msgid "Failed to open file %s in write mode." msgstr "Misslyckades med att öppna filen %s in skrivläge." -#: src/utils_luks2.c:122 +#: src/utils_luks.c:257 msgid "" "\n" "Write interrupted." @@ -3343,54 +3182,409 @@ "\n" "Skrivning avbruten." -#: src/utils_luks2.c:126 +#: src/utils_luks.c:261 msgid "Failed to write JSON file." msgstr "Misslyckades med att skriva JSON-fil." -#: src/utils_blockdev.c:192 +#: src/utils_reencrypt.c:120 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Auto-identifierade aktiv dm-enhet ”%s” för dataenheten %s.\n" + +#: src/utils_reencrypt.c:124 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Misslyckades med att identifiera kopplingarna till enhet %s." + +#: src/utils_reencrypt.c:130 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Enheten %s är inte en giltig blockenhet.\n" + +#: src/utils_reencrypt.c:132 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Det går inte att avgöra om enheten %s är aktiverade eller ej.\n" +"Är du säker på att du vill fortsätta kryptera om i frånkopplat läge?\n" +"Det kan leda till datakorruption om enheten är aktiverad.\n" +"För att kryptera om i uppkopplat läge, använd istället flaggan --active-name.\n" + +#: src/utils_reencrypt.c:175 +msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." +msgstr "Enheten är inte under LUKS2-omkryptering. Motsägelsefull flagga --encrypt." + +#: src/utils_reencrypt.c:180 +msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." +msgstr "Enheten är inte i LUKS2-dekryptering. Motsägelsefull flagga --decrypt." + +#: src/utils_reencrypt.c:187 +msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." +msgstr "Enheten är under omkryptering med dataskiftåterhämtning. Begärd flagga --resillence kan inte tillämpas." + +#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 +#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Begärd flagga --resilience kan inte tillämpas på aktuell omkrypteringsåtgärd." + +#: src/utils_reencrypt.c:258 +msgid "Device requires reencryption recovery. Run repair first." +msgstr "Enheten kräver omkrypteringsåterställning. Starta repair först." + +#: src/utils_reencrypt.c:268 +#, c-format +msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" +msgstr "Enheten %s är redan under LUKS2-omkryptering. Vill du återuppta tidigare intierad åtgärd?" + +#: src/utils_reencrypt.c:314 +msgid "Legacy LUKS2 reencryption is no longer supported." +msgstr "Stöder inte längre föråldrad LUKS2-omkryptering." + +#: src/utils_reencrypt.c:379 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Kryptering för enhet med integritetsprofil stöds ej." + +#: src/utils_reencrypt.c:410 +#, c-format +msgid "" +"Requested --sector-size % is incompatible with %s superblock\n" +"(block size: % bytes) detected on device %s." +msgstr "" +"Begärde --sector-size % är inkompatibel med superblock %s\n" +"(blockstorlek: % byte) identifierad på enheten %s." + +#: src/utils_reencrypt.c:455 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Kryptering utan frånkopplat huvud (--header) är inte möjligt utan att minska datastorleken på enheten (--reduce-device-size)." + +#: src/utils_reencrypt.c:461 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Begärd dataförskjutning måste vara mindre än, eller lika med halva av parametern --reduce-device-size." + +#: src/utils_reencrypt.c:471 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Justera värdet av --reduce-device-size-värdet till dubbla --offset % (sektorer).\n" + +#: src/utils_reencrypt.c:501 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Tillfällig huvudfil %s finns redan. Avbryter." + +#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Det går inte att skapa tillfällig huvudfil %s." + +#: src/utils_reencrypt.c:535 +msgid "LUKS2 metadata size is larger than data shift value." +msgstr "LUKS2-metadatastorleken är större än dataskift-värdet." + +#: src/utils_reencrypt.c:572 +#, c-format +msgid "Failed to place new header at head of device %s." +msgstr "Misslyckades med att placera ny header i början på enheten %s." + +#: src/utils_reencrypt.c:582 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s är nu aktiv och redo för uppkopplad kryptering.\n" + +#: src/utils_reencrypt.c:618 +#, c-format +msgid "Active device %s is not LUKS2." +msgstr "Aktiva enheten: %s är inte LUKS2." + +#: src/utils_reencrypt.c:646 +msgid "Restoring original LUKS2 header." +msgstr "Återställer ursprungligt LUKS2-huvud." + +#: src/utils_reencrypt.c:654 +msgid "Original LUKS2 header restore failed." +msgstr "Misslyckades med återställning av ursprungligt LUKS2-huvud." + +#: src/utils_reencrypt.c:722 +msgid "Failed to add read/write permissions to exported header file." +msgstr "Misslyckades med att läsa/skriva behörighetsflaggor till exporterad huvudfil." + +#: src/utils_reencrypt.c:775 +#, c-format +msgid "Reencryption initialization failed. Header backup is available in %s." +msgstr "Misslyckades med initiering av omkryptering. Säkerhetskopian av huvudet är tillgänglig i %s." + +#: src/utils_reencrypt.c:803 +msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." +msgstr "LUKS2-dekryptering stöds endast för enheter med fristående header (med data-offset satt till 0)." + +#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +msgid "Not enough free keyslots for reencryption." +msgstr "Inte nog med fria nyckelplatser för omkryptering." + +#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Nyckelfil kan endast användas med --key-slot eller precis en aktiv nyckelplats." + +#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt_luks1.c:1158 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Ange lösenfras för nyckelplats %d: " + +#: src/utils_reencrypt.c:985 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Ange lösenfras för nyckelplats %u: " + +#: src/utils_reencrypt.c:1037 +#, c-format +msgid "Switching data encryption cipher to %s.\n" +msgstr "Byter krypteringschiffer till %s.\n" + +#: src/utils_reencrypt.c:1091 +msgid "No data segment parameters changed. Reencryption aborted." +msgstr "Inga parametrar för datasegment ändrades. Omkryptering avbruten." + +#: src/utils_reencrypt.c:1187 +msgid "" +"Encryption sector size increase on offline device is not supported.\n" +"Activate the device first or use --force-offline-reencrypt option (dangerous!)." +msgstr "" +"Ökning av sektorstorlek för kryptering på en frånkopplad enhet stöds ej.\n" +"Aktivera enheten för eller använd flaggan --force-offline-reencrypt (farligt!)." + +#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt_luks1.c:798 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Omkryptering avbryten." + +#: src/utils_reencrypt.c:1232 +msgid "Resuming LUKS reencryption in forced offline mode.\n" +msgstr "Återupptar LUKS-omkryptering i tvingat frånkopplat läge.\n" + +#: src/utils_reencrypt.c:1249 +#, c-format +msgid "Device %s contains broken LUKS metadata. Aborting operation." +msgstr "Enheten %s innehåller felaktig LUKS-metadata. Avbryter åtgärden." + +#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#, c-format +msgid "Device %s is already LUKS device. Aborting operation." +msgstr "Enheten %s är redan en LUKS-enhet. Avbryter åtgärd." + +#: src/utils_reencrypt.c:1293 +#, c-format +msgid "Device %s is already in LUKS reencryption. Aborting operation." +msgstr "Enheten %s är redan i LUKS-omkryptering. Avbryter åtgärd." + +#: src/utils_reencrypt.c:1366 +msgid "LUKS2 decryption requires --header option." +msgstr "LUKS2-dekryptering kräver flaggan --header." + +#: src/utils_reencrypt.c:1414 +msgid "Command requires device as argument." +msgstr "Kommandot kräver en enhet som argument." + +#: src/utils_reencrypt.c:1427 +#, c-format +msgid "Conflicting versions. Device %s is LUKS1." +msgstr "Versionskonflikt. Enheten %s är LUKS1." + +#: src/utils_reencrypt.c:1433 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS1 reencryption." +msgstr "Versionskonflikt. Enheten %s är under LUKS2-omkryptering." + +#: src/utils_reencrypt.c:1439 +#, c-format +msgid "Conflicting versions. Device %s is LUKS2." +msgstr "Versionskonflikt. Enheten %s är LUKS2." + +#: src/utils_reencrypt.c:1445 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS2 reencryption." +msgstr "Versionskonflikt: Enheten %s är under LUKS2-omkryptering." + +#: src/utils_reencrypt.c:1451 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "LUKS2-omkryptering är redan initierad. Avbryter åtgärd." + +#: src/utils_reencrypt.c:1458 +msgid "Device reencryption not in progress." +msgstr "Enhetsomkryptering pågår ej" + +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Kan inte öppna %s exklusivt, enheten används." + +#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945 +msgid "Allocation of aligned memory failed." +msgstr "Misslyckades med allokering av justerat minne." + +#: src/utils_reencrypt_luks1.c:150 +#, c-format +msgid "Cannot read device %s." +msgstr "Det går inte att läsa enheten %s." + +#: src/utils_reencrypt_luks1.c:161 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Markerar LUKS1-enhet %s som oanvändbar." + +#: src/utils_reencrypt_luks1.c:177 +#, c-format +msgid "Cannot write device %s." +msgstr "Det går inte att skriva till enheten %s." + +#: src/utils_reencrypt_luks1.c:226 +msgid "Cannot write reencryption log file." +msgstr "Det går inte att skriva loggfil för omkryptering." + +#: src/utils_reencrypt_luks1.c:282 +msgid "Cannot read reencryption log file." +msgstr "Det går inte att läsa loggfil för omkryptering." + +#: src/utils_reencrypt_luks1.c:293 +msgid "Wrong log format." +msgstr "Fel loggformat." + +#: src/utils_reencrypt_luks1.c:320 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Loggfilen %s existerar, återupptar kryptering.\n" + +#: src/utils_reencrypt_luks1.c:369 +msgid "Activating temporary device using old LUKS header." +msgstr "Aktiverar temporär enhet användandes gammalt LUKS-huvud." + +#: src/utils_reencrypt_luks1.c:379 +msgid "Activating temporary device using new LUKS header." +msgstr "Aktiverar temporär enhet användandes nytt LUKS-huvud." + +#: src/utils_reencrypt_luks1.c:389 +msgid "Activation of temporary devices failed." +msgstr "Aktivering av temporära enheter misslyckades." + +#: src/utils_reencrypt_luks1.c:449 +msgid "Failed to set data offset." +msgstr "Misslyckades med att sätta dataoffset." + +#: src/utils_reencrypt_luks1.c:455 +msgid "Failed to set metadata size." +msgstr "Misslyckades med att sätta metadatastorlek." + +#: src/utils_reencrypt_luks1.c:463 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Skapade nytt LUKS-huvud för enhet %s." + +#: src/utils_reencrypt_luks1.c:500 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Skapade säkerhetskopia av %s-huvud på enhet %s." + +#: src/utils_reencrypt_luks1.c:556 +msgid "Creation of LUKS backup headers failed." +msgstr "Misslyckades med att skapa en säkerhetskopia av LUKS-huvuden." + +#: src/utils_reencrypt_luks1.c:685 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Det går inte återställa %s-huvudet på enheten %s." + +#: src/utils_reencrypt_luks1.c:687 +#, c-format +msgid "%s header on device %s restored." +msgstr "Återställde %s-huvudet på enheten %s." + +#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923 +msgid "Cannot open temporary LUKS device." +msgstr "Misslyckades med att öppna temporär LUKS-enhet." + +#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933 +msgid "Cannot get device size." +msgstr "Det går inte att hämta enhetsstorlek." + +#: src/utils_reencrypt_luks1.c:968 +msgid "IO error during reencryption." +msgstr "In-/utfel under återkryptering." + +#: src/utils_reencrypt_luks1.c:998 +msgid "Provided UUID is invalid." +msgstr "Angivet UUID är ogiltigt." + +#: src/utils_reencrypt_luks1.c:1220 +msgid "Cannot open reencryption log file." +msgstr "Det går inte att öppna loggfilen för omkryptering." + +#: src/utils_reencrypt_luks1.c:1226 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Ingen dekryptering pågår, givet UUID kan endast användas för att återuppta vilande dekrypteringsprocess." + +#: src/utils_reencrypt_luks1.c:1280 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Omkryptering kommer att ändra: %s%s%s%s%s%s." + +#: src/utils_reencrypt_luks1.c:1281 +msgid "volume key" +msgstr "volymnyckeln" + +#: src/utils_reencrypt_luks1.c:1283 +msgid "set hash to " +msgstr "sätt hash till " + +#: src/utils_reencrypt_luks1.c:1284 +msgid ", set cipher to " +msgstr ", sätt chiffer till " + +#: src/utils_blockdev.c:189 #, c-format msgid "WARNING: Device %s already contains a '%s' partition signature.\n" msgstr "VARNING: Enheten %s innehåller redan en ”%s”-partitionssignatur.\n" -#: src/utils_blockdev.c:200 +#: src/utils_blockdev.c:197 #, c-format msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "VARNING: Enheten %s innehåller redan en ”%s”-superblocksignatur.\n" -#: src/utils_blockdev.c:221 src/utils_blockdev.c:285 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 msgid "Failed to initialize device signature probes." msgstr "Misslyckades med att initiera identifiering av enhetssignatur." -#: src/utils_blockdev.c:265 +#: src/utils_blockdev.c:274 #, c-format msgid "Failed to stat device %s." msgstr "Misslyckades med att ta status på enhet %s." -#: src/utils_blockdev.c:278 -#, c-format -msgid "Device %s is in use. Cannot proceed with format operation." -msgstr "Enheten %s används. Det går inte att fortsätta med formateringsåtgärden." - -#: src/utils_blockdev.c:280 +#: src/utils_blockdev.c:289 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Misslyckades med att öppna filen %s i läs-/skrivläge." -#: src/utils_blockdev.c:294 +#: src/utils_blockdev.c:307 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "Kommer att rensa befintlig ”%s” på enheten %s." -#: src/utils_blockdev.c:297 +#: src/utils_blockdev.c:310 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "Kommer att rensa befintlig ”%s” på enheten %s." -#: src/utils_blockdev.c:300 +#: src/utils_blockdev.c:313 msgid "Failed to wipe device signature." msgstr "Misslyckades med att radera enhetssignatur." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:320 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Misslyckades med söka av enheten %s efter en signatur." @@ -3400,16 +3594,16 @@ msgid "Invalid size specification in parameter --%s." msgstr "Ogiltig datastorlekspecifikation i flaggan --%s." -#: src/utils_args.c:121 +#: src/utils_args.c:125 #, c-format msgid "Option --%s is not allowed with %s action." msgstr "Flaggan --%s tillåts inte med åtgärden --%s." -#: tokens/ssh/cryptsetup-ssh.c:108 +#: tokens/ssh/cryptsetup-ssh.c:110 msgid "Failed to write ssh token json." msgstr "Misslyckades med att skriva ssh-token i json." -#: tokens/ssh/cryptsetup-ssh.c:126 +#: tokens/ssh/cryptsetup-ssh.c:128 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3425,110 +3619,110 @@ "\n" "Observera: Information som anges när token läggs till (SSH-serverns, adress, användare och sökvägar) kommer att lagras i LUKS2-headern i klartext." -#: tokens/ssh/cryptsetup-ssh.c:136 +#: tokens/ssh/cryptsetup-ssh.c:138 msgid " " msgstr "<åtgärd> " -#: tokens/ssh/cryptsetup-ssh.c:139 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "Options for the 'add' action:" msgstr "Flaggor för åtgärden ”add”:" -#: tokens/ssh/cryptsetup-ssh.c:140 +#: tokens/ssh/cryptsetup-ssh.c:142 msgid "IP address/URL of the remote server for this token" msgstr "Fjärrserverns IP-adress/URL för denna token" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:143 msgid "Username used for the remote server" msgstr "Användarnamn för fjärrservern" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:144 msgid "Path to the key file on the remote server" msgstr "Sökvägen till nyckelfilen på fjärrservern" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:145 msgid "Path to the SSH key for connecting to the remote server" msgstr "Sökväg till SSH-nyckeln för anslutning till fjärrservern" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:146 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Nyckelplats att ange token till. Om ej angiven så kommer token att tilldelas till den första nyckelplats som matchar angivet lösenfras." -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:148 msgid "Generic options:" msgstr "Allmänna flaggor:" -#: tokens/ssh/cryptsetup-ssh.c:147 +#: tokens/ssh/cryptsetup-ssh.c:149 msgid "Shows more detailed error messages" msgstr "Visar mer detaljerade felmeddelanden" -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:150 msgid "Show debug messages" msgstr "Visa felsökningsmeddelanden" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "Show debug messages including JSON metadata" msgstr "Visa felsökningsmeddelanden inklusive JSON-metadata" -#: tokens/ssh/cryptsetup-ssh.c:260 +#: tokens/ssh/cryptsetup-ssh.c:262 msgid "Failed to open and import private key:\n" msgstr "Misslyckades med att öppna och importera privat nyckel:\n" -#: tokens/ssh/cryptsetup-ssh.c:264 +#: tokens/ssh/cryptsetup-ssh.c:266 msgid "Failed to import private key (password protected?).\n" msgstr "Misslyckades med att importera privat nyckel (lösenordskyddad?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:268 #, c-format msgid "%s@%s's password: " msgstr "%s@%s's lösenord: " -#: tokens/ssh/cryptsetup-ssh.c:355 +#: tokens/ssh/cryptsetup-ssh.c:357 #, c-format msgid "Failed to parse arguments.\n" msgstr "Misslyckades med att tolka argument.\n" -#: tokens/ssh/cryptsetup-ssh.c:366 +#: tokens/ssh/cryptsetup-ssh.c:368 #, c-format msgid "An action must be specified\n" msgstr "En åtgärd måste anges\n" -#: tokens/ssh/cryptsetup-ssh.c:372 +#: tokens/ssh/cryptsetup-ssh.c:374 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "En enhet måste anges för åtgärden ”%s”.\n" -#: tokens/ssh/cryptsetup-ssh.c:377 +#: tokens/ssh/cryptsetup-ssh.c:379 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "SSH-servern måste anges för åtgärden ”%s”.\n" -#: tokens/ssh/cryptsetup-ssh.c:382 +#: tokens/ssh/cryptsetup-ssh.c:384 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "SSH-användare måste anges för åtgärden ”%s”.\n" -#: tokens/ssh/cryptsetup-ssh.c:387 +#: tokens/ssh/cryptsetup-ssh.c:389 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "SSH-sökväg måste anges för åtgärden ”%s”.\n" -#: tokens/ssh/cryptsetup-ssh.c:392 +#: tokens/ssh/cryptsetup-ssh.c:394 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "SSH-nyckelplats måste anges för åtgärden ”%s”.\n" -#: tokens/ssh/cryptsetup-ssh.c:399 +#: tokens/ssh/cryptsetup-ssh.c:401 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "Misslyckades med att öppna %s med tillhandahållna autentiseringsuppgifter.\n" -#: tokens/ssh/cryptsetup-ssh.c:415 +#: tokens/ssh/cryptsetup-ssh.c:417 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "Endast åtgärden ”add” stöds för närvarande av denna insticksmodul.\n" -#: tokens/ssh/ssh-utils.c:46 tokens/ssh/ssh-utils.c:59 +#: tokens/ssh/ssh-utils.c:46 msgid "Cannot create sftp session: " msgstr "Det går inte att skapa sftp-sessionen: " @@ -3536,6 +3730,10 @@ msgid "Cannot init sftp session: " msgstr "Det går inte att initiera sftp-sessionen: " +#: tokens/ssh/ssh-utils.c:59 +msgid "Cannot open sftp session: " +msgstr "Det går inte att öppna sftp-sessionen:" + #: tokens/ssh/ssh-utils.c:66 msgid "Cannot stat sftp file: " msgstr "Det går inte att stat sftp-filen: " @@ -3564,6 +3762,81 @@ msgid "Public key authentication error: " msgstr "Autentiseringsfel för öppen nyckel: " +#~ msgid "Failed to read BITLK signature from %s." +#~ msgstr "Misslyckades med att läsa BITLK-signatur från %s." + +#~ msgid "Invalid or unknown signature for BITLK device." +#~ msgstr "Ogiltig eller okänd signatur för BITLK-enhet." + +#~ msgid "Failed to wipe backup segment data." +#~ msgstr "Misslyckades med att radera säkerhetskopia av segmentdata." + +#~ msgid "Failed to disable reencryption requirement flag." +#~ msgstr "Misslyckades med att inaktivera flaggan för omkrypteringskrav." + +#~ msgid "Encryption is supported only for LUKS2 format." +#~ msgstr "Kryptering stöds endast för formatet LUKS2." + +#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +#~ msgstr "Identifierade LUKS-enhet på %s. Vill du kryptera LUKS-enheten igen?" + +#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +#~ msgstr "Stödjer endast LUKS2-formatet. Använd verktyget cryptsetup-reencrypt för LUKS1." + +#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +#~ msgstr "Föråldrad frånkopplad omkryptering pågår redan. Använd verktyget cryptsetup-reencrypt." + +#~ msgid "LUKS2 device is not in reencryption." +#~ msgstr "LUKS2-enheten är inte i omkryptering." + +#~ msgid "Setting LUKS2 offline reencrypt flag on device %s." +#~ msgstr "Sätter LUKS2-flaggan för att kryptera om på enheten %s." + +#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +#~ msgstr "Denna version av cryptsetup-reencrypt kan inte hantera ny interna tokentypen %s." + +#~ msgid "Failed to read activation flags from backup header." +#~ msgstr "Misslyckades med att läsa aktiveringsflaggor från säkerhetskopia av huvud." + +#~ msgid "Failed to read requirements from backup header." +#~ msgstr "Misslyckades med att läsa krav från säkerhetskopiehuvud." + +#~ msgid "Changed pbkdf parameters in keyslot %i." +#~ msgstr "Ändrade pbkdf-parametrarna i nyckelplatsen %i." + +#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +#~ msgstr "Endast värden mellan 1 MiB och 64 MiB är tillåtna som blockstorlek för omkryptering." + +#~ msgid "Maximum device reduce size is 64 MiB." +#~ msgstr "Högsta förminskningsstorlek för enhet är 64 MiB." + +#~ msgid "[OPTION...] " +#~ msgstr "[FLAGGA…] " + +#~ msgid "Argument required." +#~ msgstr "Kräver argument." + +#~ msgid "Option --new must be used together with --reduce-device-size or --header." +#~ msgstr "Flaggan --new måste användas tillsammans med --reduce-device-size eller --header." + +#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +#~ msgstr "Flaggan --keep-key kan endast användas med --hash, --iter-time eller --pbkdf-force-iterations." + +#~ msgid "Option --new cannot be used together with --decrypt." +#~ msgstr "Flaggan --new kan inte användas tillsammans med --decrypt." + +#~ msgid "Option --decrypt is incompatible with specified parameters." +#~ msgstr "Flaggan --decrypt är inkompatibel med specificerade parametrar." + +#~ msgid "Option --uuid is allowed only together with --decrypt." +#~ msgstr "Flaggan --uuid är endast tillåten tillsammans med --decrypt." + +#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +#~ msgstr "Ogiltig luks-typ. Använd en av dessa: 'luks', 'luks1' or 'luks2'." + +#~ msgid "Device %s is in use. Cannot proceed with format operation." +#~ msgstr "Enheten %s används. Det går inte att fortsätta med formateringsåtgärden." + #~ msgid "No free token slot." #~ msgstr "Ingen fri plats för token." @@ -4120,9 +4393,6 @@ #~ msgid "Function not available in FIPS mode." #~ msgstr "Funktionen är inte tillgänglig i FIPS-läge." -#~ msgid "Cipher %s is not available." -#~ msgstr "Chiffret %s är inte tillgängligt." - #~ msgid "Key slot %d selected for deletion." #~ msgstr "Nyckelplats %d markerad för borttagning." diff -Nru cryptsetup-2.5.0/po/uk.po cryptsetup-2.6.1/po/uk.po --- cryptsetup-2.5.0/po/uk.po 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/po/uk.po 2023-02-09 16:12:17.000000000 +0000 @@ -2,13 +2,13 @@ # Copyright (C) 2012 Free Software Foundation, Inc. # This file is put in the public domain. # -# Yuri Chornoivan , 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022. +# Yuri Chornoivan , 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.5.0-rc1\n" +"Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-07-14 17:47+0300\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-02 10:48+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -19,67 +19,71 @@ "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Lokalize 20.12.0\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Не можна ініціалізувати device-mapper, якщо програму запущено не від імені адміністратора (root)." -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Не вдалося ініціалізувати device-mapper. Чи завантажено модуль ядра dm_mod?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "Підтримки бажаного прапорця відкладення, %s, не передбачено." -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID для пристрою %s було обрізано." -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "Невідомий тип призначення dm." -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "Підтримки вказаних параметрів швидкодії dm-crypt не передбачено." -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Підтримки вказаних параметрів обробки пошкоджених даних за допомогою dm-verity не передбачено." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "Підтримки вказаного параметра завдань dm-verity не передбачено." + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "Підтримки вказаних параметрів FEC за допомогою dm-verity не передбачено." -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "Підтримки вказаних параметрів цілісності даних не передбачено." -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "Підтримки вказаного параметра sector_size не передбачено." -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Підтримки потрібного вам автоматичного повторного обчислення міток цілісності не передбачено." -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "Підтримки відкидання або обрізання не передбачено." -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Підтримки вказаного режиму бітової карти цілісності dm не передбачено." -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "Не вдалося опитати сегмент dm-%s." -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -87,16 +91,16 @@ "Під час створення ключа тому було вичерпано буфер ентропії системи.\n" "Будь ласка, пересуньте вказівник миші або наберіть якийсь текст у іншому вікні, щоб зібрати додаткові дані на основі випадкових подій.\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Створення ключа (виконано %d%%).\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Працюємо у режимі FIPS." -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "Критична помилка під час ініціалізації генератора псевдовипадкових чисел." @@ -108,428 +112,438 @@ msgid "Error reading from RNG." msgstr "Помилка читання з генератора псевдовипадкових чисел." -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "Не вдалося ініціалізувати допоміжну програму шифрування генератора псевдовипадкових чисел." -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "Не вдалося ініціалізувати допоміжну програму шифрування." -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Підтримки алгоритму хешування %s не передбачено." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Помилка під час обробки ключа (на основі хешу %s)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Не вдалося визначити тип пристрою. Несумісна дія з активації пристрою?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "Підтримку цієї дії передбачено лише для пристроїв LUKS." -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "Підтримку цієї дії передбачено лише для пристроїв LUKS2." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "Заповнено всі слоти ключів." -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Слот ключа %d є некоректним, будь ласка, виберіть число від 0 до %d." -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Слот ключа %d заповнено, будь ласка, виберіть інший." -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "Розмір пристрою не вирівняно за розміром логічного блоку пристрою." -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "Виявлено заголовок, але об’єм пристрою %s є надто малим." -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "Підтримки цієї дії для цього типу пристроїв не передбачено." -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "Виконуємо заборонену дію із повторного шифрування." -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "Не вдалося відкотити метадані LUKS2 у пам'яті." + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Пристрій %s не є коректним пристроєм LUKS." -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Непідтримувана версія LUKS, %d." -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "Пристрій %s є неактивним." -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Зник основний пристрій для пристрою для шифрування %s." -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "Некоректні параметри звичайного шифрування." -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "Некоректний розмір ключа." -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "Підтримки UUID для цього типу шифрування не передбачено." -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "Підтримки пристрою від'єднаних метаданих для цього типу шифрування не передбачено." -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "Непідтримуваний розмір сектора шифрування." -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "Розмір пристрою не вирівняно за вказаним розміром сектора." -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "Форматування LUKS без пристрою неможливе." -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "Потрібне вам вирівнювання даних є несумісним із відступом у даних." -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "Увага: відступ у даних виходить за межі поточного доступного пристрою для зберігання даних.\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 #, c-format msgid "Cannot wipe header on device %s." msgstr "Не можна витирати заголовок на пристрої %s." -#: lib/setup.c:1774 +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Пристрій %s є надто малим для активації, на ньому не лишиться місця для даних.\n" + +#: lib/setup.c:1840 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "Увага: спроба активувати пристрій завершиться невдало, у dm-crypt не передбачено підтримки для вказаного розміру сектора шифрування.\n" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Ключ тому є надто малим для шифрування із розширеннями цілісності." -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Шифрування %s-%s (розмір ключа — %zd бітів) є недоступним." -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "Увага: розмір метаданих LUKS2 змінено до % байтів.\n" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" msgstr "Увага: розмір області слотів ключів LUKS2 змінено до % байтів.\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "Об’єм пристрою %s є надто малим." -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "Не можна форматувати пристрій %s, який перебуває у користуванні." -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Не можна форматувати пристрій %s, недостатні права доступу." -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "Не вдалося форматувати цілісність для пристрою %s." -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "Не вдалося форматувати пристрій %s." -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "Не можна форматувати LOOPAES без пристрою." -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "Форматування VERITY без пристрою неможливе." -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Непідтримуваний тип хешування VERITY, %d." -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Непідтримуваний розмір блоку VERITY." -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Непідтримуваний відступ хешу VERITY." -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "Непідтримуваний зсув FEC VERITY." -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "Область даних перекривається із областю хешу." -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "Область хешування перекриваються з областю FEC." -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "Область даних перекривається із областю FEC." -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "Увага: бажаний розмір мітки у %d байтів відрізняється від розміру у результаті %s (%d байтів).\n" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Надіслано запит щодо невідомого типу пристрою шифрування, %s." -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "Непідтримувані параметри на пристрої %s." -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "Невідповідність параметрів на пристрої %s." -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "Невідповідність пристроїв шифрування." -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "Не вдалося перезавантажити пристрій %s." -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "Не вдалося приспати пристрій %s." -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "Не вдалося відновити роботу пристрою %s." -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Критична помилка під час перезавантаження пристрої %s (над пристроєм %s)." -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Не вдалося перемкнути пристрій %s у режим dm-error." -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "Неможливо змінити розмір петльового пристрою." -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "УВАГА: уже вказано максимальний розмір або у ядрі не передбачено можливості зміни розміру.\n" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "Не вдалося змінити розмір, у ядрі не передбачено підтримки такої дії." -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "Ви справді хочете змінити UUID пристрою?" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "Файл резервної копії заголовка не містить сумісного із LUKS заголовка." -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "Том %s не є активним." -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "Том %s вже приспано." -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "Підтримки присипляння для пристрою %s не передбачено." -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "Помилка під час спроби приспати пристрій %s." -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "Підтримки дії з пробудження для пристрою %s не передбачено." -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "Помилка під час спроби пробудити пристрій %s." -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "Том %s не приспано." -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "Ключ тому не відповідає тому." -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "Не вдалося додати слот ключа, всі слоти вимкнено і не вказано ключа тому." - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "Не вдалося зарезервувати новий слот ключа." -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "Слот ключа %d є некоректним." -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "Слот ключа %d не є активним." -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "Заголовок пристрою перекривається із областю даних." -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "Виконуємо повторне шифрування. Не можна активувати пристрій." -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "Не вдалося отримати стан блокування для повторного шифрування." -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "Не вдалося виконати відновлення даних повторного шифрування LUKS2." -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "Тип пристрою не ініціалізовано належним чином." -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "Пристрій %s вже існує." -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Неможливо скористатися пристроєм %s, некоректна назва або пристрій усе ще використовується." -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "Для пристрою зі звичайним шифруванням вказано помилковий ключ тому." -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "Для пристрою перевірки вказано помилковий кореневий хеш." -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "Потрібен хеш-підпис кореневої теки." -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Немає сховища ключів ядра: це сховище потрібне для передавання підпису ядру." -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "Не вдалося завантажити ключ до сховища ключів ядра." -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Не вдалося скасувати відкладене вилучення з пристрою %s." -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Пристрій %s все ще використовується." -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "Некоректний пристрій %s." -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "Буфер ключів тому є занадто малим." -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Неможливо отримати ключ тому для пристрою із шифруванням LUKS2." + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Неможливо отримати ключ тому для пристрою із шифруванням LUKS1." + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "Неможливо отримати ключ тому для пристрою зі звичайним шифруванням." @@ -537,147 +551,151 @@ msgid "Cannot retrieve root hash for verity device." msgstr "Не вдалося отримати кореневий хеш для пристрою VERITY." -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Неможливо отримати ключ тому для пристрою BITLK." + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Неможливо отримати ключ тому для пристрою FVAULT2." + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Підтримки цієї дії для шифрованого пристрою %s не передбачено." -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "Підтримки дії зі створення дампу для цього типу пристроїв не передбачено." -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Зсув у даних не є кратним до %u байтів." -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Не можна перетворити пристрій %s, який перебуває у користуванні." -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Не вдалося прив'язати слот ключа %u як новий ключ тому." -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Не вдалося ініціалізувати типові параметри слоту ключів LUKS2." -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Не вдалося прив'язати слот ключа %d до контрольної суми." -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Не вдалося додати слот ключа, всі слоти вимкнено і не вказано ключа тому." + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "У ядрі не передбачено підтримки сховища ключів ядра." -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "Не вдалося прочитати пароль із ключа зі сховища ключів (помилка %d)." -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Не вдалося створити загальне блокування серіалізації доступу до пам'яті." -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "Не вдалося отримати значення пріоритетності процесу." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "Не вдалося розблокувати пам’ять." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "Не вдалося відкрити файл ключа." -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "Не вдалося прочитати файл ключа з термінала." -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "Не вдалося отримати статистичні дані щодо файла ключа." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "Не вдалося встановити потрібну позицію у файлі ключа." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "Під час читання пароля вичерпано пам’ять." -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "Помилка під час читання пароля." -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "Нічого читати з вхідних даних." -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "Перевищено максимальний розмір файла ключа." -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "Не вдалося прочитати бажаний об’єм даних." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "Пристрою %s не існує або доступ до цього пристрою заборонено." -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "Пристрій %s є сумісним." -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Ігноруємо фіктивний розмір optimal-io для пристрою даних (%u байтів)." -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least % bytes." msgstr "Обсяг пристрою %s є надто малим. Потрібно принаймні % байтів." -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Не можна використовувати пристрій %s, оскільки його вже використано (призначено або змонтовано)." -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Не можна скористатися пристроєм %s, недостатні права доступу." -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "Не вдалося отримати дані щодо пристрою %s." -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "Не можна використовувати петльовий пристрій, програму запущено не від імені адміністративного користувача (root)." -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Спроба долучення петльового пристрою зазнала невдачі (потрібен петльовий пристрій з встановленим прапорцем автоматичного спорожнення)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Бажана точка відступу перебуває за межами об’єму пристрою %s." -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "Об’єм пристрою %s є нульовим." @@ -731,30 +749,25 @@ msgid "Only PBKDF2 is supported in FIPS mode." msgstr "У режимі FIPS передбачено підтримку лише PBKDF2." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Тестування PBKDF вимкнено, але кількість ітерацій не встановлено." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Несумісні параметри PBKDF2 (з використанням алгоритму хешування %s)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "Несумісні параметри PBKDF." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Блокування перервано. Шлях блокування %s/%s є непридатним для користування (не є каталогом або його не вказано)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "Буде створено каталог блокування %s/%s із типовими вбудованими правами доступу." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Блокування перервано Шлях блокування %s/%s є непридатним для користування (%s не є каталогом)." @@ -786,9 +799,9 @@ msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "Специфікацію шифрування слід вказувати так: [алгоритм]-[режим]-[iv]." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Не вдалося виконати запис на пристрій %s, недостатні права доступу." @@ -801,23 +814,24 @@ msgid "Failed to access temporary keystore device." msgstr "Не вдалося отримати доступ до пристрою тимчасового сховища ключів." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "Помилка введення-виведення під час шифрування слоту ключів." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Не вдалося відкрити пристрій %s." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "Помилка введення-виведення під час розшифрування слоту ключів." @@ -833,54 +847,54 @@ msgid "LUKS keyslot %u is invalid." msgstr "Слот ключа LUKS %u є некоректним." -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "Потрібний вам файл резервної копії заголовка, %s, вже існує." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "Не вдалося створити файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "Не вдалося записати файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "Файл резервної копії не містить коректного заголовка LUKS." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "Не вдалося відкрити файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "Не вдалося прочитати дані з файла резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "Відступ у даних або розмір ключа на пристрої і у резервній копії є різними. Відновлення неможливе." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "Пристрій %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "не містить заголовка LUKS. Заміна заголовка може зруйнувати дані, що зберігаються на пристрої." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "вже містить заголовок LUKS. Заміна заголовка призведе до руйнування вже створених слотів ключів." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -888,126 +902,130 @@ "\n" "ПОПЕРЕДЖЕННЯ: заголовок, що зберігається на пристрої, має інший UUID, ніж заголовок у резервній копії!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "Нестандартний розмір ключа, слід виправити дані вручну." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "Нестандартне вирівнювання слотів ключів, слід виправити дані вручну." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Виправлений режим шифрування (%s -> %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Виправлений хеш шифрування малими літерами (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "Підтримки бажаного хешування LUKS, %s, не передбачено." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Виправлення слотів ключів." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Слот ключа %i: виправлено відступ (%u -> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Слот ключа %i: виправлено смужки (%u -> %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Слот ключа %i: зайвий підпис розділу." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Слот ключа %i: дані ініціалізації (сіль) витерто." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "Запис заголовка LUKS на диск." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "Спроба виправлення зазнала невдачі." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "Режим шифрування LUKS %s є некоректним." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "Хеш-сума LUKS %s є некоректною." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "У заголовку LUKS не виявлено жодних проблем." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Помилка під час оновлення заголовка LUKS на пристрої %s." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Помилка під час спроби повторного читання заголовка LUKS після оновлення на пристрої %s." -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Відступ даних для заголовка LUKS має бути або рівним нулеві, або перевищувати розмір заголовка." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "Вказано UUID LUKS у помилковому форматі." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "Не вдалося створити заголовок LUKS: помилка читання випадкових даних для ініціалізації." -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "Не вдалося створити заголовок LUKS: помилка під час обчислення контрольної суми заголовка (з використанням хешу %s)." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "Слот ключа %d є активним. Його слід спочатку спорожнити." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Ентропія даних слота ключа %d є надто низькою. Маніпуляції з заголовком?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Переповнення значення ітерації PBKDF2." + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Не вдалося відкрити слот ключа (за допомогою хешу %s)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Слот ключа %d є некоректним, будь ласка, виберіть слот ключа з номером від 0 до %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Не вдалося витерти пристрій %s." @@ -1028,177 +1046,187 @@ msgid "Kernel does not support loop-AES compatible mapping." msgstr "У ядрі не передбачено підтримки призначення, сумісного з loop-AES." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "Помилка під час спроби читання файла ключа %s." -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Перевищено максимальну можливу довжину пароля TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Засіб створення хешів PBKDF2 за алгоритмом %s недоступний, пропускаємо." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "Потрібний для роботи інтерфейс ядра для шифрування недоступний." -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Переконайтеся, що завантажено модуль ядра algif_skcipher." -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Підтримки активації для розміру сектора %d не передбачено." -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "У ядрі не передбачено підтримки вмикання цього застарілого режиму TCRYPT." -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Активуємо шифрування системи за допомогою TCRYPT для розділу %s." -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "У ядрі не передбачено підтримки призначення, сумісного з TCRYPT." -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "Підтримки цієї дії без завантаження заголовка TCRYPT." -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуваний тип запису метаданих «%u»." -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "Під час обробки основного ключа тому виявлено некоректний рядок." -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуваний рядок («%s»)." -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуване значення запису метаданих «%u»." -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "Підтримки BITLK версії 1 у поточній версії не передбачено." -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Некоректний або невідомий підпис завантаження для пристрою BITLK." -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %." msgstr "Непідтримуваний розмір сектора %." -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Не вдалося прочитати заголовок BITLK з %s." -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Не вдалося прочитати метадані FVE BITLK з %s." -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Невідомий або непідтримуваний тип шифрування." -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Не вдалося прочитати записи метаданих BITLK з %s." -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "Не вдалося перетворити опис тому BITLK" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Під час обробки зовнішнього ключа виявлено неочікуваний тип запису метаданих «%u»." -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "Файл GUID BEK «%s» не відповідає GUID тому." -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Під час обробки зовнішнього ключа виявлено неочікуване значення запису метаданих «%u»." -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %" msgstr "Непідтримувана версія метаданих BEK, %" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size % does not match BEK file length" msgstr "Неочікуваний розмір метаданих BEK, %, не відповідає довжині файла BEK" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Під час обробки ключа запуску виявлено неочікуваний запис метаданих." -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "Підтримки цієї дії не передбачено." -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "Неочікуваний розмір даних ключа." -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Цей пристрій BITLK перебуває у непідтримуваному стані — його неможливо активувати." -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Пристрої BITLK типу «%s» неможливо активувати." -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Активації частково розшифрованого пристрою BITLK не передбачено." -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "WARNING: BitLocker volume size % does not match the underlying device size %" msgstr "УВАГА: розмір тому BitLocker % не відповідає розміру базового пристрою %" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки BITLK IV." -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки дифузера Elephant BITLK." -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки великого розміру секторів." -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Не вдалося активувати пристрій — немає модуля ядра dm-zero." +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Не вдалося прочитати %u байтів заголовка тому." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %." +msgstr "Непідтримувана версія FVAULT2 %." + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1350,17 +1378,17 @@ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Ядром відмовлено у активації небезпечного параметра повторного обчислення (див. застарілі параметри активації, щоб скористатися обчисленням попри це)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Не вдалося отримати блокування запису на пристрої %s." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Виявлено спробу конкурентного оновлення метаданих LUKS2. Перериваємо виконання дії." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1368,49 +1396,49 @@ "Пристрій містить неоднозначні підписи. Автоматичне відновлення LUKS2 неможливе.\n" "Будь ласка, запустіть «cryptsetup repair» для відновлення." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "Вказаний відступ у даних є надто малим." -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "Увага: область слоту ключів є надто малою (% байтів), доступна кількість слотів ключів LUKS2 буде дуже обмеженою.\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Не вдалося отримати блокування читання на пристрої %s." -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "У резервній копії %s виявлено заборонені вимоги щодо LUKS2." -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "Зсуви даних на пристрої і на резервній копії різняться, не вдалося відновити." -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Двійкові заголовки із розмірами областей слотів ключів на пристрої і у резервній копії різняться, не вдалося відновити копію." -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "Пристрій %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "не містить заголовка LUKS2. Заміна заголовка може зруйнувати дані, що зберігаються на пристрої." -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "вже містить заголовок LUKS2. Заміна заголовка призведе до руйнування вже створених слотів ключів." -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1420,7 +1448,7 @@ "ПОПЕРЕДЖЕННЯ: виявлено невідомі вимоги LUKS2 у справжньому заголовку пристрою!\n" "Заміна заголовка резервною копією може пошкодити дані на пристрої!" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1430,50 +1458,50 @@ "ПОПЕРЕДЖЕННЯ: на пристрої виявлено дані незавершеного повторного шифрування!\n" "Заміна заголовка заголовком із резервної копії може пошкодити дані." -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "Проігноровано невідомий прапорець %s." -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Не вистачає ключа для сегмента dm-crypt %u" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "Не вдалося встановити сегмент dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "Не вдалося встановити сегмент dm-linear." -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "Непідтримувані налаштування цілісності даних на пристрої." -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Виконуємо повторне шифрування. Не можна деактивувати пристрій." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Не вдалося замінити пристрій %s, роботу якого призупинено, ціллю dm-error." -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "Не вдалося прочитати вимоги LUKS2." -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "Виявлено невідповідність вимог LUKS2." -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Дія є несумісною із пристроєм, який позначено для перешифрування застарілого варіанта. Перериваємо дію." -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Дія є несумісною із пристроєм, який позначено для перешифрування LUKS2. Перериваємо дію." @@ -1485,20 +1513,21 @@ msgid "Keyslot open failed." msgstr "Не вдалося відкрити слот ключів." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Не можна використовувати шифрування %s-%s для слотів ключів." -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "Немає простору для нового слоту ключа." - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "Алгоритм хешування %s є недоступним." +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "Немає простору для нового слоту ключа." + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "Отримано запит щодо некоректної зміни режиму стійкості для повторного шифрування." @@ -1521,7 +1550,7 @@ msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Не вдалося перетворити заголовок з додатковими метаданими LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Не вдалося використати специфікацію шифрування %s-%s для LUKS2." @@ -1579,240 +1608,244 @@ msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "не вдалося перетворити до формату LUKS1 — слот ключів %u є несумісним з LUKS1." -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Розмір «гарячої» ділянки має бути кратним до обчисленого вирівнювання ділянки (%zu байтів)." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Розмір пристрою має бути кратним до обчисленого вирівнювання ділянки (%zu байтів)." -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "Не вдалося ініціалізувати обгортку старого сховища сегментів." -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "Не вдалося ініціалізувати обгортку нового сховища сегментів." -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "Не вдалося ініціалізувати захист «гарячої» зони" -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "Не вдалося прочитати контрольні суми для поточної «гарячої» ділянки." -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %." msgstr "Не вдалося прочитати «гарячу» ділянку, починаючи з %." -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Не вдалося розшифрувати сектор %zu." -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "Не вдалося відновити сектор %zu." -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %, target: %." msgstr "Розміри пристроїв джерела та призначення не збігаються. Розмір джерела — %, розмір призначення — %." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Не вдалося задіяти пристрій «гарячої» ділянки %s." -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Не вдалося задіяти пристрій-накладку %s зі справжньою таблицею походження." -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Не вдалося завантажити нову прив'язку для пристрою %s." -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "Не вдалося освіжити тек пристрої для повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "Не вдалося встановити розмір області нових слотів ключів." -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (% bytes)." msgstr "Значення зміщення даних не вирівняно до розміру сектора для шифрування (% байтів)." -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Непідтримуваний режим стійкості %s" -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "Розмір пересунутого сегмента не може перевищувати значення зсуву даних." -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "Некоректні параметри стійкості для повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %, available space for: %." msgstr "Пересунутий сегмент є надто великим. Потрібний розмір %, доступне місце: %." -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "Не вдалося очистити таблицю." -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "Зменшений розмір даних перевищує справжній розмір пристрою." -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (% bytes)." msgstr "Пристрій зберігання даних не вирівняно до розміру сектора для шифрування (% байтів)." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (% sectors) is less than future data offset (% sectors)." msgstr "Зміщення даних (% секторів) є меншим за майбутній зсув даних (% секторів)." -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Не вдалося відкрити %s в ексклюзивному режимі (вже пов'язано або змонтовано)." -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "Пристрій не позначено для повторного шифрування LUKS2." -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "Не вдалося завантажити контекст повторного шифрування LUKS2." -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "Не вдалося отримати стан повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "Пристрій не перебуває у повторному шифруванні." -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "Процес повторного шифрування вже виконується." -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "Не вдалося створити блокування для повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Продовження повторного шифрування неможливе. Спочатку слід виконати відновлення повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "Не збігаються розмір активного пристрою і запитаний розмір повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "У параметрах повторного шифрування вказано некоректний розмір пристрою." -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Виконується повторне шифрування. Неможливо виконати відновлення." -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Повторне шифрування LUKS2 вже ініційовано у метаданих." -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Не вдалося ініціалізувати повторне шифрування LUKS2 лише у метаданих." -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Не вдалося встановити сегменти пристрою для наступної «гарячої» ділянки повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "Не вдалося записати метадані стійкості для повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "Помилка розшифрування." -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %." msgstr "Не вдалося записати «гарячу» ділянку, починаючи з %." -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "Не вдалося синхронізувати дані." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Не вдалося оновити метадані після завершення обробки поточної «гарячої» зони повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "Не вдалося записати метадані LUKS2." -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "Не вдалося витерти область невикористаних даних пристрою." -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Не вдалося вилучити невикористаний (непов'язаний) слот ключа %d." -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "Не вдалося вилучити слот ключа для повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %, % sectors long." msgstr "Критична помилка під час повторного шифрування фрагмента, починаючи з %, довжиною у % секторів." -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "Не вдалося виконати інтерактивне повторне шифрування." -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "Не відновлюйте пристрій, якщо не заміните вручну пристрій призначення для помилок." -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Не вдалося виконати повторне шифрування. Неочікуваний стан засобу повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "Не вказано контекст повторного шифрування або вказано некоректний контекст." -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "Не вдалося ініціалізувати стос пристроїв повторного шифрування." -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "Не вдалося оновити контекст повторного шифрування." -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "Метадані повторного шифрування є некоректними." @@ -1820,18 +1853,18 @@ msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Параметри шифрування слоту ключів можна встановлювати лише для пристроїв LUKS2." -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "Введіть пінкод жетона:" +msgid "Enter token PIN: " +msgstr "Введіть пінкод жетона: " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "Введіть пінкод жетона %d:" +msgid "Enter token %d PIN: " +msgstr "Введіть пінкод жетона %d: " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Не виявлено жодного відомого зразка специфікації шифрування." @@ -1849,10 +1882,10 @@ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "На %s виявлено підписи пристроїв. Подальша обробка може пошкодити наявні дані." -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "Дію перервано.\n" @@ -1900,7 +1933,7 @@ "без пароля. Цей дамп слід зберігати у зашифрованому форматі\n" "у безпечному місці." -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1911,68 +1944,77 @@ "без пароля. Цей дамп слід зберігати у зашифрованому форматі\n" "у безпечному місці." -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Пристрій %s не є коректним пристроєм FVAULT2." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Неможливо визначити розмір ключа тому для FVAULT2. Будь ласка, скористайтеся параметром --key-size." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Пристрій %s усе ще є активним, його заплановано для відкладеного вилучення.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Зміна розмірів активного пристрою потребує наявності ключа тому у сховищі ключів, але вказано параметр --disable-keyring." -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "Тестування перервано." -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s н/д\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u ітерацій за секунду для %zu-бітового ключа\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s н/д\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u ітерацій, пам'ять: %5u, %1u паралельних потоків (процесорів) для %zu-бітового ключа (запит на %u мс часу)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "Результат тестування є ненадійним." -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Наближені значення під час перевірки визначаються лише за допомогою оперативної пам’яті (без запису на диск).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "№%*s Алгоритм | Ключ | Шифрування | Розшифрування\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Шифрування %s (розмір ключа — %i бітів) є недоступним." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "№ Алгоритм | Ключ | Шифрування | Розшифрування\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "н/д" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -1980,27 +2022,27 @@ "Виявлено незахищені метадані повторного шифрування LUKS2. Будь ласка, перевірте, чи бажаною є дія з повторного шифрування\n" "(див. виведення luksDump), і продовжуйте (оновлення метаданих), лише якщо впевнені, що дія є бажаною." -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Вкажіть пароль для захисту і оновлення метаданих повторного шифрування: " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Ви справді хочете продовжити процедуру відновлення повторного шифрування LUKS2?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Вкажіть пароль для перевірки контрольної суми метаданих повторного шифрування: " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "Вкажіть пароль для відновлення повторного шифрування: " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "Спробувати відновити заголовок пристрою LUKS?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2008,7 +2050,7 @@ "\n" "Витирання перервано." -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2016,119 +2058,128 @@ "Витираємо пристрій для ініціалізації контрольних сум для цілісності.\n" "Ви можете перервати цей процес натисканням комбінації клавіш CTRL+C (решта невитертого пристрою міститиме некоректну контрольну суму).\n" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Не можна скасувати активацію тимчасового пристрою %s." -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "Параметр цілісності може бути використано лише для формату LUKS2." -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "Непідтримувані параметри розміру метаданих LUKS2." -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "Файла заголовка не існує. Хочете його створити?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "Не вдалося створити файл заголовка %s." -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Не виявлено жодного відомого зразка специфікації цілісності." -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Не можна використовувати %s як заголовок на диску." -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Дані на %s буде перезаписано без можливості відновлення." -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Не вдалося встановити параметри pbkdf." -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Зменшений відступ даних можна використовувати лише для від’єднаних заголовків LUKS." -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "Контейнер файлів LUKS %s є надто малим для активації, на ньому не лишиться місця для даних." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Неможливо визначити розмір ключа тому для LUKS без слотів ключів. Будь ласка, скористайтеся параметром --key-size." -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "Пристрій задіяно, але не вдалося зробити прапорці сталими." -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Слот ключа %d позначено для вилучення." -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Це останній слот ключа. Пристрій стане непридатним для використання після спорожнення цього ключа." -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "Введіть будь-який інший пароль: " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Дію перервано, слот ключів НЕ витерто.\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "Введіть пароль, який слід вилучити: " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Пристрій %s не є коректним пристроєм LUKS2." -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "Введіть новий пароль для слота ключа: " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "Попередження: параметр --key-slot використано для нового числа слоту ключа.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Введіть будь-який пароль: " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "Введіть пароль, який слід змінити: " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Введіть новий пароль: " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "Вкажіть пароль для слоту ключа, який буде перетворено: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "У команді isLuks можна використовувати лише один аргумент назви пристрою." -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Слот ключа %d не містить непов'язаного ключа." -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2136,40 +2187,40 @@ "Дамп заголовка з непов'язаним ключем є конфіденційними даними.\n" "Цей дамп слід зберігати у зашифрованому форматі у безпечному місці." -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "%s не є назвою активного пристрою %s." -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s не є назвою активного пристрою LUKS або пропущено заголовок." -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "Слід вказати параметр --header-backup-file." -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s не є керованим cryptsetup пристроєм." -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Підтримки дії з оновлення для пристрою типу %s не передбачено." -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Нерозпізнаний тип пристрою метаданих, %s." -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "Аргументами команди мають бути назва пристрою та призначена до нього назва." -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2178,325 +2229,351 @@ "У результаті виконання цієї операції буде витерто усі слоти ключів на пристрої %s.\n" "Після виконання цієї дії пристроєм не можна буде скористатися." -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Дію перервано, слоти ключів НЕ витерто.\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Некоректний тип LUKS. Передбачено підтримку лише luks1 і luks2." -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "Пристрій вже належить до типу %s." -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Ця дія перетворить %s до формату %s.\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "Дію перервано, дані пристрою НЕ перетворено.\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "Пропущено параметр --priority, --label або --subsystem." -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "Жетон %d є некоректним." -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "Жетон %d використовується." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Не вдалося додати жетон %d зі сховища ключів luks2." -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Не вдалося прив'язати жетон %d до слоту ключа %d." -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "Жетон %d не використовується." -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "Не вдалося імпортувати жетон з файла." -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "Не вдалося отримати жетон %d для експортування." -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Жетон %d не пов'язано зі слотом ключа %d." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "Не вдалося відв'язати жетон %d від слоту ключа %d." + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Підтримку параметрів --tcrypt-hidden, --tcrypt-system і --tcrypt-backup передбачено лише для пристроїв TCRYPT." -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Підтримку параметра --veracrypt або --disable-veracrypt передбачено лише для пристроїв TCRYPT." -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Параметр --veracrypt-pim можна використовувати лише для сумісних із VeraCrypt пристроїв." -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Параметр --veracrypt-query-pim можна використовувати лише для сумісних із VeraCrypt пристроїв." -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Не можна поєднувати параметри --veracrypt-pim і --veracrypt-query-pim." -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Параметр --persistent не можна використовувати разом із --test-passphrase." -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Не можна поєднувати параметри --refresh і --test-passphrase." -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "Параметр --shared можна використовувати лише для відкриття незашифрованого пристрою." -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Підтримку параметра --skip передбачено лише для відкриття незашифрованих пристроїв та пристроїв loopaes." -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Підтримку параметра --offset разом із дією з відкриття передбачено лише для незашифрованих пристроїв та пристроїв loopaes." -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Параметр --tcrypt-hidden не можна поєднувати з --allow-discards." -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "Підтримку параметра розміру сектора разом із дією з відкриття передбачено лише для незашифрованих пристроїв." -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Підтримку можливості використання великих секторів IV передбачено лише для відкриття пристроїв простого типу з розміром сектора, який перевищує 512 байтів." -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Параметр --test-passphrase можна використовувати лише для відкриття пристроїв LUKS, TCRYPT та BITLK." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "Параметр --test-passphrase можна використовувати лише для відкриття пристроїв LUKS, TCRYPT, BITLK та FVAULT2." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "Не можна одночасно використовувати параметри --device-size і --size." -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "Параметр --sunbound можна використовувати лише для відкриття пристрою LUKS." -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Параметр --unbound не можна використовувати без --test-passphrase." -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Не можна одночасно використовувати параметр --cancel-deferred і --deferred." -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "Не можна одночасно використовувати параметри --reduce-device-size і --data-size." -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Параметр --active-name можна встановлювати лише для пристроїв LUKS2." -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Не можна одночасно використовувати параметри ---active-name і --force-offline-reencrypt." -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "Слід вказати специфікація слотів ключів." -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "Не можна одночасно використовувати параметри --align-payload і --offset." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Параметром --integrity-no-wipe можна користуватися лише для дії з форматування із розширенням забезпечення цілісності." -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "Можна використовувати лише один з параметрів --use-[u]random." -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "Разом із параметром --unbound слід вказувати розмір ключа." -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "Некоректна дія з жетоном." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "Параметр --key-description є обов'язковим для дій із додавання жетонів." -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "Для виконання дії потрібен специфічний жетон. Скористайтеся параметром --token-id." -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "Параметр --unbound можна використовувати лише разом із дією з додавання жетона." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Не можна поєднувати параметри --key-slot і --unbound." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "Дія потребує зазначення слоту ключа. Скористайтеся параметром --key-slot." + +#: src/cryptsetup.c:3156 msgid " [--type ] []" msgstr "<пристрій> [--type <тип>] [<назва>]" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as " msgstr "відкрити пристрій як <назва>" -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "" msgstr "<назва>" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "закрити пристрій (вилучити призначення)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "змінити розмір активного пристрою" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "показати стан пристрою" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher ]" msgstr "[--cipher <шифр>]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "перевірити швидкодію шифрування" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "" msgstr "<пристрій>" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "спробувати виправити метадані на диску" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "повторно зашифрувати пристрій LUKS2" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "витерти усі слоти ключів (вилучити ключ шифрування)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "перетворити LUKS із формату LUKS2 або навпаки" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "встановити сталі параметри налаштування для LUKS2" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid " []" msgstr "<пристрій> [<новий файл ключа>]" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "форматує пристрій LUKS" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "додати ключ до пристрою LUKS" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid " []" msgstr "<пристрій> [<файл ключа>]" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "вилучає наданий ключ або файл ключа з пристрою LUKS" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "змінює наданий ключ або файл ключа пристрою LUKS" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "перетворює ключ до нових параметрів pbkdf" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid " " msgstr "<пристрій> <слот ключа>" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number from LUKS device" msgstr "вилучає ключ з номером <слот ключа> з пристрою LUKS" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "вивести UUID пристрою LUKS" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests for LUKS partition header" msgstr "виконати спробу виявлення заголовка розділу LUKS на пристрої <пристрій>" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "створити дамп даних щодо розділу LUKS" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "створити дамп даних пристрою TCRYPT" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "створити дамп даних пристрою BITLK" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "створити дамп даних пристрою FVAULT2" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Приспати пристрій LUKS і витерти ключ (роботу всіх каналів введення-виведення буде заморожено)" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "Відновити роботу приспаного пристрою LUKS" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "Створити резервну копію заголовка пристрою LUKS і слотів ключів" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "Відновити заголовок пристрою LUKS і слоти ключів" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid " " msgstr " <пристрій>" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "Керування жетонами LUKS2" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" " is one of:\n" @@ -2504,20 +2581,20 @@ "\n" "<дія> є однією з таких:\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "Ви також можете скористатися застарілими альтернативними\n" "синтаксичними конструкціями для запису <дія>:\n" -"\tвідкрити: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tзакрити: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\tвідкрити: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tзакрити: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2532,7 +2609,7 @@ "<слот ключа> — номер слота ключа LUKS, який слід змінити\n" "<файл ключа> — необов’язковий файл ключа для нового ключа для дії luksAddKey\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2541,7 +2618,7 @@ "\n" "Типовий укомпільований формат метаданих — %s (для дії luksFormat).\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2550,20 +2627,20 @@ "\n" "Підтримка додатків зовнішніх жетонів LUKS2 — %s.\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "вбудована" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Шлях до теки додатків зовнішніх жетонів LUKS2: %s.\n" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "вимкнено" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2580,7 +2657,7 @@ "Типовий PBKDF для LUKS2: %s\n" "\tЧас ітерації: %d, потрібний обсяг пам'яті: %d кБ, паралельних потоків: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2595,96 +2672,96 @@ "\tзвичайне: %s, ключ: %d-бітовий, хешування пароля: %s\n" "\tLUKS: %s, ключ: %d-бітовий, хешування заголовка LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: типовий розмір ключа у режимі XTS (два вбудованих ключа) буде подвоєно.\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: слід вказати у параметрах %s" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Некоректний слот ключа." -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "Розмір пристрою має бути кратним до 512-байтового сектора." -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "Некоректна специфікація розміру «гарячої» ділянки повторного шифрування." -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "Розмір ключа має бути кратним 8 бітам" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "Максимальний розмір зменшення розміру пристрою дорівнює 1 ГіБ." -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Розмір зменшення має бути кратним до 512-байтового сектора." -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Значенням для параметра --priority може бути лише один з таких рядків: ignore, normal або prefer." -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "Показати цю довідку" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Показати короткі настанови щодо користування" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "Вивести дані щодо версії пакунка" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "Пункти довідки:" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] " msgstr "[ПАРАМЕТР...] <дія> <параметри_дії>" -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument missing." msgstr "Не вказано аргумент <дія>." -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "Невідома дія." -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Параметр --key-file має пріоритет над вказаним параметром файла ключа." -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "Можна використовувати лише один аргумент --key-file." -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Функцією отримання ключа на основі пароля (PBKDF) може бути лише pbkdf2 або argon2i/argon2id." -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Примусові ітерації PBKDF не можна поєднувати із параметром тривалості ітерацій." -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Параметри --keyslot-cipher і --keyslot-key-size має бути використано разом." -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Дій не виконано. Викликано із параметром --test-args.\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "Не вдалося вимкнути блокування метаданих." @@ -2712,72 +2789,72 @@ msgid "Cannot write to root hash file %s." msgstr "Не вдалося записати файл кореневого хешу %s." -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "Пристрій %s не є коректним пристроєм VERITY." -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "Не вдалося прочитати файл кореневого хешу %s." -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "Некоректний файл кореневого хешу %s." -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "Вказано некоректний рядок кореневого хешу." -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "Некоректний файл підпису %s." -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "Не вдалося прочитати файл підпису %s." -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires or --root-hash-file option as argument." msgstr "Для виконання команди потрібен <кореневий_хеш> або параметр --root-hash-file як аргумент." -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid " " msgstr "<пристрій_даних> <пристрій_хешу>" -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "форматувати пристрій" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid " []" msgstr "<пристрій_даних> <пристрій_хешу> [<кореневий_хеш>]" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "перевірити пристрій" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid " []" msgstr "<пристрій_даних> <назва> <пристрій_хешу> [<кореневий_хеш>]" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "показати стан активного пристрою" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "" msgstr "<пристрій_хешу>" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "показати вбудовані дані" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2792,7 +2869,7 @@ "<пристрій_хешу> — пристрій, на якому зберігаються дані для перевірки\n" "<кореневий_хеш> — хеш кореневого вузла на пристрої <пристрій_хешу>\n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2803,11 +2880,11 @@ "Типові вбудовані параметри dm-verity:\n" "\tхеш: %s, блок даних (у байтах): %u, блок хешу (у байтах): %u, розмір солі: %u, формат хешування: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Параметри --ignore-corruption і --restart-on-corruption не можна використовувати одночасно." -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Параметри --panic-on-corruption і --restart-on-corruption не можна використовувати одночасно." @@ -3092,7 +3169,7 @@ msgid "Finished, time %s, %s, %s\n" msgstr "Завершено, час %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "Не вдалося перевірити якість пароля: %s" @@ -3106,42 +3183,42 @@ "Помилка під час спроби оцінити якість пароля:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Помилка під час спроби оцінити якість пароля: некоректний пароль (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "Помилка під час читання пароля з термінала." -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "Перевірка пароля: " -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "Паролі не збігаються." -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "Не можна використовувати відступ у даних, що надходять з термінала." -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "Введіть пароль: " -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "Введіть пароль до %s: " -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "Для цього пароля немає відповідного ключа." -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "Немає доступних придатних до користування слотів ключів." @@ -3215,41 +3292,50 @@ "Таке шифрування може призвести до пошкодження даних, якщо пристрій задіяно.\n" "Щоб запустити повторне шифрування у режимі без від'єднання, скористайтеся параметром --active-name.\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Пристрій %s не є блоковим пристроєм. Не можна визначити, чи є він активним.\n" +"Скористайтеся --force-offline-reencrypt для обходу перевірки та запуску в автономному режимі (небезпечно!)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Вказаний параметр --resilience не може бути застосовано до поточної дії з повторного шифрування." + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "Пристрій не у шифруванні LUKS2. Конфліктний параметр --encrypt." -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "Пристрій не у розшифруванні LUKS2. Конфліктний параметр --decrypt." -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "Пристрій перебуває у повторному шифруванні з використанням стійкості зсуву даних. Вказаний параметр --resilience не може бути застосовано." -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "Вказаний параметр --resilience не може бути застосовано до поточної дії з повторного шифрування." - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "Пристрій потребує відновлення повторного шифрування. Спочатку виконайте відновлення." -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Пристрій %s вже перебуває у стані повторного шифрування LUKS2. Хочете відновити раніше ініціалізовану дію?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Підтримки застарілого повторного шифрування LUKS2 більше не передбачено." -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "Підтримки повторного шифрування пристрою із профілем цілісності не передбачено." -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size % is incompatible with %s superblock\n" @@ -3258,98 +3344,103 @@ "Вказаний --sector-size % є несумісним із суперблоком %s\n" "(розмір блоку: % байтів), який виявлено на пристрої %s." -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Шифрування без від'єднаного заголовка (--header) є неможливим без зменшення розміру пристрою зберігання даних (--reduce-device-size)." -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:525 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Вказаний зсув даних має бути меншим або рівним половині значення параметра --reduce-device-size." -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:535 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" msgstr "Коригуємо значення --reduce-device-size до подвійного значення --offset % (у секторах).\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Файл тимчасового заголовка %s вже існує. Перериваємо обробку." -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "Не вдалося створити файл тимчасового заголовка %s." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Розмір метаданих LUKS2 перевищує значення зсуву даних." -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Не вдалося розмістити новий заголовок на початку пристрою %s." -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s задіяно, система готова до інтерактивного шифрування.\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "Активний пристрій %s не є пристроєм LUKS2." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "Відновлюємо початковий заголовок LUKS2." -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "Спроба відновлення початкового заголовка LUKS2 зазнала невдачі." -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Файла заголовка %s не існує. Хочете ініціалізувати розшифрування LUKS2 пристрою %s і експортувати заголовок LUKS2 до файла %s?" + +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "Не вдалося додати права доступу для читання-запису до експортованого файла заголовка." -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Не вдалося ініціалізувати повторне шифрування. Резервна копія заголовка перебуває у %s." -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:873 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Підтримку розшифровування LUKS2 передбачено лише для пристроїв із від'єднаним заголовком (із встановленим нульовим відступом даних)." -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "Недостатньо вільних слотів ключів для повторного шифрування." -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Файлом ключа можна користуватися лише з --key-slot, або якщо активним є лише один слот ключа." -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Вкажіть пароль для слоту ключа %d: " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Вкажіть пароль для слоту ключа %u: " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Перемикаємося на шифрування даних %s.\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Не змінено параметри сегмента даних. Повторне шифрування перервано." -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3357,7 +3448,7 @@ "Підтримки збільшення розміру сектора шифрування на вимкненому пристрої не передбачено.\n" "Спочатку активуйте пристрій або скористайтеся параметром --force-offline-reencrypt (небезпечно!)." -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3366,58 +3457,58 @@ "\n" "Повторне шифрування перервано." -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Відновлюємо повторне шифрування LUKS у примусовому вимкненому режимі.\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "На пристрої %s містяться пошкоджені метадані LUKS. Перериваємо дію." -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Пристрій %s вже є пристроєм LUKS. Перериваємо дію." -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Пристрій %s вже перебуває у стані повторного шифрування LUKS. Перериваємо дію." -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "Для розшифровування LUKS2 потрібен параметр --header." -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "Комарні слід передати аргумент пристрою." -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Конфлікт версій. Пристрій %s є пристроєм LUKS1." -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Конфлікт версій. Пристрій %s перебуває у стані повторного шифрування LUKS1." -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Конфлікт версій. Пристрій %s є пристроєм LUKS2." -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Конфлікт версій. Пристрій %s перебуває у стані повторного шифрування LUKS2." -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Вже ініційовано повторне шифрування LUKS2. Перериваємо виконання дії." -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "Повторне шифрування пристрою не виконується." @@ -3522,28 +3613,28 @@ msgid "Provided UUID is invalid." msgstr "Наданий UUID є некоректним." -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "Не вдалося відкрити файл журналу повторного шифрування." -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "Розшифровування не виконується. Наданий UUID можна використовувати лише для відновлення призупиненого процесу розшифровування." -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Повторне шифрування призведе до зміни: %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "ключ тому" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr "встановити хеш у значення " -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr ", встановити шифрування " @@ -3763,6 +3854,18 @@ msgid "Public key authentication error: " msgstr "Помилка розпізнавання за відкритим ключем: " +#~ msgid "WARNING: Data offset is outside of currently available data device.\n" +#~ msgstr "Увага: відступ у даних виходить за межі поточного доступного пристрою для зберігання даних.\n" + +#~ msgid "Cannot get process priority." +#~ msgstr "Не вдалося отримати значення пріоритетності процесу." + +#~ msgid "Cannot unlock memory." +#~ msgstr "Не вдалося розблокувати пам’ять." + +#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions." +#~ msgstr "Буде створено каталог блокування %s/%s із типовими вбудованими правами доступу." + #~ msgid "Failed to read BITLK signature from %s." #~ msgstr "Не вдалося прочитати підпис BITLK з %s." @@ -4160,9 +4263,6 @@ #~ msgid "Sector size option is not supported for this command." #~ msgstr "У цій команді не передбачено підтримки параметра розміру сектора." -#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions." -#~ msgstr "Параметр --unbound можна використовувати лише з діями luksAddKey і luksDump." - #~ msgid "Option --refresh may be used only with open action." #~ msgstr "Параметр --refresh можна використовувати лише під час дії з відкриття (open)." @@ -4343,9 +4443,6 @@ #~ msgid "Read new volume (master) key from file" #~ msgstr "Прочитати новий ключ тому (основний ключ) з файла" -#~ msgid "PBKDF2 iteration time for LUKS (in ms)" -#~ msgstr "Тривалість ітерації PBKDF2 для LUKS (у мс)" - #~ msgid "Use direct-io when accessing devices" #~ msgstr "Використовувати безпосереднє введення-виведення під час доступу до пристроїв" diff -Nru cryptsetup-2.5.0/README.md cryptsetup-2.6.1/README.md --- cryptsetup-2.5.0/README.md 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/README.md 2023-02-09 16:12:17.000000000 +0000 @@ -2,113 +2,145 @@ What the ...? ============= -**Cryptsetup** is a utility used to conveniently set up disk encryption based -on the [DMCrypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module. +**Cryptsetup** is an open-source utility used to conveniently set up disk encryption based +on the [dm-crypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module. -These include **plain** **dm-crypt** volumes, **LUKS** volumes, **loop-AES**, -**TrueCrypt** (including **VeraCrypt** extension) and **BitLocker** formats. +These formats are supported: + * **plain** volumes, + * **LUKS** volumes, + * **loop-AES**, + * **TrueCrypt** (including **VeraCrypt** extension), + * **BitLocker**, and + * **FileVault2**. The project also includes a **veritysetup** utility used to conveniently setup -[DMVerity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) block integrity checking kernel module -and **integritysetup** to setup -[DMIntegrity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity) block integrity kernel module. +[dm-verity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) +block integrity checking kernel module and **integritysetup** to setup +[dm-integrity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity) +block integrity kernel module. LUKS Design ----------- -**LUKS** is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not -only facilitate compatibility among distributions, but also provides secure management of multiple user passwords. -LUKS stores all necessary setup information in the partition header, enabling to transport or migrate data seamlessly. - -### Specifications - -Last version of the LUKS2 format specification is -[available here](https://gitlab.com/cryptsetup/LUKS2-docs). - -Last version of the LUKS1 format specification is -[available here](https://www.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf). - -Why LUKS? ---------- - * compatibility via standardization, - * secure against low entropy attacks, - * support for multiple keys, - * effective passphrase revocation, - * free. - -[Project home page](https://gitlab.com/cryptsetup/cryptsetup/). ------------------ - -[Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions) --------------------------------- +**LUKS** is the standard for Linux disk encryption. By providing a standard on-disk format, +it does not only facilitate compatibility among distributions, but also provides secure management +of multiple user passwords. LUKS stores all necessary setup information in the partition header, +enabling to transport or migrate data seamlessly. + +### Specification and documentation + + * The latest version of the + [LUKS2 format specification](https://gitlab.com/cryptsetup/LUKS2-docs). + * The latest version of the + [LUKS1 format specification](https://www.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf). + * [Project home page](https://gitlab.com/cryptsetup/cryptsetup/). + * [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions) Download -------- -All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/). +All release tarballs and release notes are hosted on +[kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/). -**The latest stable cryptsetup version is 2.5.0** - * [cryptsetup-2.5.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.xz) - * Signature [cryptsetup-2.5.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.sign) +**The latest stable cryptsetup release version is 2.6.1** + * [cryptsetup-2.6.1.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz) + * Signature [cryptsetup-2.6.1.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.sign) _(You need to decompress file first to check signature.)_ - * [Cryptsetup 2.5.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes). + * [Cryptsetup 2.6.1 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/v2.6.1-ReleaseNotes). Previous versions - * [Version 2.4.3](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-2.4.3.tar.xz) - - [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-2.4.3.tar.sign) - - [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes). + * [Version 2.5.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.xz) - + [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.sign) - + [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes). * [Version 1.7.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz) - [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign) - [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.5-ReleaseNotes). -Source and API docs -------------------- -For development version code, please refer to [source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page, -mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) or [GitHub](https://github.com/mbroz/cryptsetup). +Source and API documentation +---------------------------- +For development version code, please refer to +[source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page, +mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) or +[GitHub](https://github.com/mbroz/cryptsetup). -For libcryptsetup documentation see [libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page. +For libcryptsetup documentation see +[libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page. -The libcryptsetup API/ABI changes are tracked in [compatibility report](https://abi-laboratory.pro/tracker/timeline/cryptsetup/). +The libcryptsetup API/ABI changes are tracked in +[compatibility report](https://abi-laboratory.pro/tracker/timeline/cryptsetup/). -NLS PO files are maintained by [TranslationProject](https://translationproject.org/domain/cryptsetup.html). +NLS PO files are maintained by +[TranslationProject](https://translationproject.org/domain/cryptsetup.html). Required packages ----------------- -All distributions provide cryptsetup as distro package. If you need to compile cryptsetup yourself, some packages are required for compilation. Please always prefer distro specific build tools to manually configuring cryptsetup. +All distributions provide cryptsetup as distro package. If you need to compile cryptsetup yourself, +some packages are required for compilation. +Please always prefer distro specific build tools to manually configuring cryptsetup. Here is the list of packages needed for the compilation of project for particular distributions: - * For Fedora: `git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar`. Optionally `libargon2-devel libpwquality-devel`. To run the internal testsuite you also need to install `sharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass`. - * For Debian and Ubuntu: `git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol1-dev libjson-c-dev libssh-dev libblkid-dev tar`. Optionally `libargon2-0-dev libpwquality-dev`. To run the internal testsuite you also need to install `sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass` +**For Fedora**: +``` +git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel +libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar + +Optionally: libargon2-devel libpwquality-devel +``` +To run the internal testsuite (make check) you also need to install +``` +sharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass +``` + +**For Debian and Ubuntu**: +``` +git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev +libpopt-dev uuid-dev libsepol1-dev libjson-c-dev libssh-dev libblkid-dev tar + +Optionally: libargon2-0-dev libpwquality-dev +``` +To run the internal testsuite (make check) you also need to install +``` +sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass +``` Note that the list could change as the distributions evolve. Compilation ----------- -The cryptsetup project uses **automake** and **autoconf** system to generate all needed files for compilation. If you check it from the git snapshot, use ``./autogen.sh && ./configure && make`` to compile the project. If you use downloaded released ``*.tar.xz`` archive, the configure script is already pre-generated (no need to run ``autoconf.sh``). -See ``./configure --help`` and use ``--disable-*`` and ``--enable-*`` options. +The cryptsetup project uses **automake** and **autoconf** system to generate all needed files +for compilation. If you check it from the git snapshot, use **./autogen.sh && ./configure && make** +to compile the project. If you use downloaded released **tar.xz** archive, the configure script +is already pre-generated (no need to run **autoconf.sh**). +See **./configure --help** and use **--disable-[feature]** and **--enable-[feature]** options. -For running the test suite that come with the project, type ``make check``. +For running the test suite that come with the project, type **make check**. Note that most tests will need root user privileges and run many dangerous storage fail simulations. -Do **not** run tests with root privilege on production systems! Some tests will need scsi_debug kernel module to be available. +Do **not** run tests with root privilege on production systems! Some tests will need scsi_debug +kernel module to be available. -For more details, please refer to [automake](https://www.gnu.org/software/automake/manual/automake.html) and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) manuals. +For more details, please refer to [automake](https://www.gnu.org/software/automake/manual/automake.html) +and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) manuals. Help! ----- - ### Documentation +Please read the following documentation before posting questions in the mailing list... +You will be able to ask better questions and better understand the answers. -Please read the following documentation before posting questions in the mailing list. You will be able to ask better questions and better understand the answers. - -* [FAQ](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions) -* LUKS Specifications +* [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions), +* [LUKS Specifications](#specification-and-documentation), and * manuals (aka man page, man pages, man-page) -The FAQ is online and in the source code for the project. The Specifications are referenced above in this document. The man pages are in source and should be available after installation using standard man commands. e.g. man cryptsetup +The FAQ is online and in the source code for the project. The Specifications are referenced above +in this document. The man pages are in source and should be available after installation using +standard man commands, e.g. **man cryptsetup**. ### Mailing List -For cryptsetup and LUKS related questions, please use the cryptsetup mailing list [cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev), hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html). -To subscribe send an empty mail to [cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev). +For cryptsetup and LUKS related questions, please use the cryptsetup mailing list +[cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev), +hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html). +To subscribe send an empty mail to +[cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev). You can also browse and/or search the mailing [list archive](https://lore.kernel.org/cryptsetup/). News (NNTP), Atom feed and git access to public inbox is available through [lore.kernel.org](https://lore.kernel.org) service. diff -Nru cryptsetup-2.5.0/src/cryptsetup_arg_list.h cryptsetup-2.6.1/src/cryptsetup_arg_list.h --- cryptsetup-2.5.0/src/cryptsetup_arg_list.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/cryptsetup_arg_list.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Cryptsetup command line arguments list * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -111,10 +111,16 @@ ARG(OPT_VOLUME_KEY_FILE, '\0', POPT_ARG_STRING, N_("Use the volume key from file."), NULL, CRYPT_ARG_STRING, {}, {}) +ARG(OPT_NEW_KEYFILE, '\0', POPT_ARG_STRING, N_("Read the key for a new slot from a file"), NULL, CRYPT_ARG_STRING, {}, OPT_NEW_KEYFILE_ACTIONS) + +ARG(OPT_NEW_KEY_SLOT, '\0', POPT_ARG_STRING, N_("Slot number for new key (default is first free)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_SLOT }, OPT_NEW_KEY_SLOT_ACTIONS) + ARG(OPT_NEW_KEYFILE_OFFSET , '\0', POPT_ARG_STRING, N_("Number of bytes to skip in newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT64, {}, {}) ARG(OPT_NEW_KEYFILE_SIZE, '\0', POPT_ARG_STRING, N_("Limits the read from newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT32, {}, {}) +ARG(OPT_NEW_TOKEN_ID, '\0', POPT_ARG_STRING, N_("Token number (default: any)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_TOKEN }, OPT_NEW_TOKEN_ID_ACTIONS) + ARG(OPT_OFFSET, 'o', POPT_ARG_STRING, N_("The start offset in the backend device"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_OFFSET_ACTIONS) ARG(OPT_PBKDF, '\0', POPT_ARG_STRING, N_("PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"), NULL, CRYPT_ARG_STRING, {}, OPT_PBKDF_ACTIONS) @@ -189,7 +195,7 @@ ARG(OPT_TYPE, 'M', POPT_ARG_STRING, N_("Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"), NULL, CRYPT_ARG_STRING, {}, {}) -ARG(OPT_UNBOUND, '\0', POPT_ARG_NONE, N_("Create or dump unbound (no assigned data segment) LUKS2 keyslot"), NULL, CRYPT_ARG_BOOL, {}, OPT_UNBOUND_ACTIONS) +ARG(OPT_UNBOUND, '\0', POPT_ARG_NONE, N_("Create or dump unbound LUKS2 keyslot (unassigned to data segment) or LUKS2 token (unassigned to keyslot)"), NULL, CRYPT_ARG_BOOL, {}, OPT_UNBOUND_ACTIONS) ARG(OPT_USE_RANDOM, '\0', POPT_ARG_NONE, N_("Use /dev/random for generating volume key"), NULL, CRYPT_ARG_BOOL, {}, OPT_USE_RANDOM_ACTIONS) diff -Nru cryptsetup-2.5.0/src/cryptsetup_args.h cryptsetup-2.6.1/src/cryptsetup_args.h --- cryptsetup-2.5.0/src/cryptsetup_args.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/cryptsetup_args.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Command line arguments helpers * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,6 +31,7 @@ #define CONFIG_ACTION "config" #define CONVERT_ACTION "convert" #define ERASE_ACTION "erase" +#define FVAULT2DUMP_ACTION "fvault2Dump" #define ISLUKS_ACTION "isLuks" #define ADDKEY_ACTION "luksAddKey" #define CHANGEKEY_ACTION "luksChangeKey" @@ -69,6 +70,9 @@ #define OPT_KEY_SLOT_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION } #define OPT_KEYSLOT_CIPHER_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION } #define OPT_KEYSLOT_KEY_SIZE_ACTIONS OPT_KEYSLOT_CIPHER_ACTIONS +#define OPT_NEW_KEYFILE_ACTIONS { ADDKEY_ACTION } +#define OPT_NEW_KEY_SLOT_ACTIONS { ADDKEY_ACTION } +#define OPT_NEW_TOKEN_ID_ACTIONS { ADDKEY_ACTION } #define OPT_LABEL_ACTIONS { CONFIG_ACTION, FORMAT_ACTION, REENCRYPT_ACTION } #define OPT_LUKS2_KEYSLOTS_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION } #define OPT_LUKS2_METADATA_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION } @@ -90,7 +94,7 @@ #define OPT_TCRYPT_SYSTEM_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION } #define OPT_TEST_PASSPHRASE_ACTIONS { OPEN_ACTION } #define OPT_TOKEN_REPLACE_ACTIONS { TOKEN_ACTION } -#define OPT_UNBOUND_ACTIONS { ADDKEY_ACTION, LUKSDUMP_ACTION, OPEN_ACTION } +#define OPT_UNBOUND_ACTIONS { ADDKEY_ACTION, LUKSDUMP_ACTION, OPEN_ACTION, TOKEN_ACTION } #define OPT_USE_RANDOM_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION } #define OPT_USE_URANDOM_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION } #define OPT_UUID_ACTIONS { FORMAT_ACTION, UUID_ACTION, REENCRYPT_ACTION } diff -Nru cryptsetup-2.5.0/src/cryptsetup.c cryptsetup-2.6.1/src/cryptsetup.c --- cryptsetup-2.5.0/src/cryptsetup.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/cryptsetup.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -105,9 +105,9 @@ assert(token_id >= 0 || token_id == CRYPT_ANY_TOKEN); if (token_id == CRYPT_ANY_TOKEN) - r = snprintf(msg, sizeof(msg), _("Enter token PIN:")); + r = snprintf(msg, sizeof(msg), _("Enter token PIN: ")); else - r = snprintf(msg, sizeof(msg), _("Enter token %d PIN:"), token_id); + r = snprintf(msg, sizeof(msg), _("Enter token %d PIN: "), token_id); if (r < 0 || (size_t)r >= sizeof(msg)) return -EINVAL; @@ -642,6 +642,143 @@ return r; } +static int fvault2Dump_with_volume_key(struct crypt_device *cd) +{ + char *vk = NULL; + char *password = NULL; + size_t vk_size = 0; + size_t pass_len = 0; + int r = 0; + + if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog( + _("The header dump with volume key is sensitive information\n" + "that allows access to encrypted partition without a passphrase.\n" + "This dump should be stored encrypted in a safe place."), + NULL)) + return -EPERM; + + vk_size = crypt_get_volume_key_size(cd); + vk = crypt_safe_alloc(vk_size); + if (vk == NULL) + return -ENOMEM; + + r = tools_get_key(NULL, &password, &pass_len, + ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), + ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID), 0, 0, cd); + if (r < 0) + goto out; + + r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, password, pass_len); + tools_passphrase_msg(r); + check_signal(&r); + if (r < 0) + goto out; + + tools_keyslot_msg(r, UNLOCKED); + + if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) { + r = tools_write_mk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), vk, vk_size); + if (r < 0) + goto out; + } + + r = crypt_dump(cd); + if (r < 0) + goto out; + + log_std("Volume key: \t"); + crypt_log_hex(cd, vk, vk_size, " ", 0, NULL); + log_std("\n"); +out: + crypt_safe_free(password); + crypt_safe_free(vk); + return r; +} + +static int action_fvault2Dump(void) +{ + struct crypt_device *cd = NULL; + int r = 0; + + r = crypt_init(&cd, action_argv[0]); + if (r < 0) + goto out; + + r = crypt_load(cd, CRYPT_FVAULT2, NULL); + if (r < 0) { + log_err(_("Device %s is not a valid FVAULT2 device."), action_argv[0]); + goto out; + } + + if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID)) + r = fvault2Dump_with_volume_key(cd); + else + r = crypt_dump(cd); +out: + crypt_free(cd); + return r; +} + +static int action_open_fvault2(void) +{ + struct crypt_device *cd = NULL; + const char *activated_name; + uint32_t activate_flags = 0; + int r, tries, keysize; + char *password = NULL; + char *key = NULL; + size_t passwordLen; + + activated_name = ARG_SET(OPT_TEST_PASSPHRASE_ID) ? NULL : action_argv[1]; + + if ((r = crypt_init(&cd, action_argv[0]))) + goto out; + + r = crypt_load(cd, CRYPT_FVAULT2, NULL); + if (r < 0) { + log_err(_("Device %s is not a valid FVAULT2 device."), action_argv[0]); + goto out; + } + set_activation_flags(&activate_flags); + + if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) { + keysize = crypt_get_volume_key_size(cd); + if (!keysize && !ARG_SET(OPT_KEY_SIZE_ID)) { + log_err(_("Cannot determine volume key size for FVAULT2, please use --key-size option.")); + r = -EINVAL; + goto out; + } else if (!keysize) + keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8; + + r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize); + if (r < 0) + goto out; + r = crypt_activate_by_volume_key(cd, activated_name, key, keysize, activate_flags); + } else { + tries = set_tries_tty(); + do { + r = tools_get_key(NULL, &password, &passwordLen, + ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), + ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID), + verify_passphrase(0), 0, cd); + if (r < 0) + goto out; + + r = crypt_activate_by_passphrase(cd, activated_name, CRYPT_ANY_SLOT, + password, passwordLen, activate_flags); + tools_passphrase_msg(r); + check_signal(&r); + crypt_safe_free(password); + password = NULL; + } while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); + } +out: + crypt_safe_free(password); + crypt_safe_free(key); + crypt_free(cd); + return r; +} + static int action_close(void) { struct crypt_device *cd = NULL; @@ -860,7 +997,7 @@ .time_ms = 1000, }; - r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, "0123456789abcdef", 16, key_size, + r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foobarfo", 8, "0123456789abcdef", 16, key_size, &benchmark_callback, &pbkdf); if (r < 0) log_std(_("PBKDF2-%-9s N/A\n"), hash); @@ -875,7 +1012,7 @@ .parallel_threads = ARG_UINT32(OPT_PBKDF_PARALLEL_ID) }; - r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, + r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foobarfo", 8, "0123456789abcdef0123456789abcdef", 32, key_size, &benchmark_callback, &pbkdf); if (r < 0) @@ -1430,6 +1567,7 @@ int r, keysize, tries; char *password = NULL; size_t passwordLen; + struct stat st; if (ARG_SET(OPT_REFRESH_ID)) { activated_name = action_argc > 1 ? action_argv[1] : action_argv[0]; @@ -1456,6 +1594,14 @@ r = -EINVAL; goto out; } + + if (activated_name && !stat(crypt_get_device_name(cd), &st) && S_ISREG(st.st_mode) && + crypt_get_data_offset(cd) >= ((uint64_t)st.st_size / SECTOR_SIZE)) { + log_err(_("LUKS file container %s is too small for activation, there is no remaining space for data."), + crypt_get_device_name(cd)); + r = -EINVAL; + goto out; + } } set_activation_flags(&activate_flags); @@ -1736,19 +1882,94 @@ return r; } +static int _ask_for_pin(struct crypt_device *cd, + int token_id, char **r_pin, size_t *r_pin_size, + struct crypt_keyslot_context *kc) +{ + int r; + char msg[64]; + + assert(r_pin); + assert(r_pin_size); + assert(kc); + assert(token_id >= 0 || token_id == CRYPT_ANY_TOKEN); + + if (crypt_keyslot_context_get_type(kc) != CRYPT_KC_TYPE_TOKEN) + return -EINVAL; + + if (token_id == CRYPT_ANY_TOKEN) + r = snprintf(msg, sizeof(msg), _("Enter token PIN: ")); + else + r = snprintf(msg, sizeof(msg), _("Enter token %d PIN: "), token_id); + if (r < 0 || (size_t)r >= sizeof(msg)) + return -EINVAL; + + r = tools_get_key(msg, r_pin, r_pin_size, 0, 0, NULL, + ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd); + if (r < 0) + return r; + + r = crypt_keyslot_context_set_pin(cd, *r_pin, *r_pin_size, kc); + if (r < 0) { + crypt_safe_free(*r_pin); + *r_pin = NULL; + *r_pin_size = 0; + } + + return r; +} + +static int try_keyslot_add(struct crypt_device *cd, + int keyslot_existing, + int keyslot_new, + struct crypt_keyslot_context *kc, + struct crypt_keyslot_context *kc_new, + bool pin_provided, + bool new_pin_provided) +{ + int r; + + r = crypt_keyslot_add_by_keyslot_context(cd, keyslot_existing, kc, keyslot_new, kc_new, 0); + if (crypt_keyslot_context_get_type(kc) == CRYPT_KC_TYPE_TOKEN) + tools_token_error_msg(crypt_keyslot_context_get_error(kc), ARG_STR(OPT_TOKEN_TYPE_ID), + ARG_INT32(OPT_TOKEN_ID_ID), pin_provided); + if (crypt_keyslot_context_get_type(kc_new) == CRYPT_KC_TYPE_TOKEN) + tools_token_error_msg(crypt_keyslot_context_get_error(kc_new), NULL, + ARG_INT32(OPT_NEW_TOKEN_ID_ID), new_pin_provided); + return r; +} + static int action_luksAddKey(void) { - int r = -EINVAL, keysize = 0; - char *key = NULL; + int keyslot_old, keyslot_new, keysize = 0, r = -EINVAL; const char *new_key_file = (action_argc > 1 ? action_argv[1] : NULL); - char *password = NULL, *password_new = NULL; - size_t password_size = 0, password_new_size = 0; + char *key = NULL, *password = NULL, *password_new = NULL, *pin = NULL, *pin_new = NULL; + size_t pin_size, pin_size_new, password_size = 0, password_new_size = 0; struct crypt_device *cd = NULL; + struct crypt_keyslot_context *p_kc_new = NULL, *kc = NULL, *kc_new = NULL; /* Unbound keyslot (no assigned data segment) is special case */ if (ARG_SET(OPT_UNBOUND_ID)) return luksAddUnboundKey(); + /* maintain backward compatibility of luksAddKey action positional parameter */ + if (!new_key_file) + new_key_file = ARG_STR(OPT_NEW_KEYFILE_ID); + + keyslot_old = ARG_INT32(OPT_KEY_SLOT_ID); + keyslot_new = ARG_INT32(OPT_NEW_KEY_SLOT_ID); + + /* + * maintain backward compatibility of --key-slot/-S as 'new keyslot number' + * unless --new-key-slot is used. + */ + if (!ARG_SET(OPT_NEW_KEY_SLOT_ID) && ARG_SET(OPT_KEY_SLOT_ID)) { + if (!ARG_SET(OPT_BATCH_MODE_ID)) + log_std(_("WARNING: The --key-slot parameter is used for new keyslot number.\n")); + keyslot_old = CRYPT_ANY_SLOT; + keyslot_new = ARG_INT32(OPT_KEY_SLOT_ID); + } + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) goto out; @@ -1791,23 +2012,18 @@ check_signal(&r); if (r < 0) goto out; - - r = tools_get_key(_("Enter new passphrase for key slot: "), - &password_new, &password_new_size, - ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID), - new_key_file, ARG_UINT32(OPT_TIMEOUT_ID), - verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd); - if (r < 0) - goto out; - - r = crypt_keyslot_add_by_volume_key(cd, ARG_INT32(OPT_KEY_SLOT_ID), key, keysize, - password_new, password_new_size); - } else if (ARG_SET(OPT_KEY_FILE_ID) && !tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) && - new_key_file && !tools_is_stdin(new_key_file)) { - r = crypt_keyslot_add_by_keyfile_device_offset(cd, ARG_INT32(OPT_KEY_SLOT_ID), - ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_UINT64(OPT_KEYFILE_OFFSET_ID), - new_key_file, ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID), ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID)); - tools_passphrase_msg(r); + r = crypt_keyslot_context_init_by_volume_key(cd, key, keysize, &kc); + } else if (ARG_SET(OPT_KEY_FILE_ID) && !tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID))) + r = crypt_keyslot_context_init_by_keyfile(cd, + ARG_STR(OPT_KEY_FILE_ID), + ARG_UINT32(OPT_KEYFILE_SIZE_ID), + ARG_UINT64(OPT_KEYFILE_OFFSET_ID), + &kc); + else if (ARG_SET(OPT_TOKEN_ID_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) || ARG_SET(OPT_TOKEN_ONLY_ID)) { + r = crypt_keyslot_context_init_by_token(cd, + ARG_INT32(OPT_TOKEN_ID_ID), + ARG_STR(OPT_TOKEN_TYPE_ID), + NULL, 0, NULL, &kc); } else { r = tools_get_key(_("Enter any existing passphrase: "), &password, &password_size, @@ -1826,21 +2042,77 @@ goto out; tools_keyslot_msg(r, UNLOCKED); + r = crypt_keyslot_context_init_by_passphrase(cd, password, password_size, &kc); + } + + if (r < 0) + goto out; + + if (new_key_file && !tools_is_stdin(new_key_file)) { + if (ARG_SET(OPT_KEY_FILE_ID) && !strcmp(ARG_STR(OPT_KEY_FILE_ID), new_key_file)) + p_kc_new = kc; + else { + r = crypt_keyslot_context_init_by_keyfile(cd, + new_key_file, + ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID), + ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID), + &kc_new); + p_kc_new = kc_new; + } + } else if (ARG_SET(OPT_NEW_TOKEN_ID_ID)) { + if (ARG_INT32(OPT_NEW_TOKEN_ID_ID) == ARG_INT32(OPT_TOKEN_ID_ID)) + p_kc_new = kc; + else { + r = crypt_keyslot_context_init_by_token(cd, + ARG_INT32(OPT_NEW_TOKEN_ID_ID), + NULL, NULL, 0, NULL, &kc_new); + p_kc_new = kc_new; + } + } else { r = tools_get_key(_("Enter new passphrase for key slot: "), - &password_new, &password_new_size, - ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID), new_key_file, - ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd); + &password_new, &password_new_size, + ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID), new_key_file, + ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd); + + if (r < 0) + goto out; + r = crypt_keyslot_context_init_by_passphrase(cd, password_new, password_new_size, &kc_new); + } + + if (r < 0) + goto out; + + if (!p_kc_new) + p_kc_new = kc_new; + + r = try_keyslot_add(cd, keyslot_old, keyslot_new, kc, p_kc_new, pin, pin_new); + if (r >= 0 || r != -ENOANO) + goto out; + + if (crypt_keyslot_context_get_error(kc) == -ENOANO) { + r = _ask_for_pin(cd, ARG_INT32(OPT_TOKEN_ID_ID), &pin, &pin_size, kc); if (r < 0) goto out; - r = crypt_keyslot_add_by_passphrase(cd, ARG_INT32(OPT_KEY_SLOT_ID), - password, password_size, - password_new, password_new_size); + r = try_keyslot_add(cd, keyslot_old, keyslot_new, kc, p_kc_new, pin, pin_new); + if (r >= 0 || r != -ENOANO) + goto out; + } + + if (crypt_keyslot_context_get_error(p_kc_new) == -ENOANO) { + r = _ask_for_pin(cd, ARG_INT32(OPT_NEW_TOKEN_ID_ID), &pin_new, &pin_size_new, p_kc_new); + if (r < 0) + goto out; + r = try_keyslot_add(cd, keyslot_old, keyslot_new, kc, p_kc_new, pin, pin_new); } out: tools_keyslot_msg(r, CREATED); + crypt_keyslot_context_free(kc); + crypt_keyslot_context_free(kc_new); crypt_safe_free(password); crypt_safe_free(password_new); + crypt_safe_free(pin); + crypt_safe_free(pin_new); crypt_safe_free(key); crypt_free(cd); return r; @@ -2355,6 +2627,10 @@ if (action_argc < 2 && !ARG_SET(OPT_TEST_PASSPHRASE_ID)) goto out; return action_open_bitlk(); + } else if (!strcmp(device_type, "fvault2")) { + if (action_argc < 2 && !ARG_SET(OPT_TEST_PASSPHRASE_ID)) + goto out; + return action_open_fvault2(); } else r = -ENOENT; out: @@ -2549,6 +2825,9 @@ token = r; + if (ARG_SET(OPT_UNBOUND_ID)) + return token; + r = crypt_token_assign_keyslot(cd, token, ARG_INT32(OPT_KEY_SLOT_ID)); if (r < 0) { log_err(_("Failed to assign token %d to keyslot %d."), token, ARG_INT32(OPT_KEY_SLOT_ID)); @@ -2637,6 +2916,26 @@ return tools_write_json_file(ARG_STR(OPT_JSON_FILE_ID), json); } +static int _token_unassign(struct crypt_device *cd) +{ + int r = crypt_token_is_assigned(cd, ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID)); + + if (r < 0) { + if (r == -ENOENT) + log_err(_("Token %d is not assigned to keyslot %d."), ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID)); + else + log_err(_("Failed to unassign token %d from keyslot %d."), ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID)); + + return r; + } + + r = crypt_token_unassign_keyslot(cd, ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID)); + if (r < 0) + log_err(_("Failed to unassign token %d from keyslot %d."), ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID)); + + return r; +} + static int action_token(void) { int r; @@ -2665,6 +2964,8 @@ tools_token_msg(r, CREATED); } else if (!strcmp(action_argv[0], "export")) r = _token_export(cd); + else if (!strcmp(action_argv[0], "unassign")) + r = _token_unassign(cd); crypt_free(cd); @@ -2726,8 +3027,9 @@ return _("Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."); if (ARG_SET(OPT_TEST_PASSPHRASE_ID) && (!device_type || - (strncmp(device_type, "luks", 4) && strcmp(device_type, "tcrypt") && strcmp(device_type, "bitlk")))) - return _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."); + (strncmp(device_type, "luks", 4) && strcmp(device_type, "tcrypt") && + strcmp(device_type, "bitlk") && strcmp(device_type, "fvault2")))) + return _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."); if (ARG_SET(OPT_DEVICE_SIZE_ID) && ARG_SET(OPT_SIZE_ID)) return _("Options --device-size and --size cannot be combined."); @@ -2815,7 +3117,8 @@ if (strcmp(action_argv[0], "add") && strcmp(action_argv[0], "remove") && strcmp(action_argv[0], "import") && - strcmp(action_argv[0], "export")) + strcmp(action_argv[0], "export") && + strcmp(action_argv[0], "unassign")) return _("Invalid token action."); if (!ARG_SET(OPT_KEY_DESCRIPTION_ID) && !strcmp(action_argv[0], "add")) @@ -2825,6 +3128,20 @@ (!strcmp(action_argv[0], "remove") || !strcmp(action_argv[0], "export"))) return _("Action requires specific token. Use --token-id parameter."); + if (ARG_SET(OPT_UNBOUND_ID)) { + if (strcmp(action_argv[0], "add")) + return _("Option --unbound is valid only with token add action."); + if (ARG_SET(OPT_KEY_SLOT_ID)) + return _("Options --key-slot and --unbound cannot be combined."); + } + + if (!strcmp(action_argv[0], "unassign")) { + if (!ARG_SET(OPT_KEY_SLOT_ID)) + return _("Action requires specific keyslot. Use --key-slot parameter."); + if (!ARG_SET(OPT_TOKEN_ID_ID)) + return _("Action requires specific token. Use --token-id parameter."); + } + return NULL; } @@ -2833,36 +3150,36 @@ int (*handler)(void); const char *(*verify)(void); int required_action_argc; - int required_memlock; const char *arg_desc; const char *desc; } action_types[] = { - { OPEN_ACTION, action_open, verify_open, 1, 1, N_(" [--type ] []"),N_("open device as ") }, - { CLOSE_ACTION, action_close, verify_close, 1, 1, N_(""), N_("close device (remove mapping)") }, - { RESIZE_ACTION, action_resize, verify_resize, 1, 1, N_(""), N_("resize active device") }, - { STATUS_ACTION, action_status, NULL, 1, 0, N_(""), N_("show device status") }, - { BENCHMARK_ACTION, action_benchmark, NULL, 0, 0, N_("[--cipher ]"), N_("benchmark cipher") }, - { REPAIR_ACTION, action_luksRepair, NULL, 1, 1, N_(""), N_("try to repair on-disk metadata") }, - { REENCRYPT_ACTION, action_reencrypt, verify_reencrypt, 0, 0, N_(""), N_("reencrypt LUKS2 device") }, - { ERASE_ACTION, action_luksErase, NULL, 1, 1, N_(""), N_("erase all keyslots (remove encryption key)") }, - { CONVERT_ACTION, action_luksConvert, NULL, 1, 1, N_(""), N_("convert LUKS from/to LUKS2 format") }, - { CONFIG_ACTION, action_luksConfig, verify_config, 1, 1, N_(""), N_("set permanent configuration options for LUKS2") }, - { FORMAT_ACTION, action_luksFormat, verify_format, 1, 1, N_(" []"), N_("formats a LUKS device") }, - { ADDKEY_ACTION, action_luksAddKey, verify_addkey, 1, 1, N_(" []"), N_("add key to LUKS device") }, - { REMOVEKEY_ACTION, action_luksRemoveKey, NULL, 1, 1, N_(" []"), N_("removes supplied key or key file from LUKS device") }, - { CHANGEKEY_ACTION, action_luksChangeKey, NULL, 1, 1, N_(" []"), N_("changes supplied key or key file of LUKS device") }, - { CONVERTKEY_ACTION, action_luksConvertKey, NULL, 1, 1, N_(" []"), N_("converts a key to new pbkdf parameters") }, - { KILLKEY_ACTION, action_luksKillSlot, NULL, 2, 1, N_(" "), N_("wipes key with number from LUKS device") }, - { UUID_ACTION, action_luksUUID, NULL, 1, 0, N_(""), N_("print UUID of LUKS device") }, - { ISLUKS_ACTION, action_isLuks, NULL, 1, 0, N_(""), N_("tests for LUKS partition header") }, - { LUKSDUMP_ACTION, action_luksDump, verify_luksDump, 1, 1, N_(""), N_("dump LUKS partition information") }, - { TCRYPTDUMP_ACTION, action_tcryptDump, verify_tcryptdump, 1, 1, N_(""), N_("dump TCRYPT device information") }, - { BITLKDUMP_ACTION, action_bitlkDump, NULL, 1, 1, N_(""), N_("dump BITLK device information") }, - { SUSPEND_ACTION, action_luksSuspend, NULL, 1, 1, N_(""), N_("Suspend LUKS device and wipe key (all IOs are frozen)") }, - { RESUME_ACTION, action_luksResume, NULL, 1, 1, N_(""), N_("Resume suspended LUKS device") }, - { HEADERBACKUP_ACTION, action_luksBackup, NULL, 1, 1, N_(""), N_("Backup LUKS device header and keyslots") }, - { HEADERRESTORE_ACTION, action_luksRestore, NULL, 1, 1, N_(""), N_("Restore LUKS device header and keyslots") }, - { TOKEN_ACTION, action_token, verify_token, 2, 0, N_(" "), N_("Manipulate LUKS2 tokens") }, + { OPEN_ACTION, action_open, verify_open, 1, N_(" [--type ] []"),N_("open device as ") }, + { CLOSE_ACTION, action_close, verify_close, 1, N_(""), N_("close device (remove mapping)") }, + { RESIZE_ACTION, action_resize, verify_resize, 1, N_(""), N_("resize active device") }, + { STATUS_ACTION, action_status, NULL, 1, N_(""), N_("show device status") }, + { BENCHMARK_ACTION, action_benchmark, NULL, 0, N_("[--cipher ]"), N_("benchmark cipher") }, + { REPAIR_ACTION, action_luksRepair, NULL, 1, N_(""), N_("try to repair on-disk metadata") }, + { REENCRYPT_ACTION, action_reencrypt, verify_reencrypt, 0, N_(""), N_("reencrypt LUKS2 device") }, + { ERASE_ACTION, action_luksErase, NULL, 1, N_(""), N_("erase all keyslots (remove encryption key)") }, + { CONVERT_ACTION, action_luksConvert, NULL, 1, N_(""), N_("convert LUKS from/to LUKS2 format") }, + { CONFIG_ACTION, action_luksConfig, verify_config, 1, N_(""), N_("set permanent configuration options for LUKS2") }, + { FORMAT_ACTION, action_luksFormat, verify_format, 1, N_(" []"), N_("formats a LUKS device") }, + { ADDKEY_ACTION, action_luksAddKey, verify_addkey, 1, N_(" []"), N_("add key to LUKS device") }, + { REMOVEKEY_ACTION, action_luksRemoveKey, NULL, 1, N_(" []"), N_("removes supplied key or key file from LUKS device") }, + { CHANGEKEY_ACTION, action_luksChangeKey, NULL, 1, N_(" []"), N_("changes supplied key or key file of LUKS device") }, + { CONVERTKEY_ACTION, action_luksConvertKey, NULL, 1, N_(" []"), N_("converts a key to new pbkdf parameters") }, + { KILLKEY_ACTION, action_luksKillSlot, NULL, 2, N_(" "), N_("wipes key with number from LUKS device") }, + { UUID_ACTION, action_luksUUID, NULL, 1, N_(""), N_("print UUID of LUKS device") }, + { ISLUKS_ACTION, action_isLuks, NULL, 1, N_(""), N_("tests for LUKS partition header") }, + { LUKSDUMP_ACTION, action_luksDump, verify_luksDump, 1, N_(""), N_("dump LUKS partition information") }, + { TCRYPTDUMP_ACTION, action_tcryptDump, verify_tcryptdump, 1, N_(""), N_("dump TCRYPT device information") }, + { BITLKDUMP_ACTION, action_bitlkDump, NULL, 1, N_(""), N_("dump BITLK device information") }, + { FVAULT2DUMP_ACTION, action_fvault2Dump, NULL, 1, N_(""), N_("dump FVAULT2 device information") }, + { SUSPEND_ACTION, action_luksSuspend, NULL, 1, N_(""), N_("Suspend LUKS device and wipe key (all IOs are frozen)") }, + { RESUME_ACTION, action_luksResume, NULL, 1, N_(""), N_("Resume suspended LUKS device") }, + { HEADERBACKUP_ACTION, action_luksBackup, NULL, 1, N_(""), N_("Backup LUKS device header and keyslots") }, + { HEADERRESTORE_ACTION, action_luksRestore, NULL, 1, N_(""), N_("Restore LUKS device header and keyslots") }, + { TOKEN_ACTION, action_token, verify_token, 2, N_(" "), N_("Manipulate LUKS2 tokens") }, {} }; @@ -2889,8 +3206,8 @@ log_std(_("\n" "You can also use old syntax aliases:\n" - "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" - "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n")); + "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" + "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n")); log_std(_("\n" " is the device to create under %s\n" " is the encrypted device\n" @@ -2959,15 +3276,9 @@ log_dbg("Running command %s.", action->type); - if (action->required_memlock) - crypt_memory_lock(NULL, 1); - set_int_handler(0); r = action->handler(); - if (action->required_memlock) - crypt_memory_lock(NULL, 0); - /* Some functions returns keyslot # */ if (r > 0) r = 0; @@ -3176,16 +3487,22 @@ } else if (!strcmp(aname, "bitlkOpen")) { aname = OPEN_ACTION; device_type = "bitlk"; + } else if (!strcmp(aname, "fvault2Open")) { + aname = OPEN_ACTION; + device_type = "fvault2"; } else if (!strcmp(aname, "tcryptDump")) { device_type = "tcrypt"; } else if (!strcmp(aname, "bitlkDump")) { device_type = "bitlk"; + } else if (!strcmp(aname, "fvault2Dump")) { + device_type = "fvault2"; } else if (!strcmp(aname, "remove") || !strcmp(aname, "plainClose") || !strcmp(aname, "luksClose") || !strcmp(aname, "loopaesClose") || !strcmp(aname, "tcryptClose") || - !strcmp(aname, "bitlkClose")) { + !strcmp(aname, "bitlkClose") || + !strcmp(aname, "fvault2Close")) { aname = CLOSE_ACTION; } else if (!strcmp(aname, "luksErase")) { aname = ERASE_ACTION; diff -Nru cryptsetup-2.5.0/src/cryptsetup.h cryptsetup-2.6.1/src/cryptsetup.h --- cryptsetup-2.5.0/src/cryptsetup.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/cryptsetup.h 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -44,7 +44,6 @@ #include "lib/bitops.h" #include "lib/utils_crypt.h" #include "lib/utils_loop.h" -#include "lib/utils_fips.h" #include "lib/utils_io.h" #include "lib/utils_blkid.h" #include "lib/libcryptsetup_macros.h" diff -Nru cryptsetup-2.5.0/src/integritysetup_arg_list.h cryptsetup-2.6.1/src/integritysetup_arg_list.h --- cryptsetup-2.5.0/src/integritysetup_arg_list.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/integritysetup_arg_list.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Integritysetup command line arguments list * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/integritysetup_args.h cryptsetup-2.6.1/src/integritysetup_args.h --- cryptsetup-2.5.0/src/integritysetup_args.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/integritysetup_args.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Command line arguments helpers * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/integritysetup.c cryptsetup-2.6.1/src/integritysetup.c --- cryptsetup-2.5.0/src/integritysetup.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/integritysetup.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * integritysetup - setup integrity protected volumes for dm-integrity * - * Copyright (C) 2017-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2017-2022 Milan Broz + * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/utils_arg_macros.h cryptsetup-2.6.1/src/utils_arg_macros.h --- cryptsetup-2.5.0/src/utils_arg_macros.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_arg_macros.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Command line arguments parsing helpers * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/utils_arg_names.h cryptsetup-2.6.1/src/utils_arg_names.h --- cryptsetup-2.5.0/src/utils_arg_names.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_arg_names.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Command line arguments name list * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -107,8 +107,11 @@ #define OPT_MASTER_KEY_FILE "master-key-file" #define OPT_VOLUME_KEY_FILE "volume-key-file" #define OPT_NEW "new" +#define OPT_NEW_KEY_SLOT "new-key-slot" +#define OPT_NEW_KEYFILE "new-keyfile" #define OPT_NEW_KEYFILE_OFFSET "new-keyfile-offset" #define OPT_NEW_KEYFILE_SIZE "new-keyfile-size" +#define OPT_NEW_TOKEN_ID "new-token-id" #define OPT_OFFSET "offset" #define OPT_PANIC_ON_CORRUPTION "panic-on-corruption" #define OPT_PBKDF "pbkdf" @@ -158,6 +161,7 @@ #define OPT_USE_FSYNC "use-fsync" #define OPT_USE_RANDOM "use-random" #define OPT_USE_URANDOM "use-urandom" +#define OPT_USE_TASKLETS "use-tasklets" #define OPT_UUID "uuid" #define OPT_VERACRYPT "veracrypt" #define OPT_VERACRYPT_PIM "veracrypt-pim" diff -Nru cryptsetup-2.5.0/src/utils_args.c cryptsetup-2.6.1/src/utils_args.c --- cryptsetup-2.5.0/src/utils_args.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_args.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Command line arguments parsing helpers * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/utils_blockdev.c cryptsetup-2.6.1/src/utils_blockdev.c --- cryptsetup-2.5.0/src/utils_blockdev.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_blockdev.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Linux block devices helpers * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2022 Ondrej Kozina + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/utils_luks.c cryptsetup-2.6.1/src/utils_luks.c --- cryptsetup-2.5.0/src/utils_luks.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_luks.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * Helper utilities for LUKS2 features * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2022 Milan Broz - * Copyright (C) 2018-2022 Ondrej Kozina + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Milan Broz + * Copyright (C) 2018-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/utils_luks.h cryptsetup-2.6.1/src/utils_luks.h --- cryptsetup-2.5.0/src/utils_luks.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_luks.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * Helper utilities for LUKS in cryptsetup * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2022 Milan Broz - * Copyright (C) 2018-2022 Ondrej Kozina + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Milan Broz + * Copyright (C) 2018-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/utils_password.c cryptsetup-2.6.1/src/utils_password.c --- cryptsetup-2.5.0/src/utils_password.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_password.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Password quality check wrapper * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -49,10 +49,8 @@ log_err(_("Password quality check failed:\n %s"), pwquality_strerror(NULL, 0, r, auxerror)); r = -EPERM; - } else { - log_dbg("New password libpwquality score is %d.", r); + } else r = 0; - } pwquality_free_settings(pwq); return r; @@ -106,6 +104,7 @@ /* Password reading helpers */ +/* coverity[ -taint_source : arg-1 ] */ static ssize_t read_tty_eol(int fd, char *pass, size_t maxlen) { bool eol = false; diff -Nru cryptsetup-2.5.0/src/utils_progress.c cryptsetup-2.6.1/src/utils_progress.c --- cryptsetup-2.5.0/src/utils_progress.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_progress.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * cryptsetup - progress output utilities * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/src/utils_reencrypt.c cryptsetup-2.6.1/src/utils_reencrypt.c --- cryptsetup-2.5.0/src/utils_reencrypt.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_reencrypt.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * cryptsetup - action re-encryption utilities * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz - * Copyright (C) 2021-2022 Ondrej Kozina + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2021-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -467,6 +467,26 @@ return reencrypt_check_data_sb_block_size(dm_device, new_sector_size); } +static int reencrypt_is_header_detached(const char *header_device, const char *data_device) +{ + int r; + struct stat st; + struct crypt_device *cd; + + if (!header_device) + return 0; + + if (header_device && stat(header_device, &st) < 0 && errno == ENOENT) + return 1; + + if ((r = crypt_init_data_device(&cd, header_device, data_device))) + return r; + + r = crypt_header_is_detached(cd); + crypt_free(cd); + return r; +} + static int encrypt_luks2_init(struct crypt_device **cd, const char *data_device, const char *device_name) { int keyslot, r, fd; @@ -490,9 +510,14 @@ _set_reencryption_flags(¶ms.flags); - if (!data_shift && !ARG_SET(OPT_HEADER_ID)) { - log_err(_("Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size).")); - return -ENOTSUP; + if (!data_shift) { + r = reencrypt_is_header_detached(ARG_STR(OPT_HEADER_ID), data_device); + if (r < 0) + return r; + if (!r) { + log_err(_("Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size).")); + return -ENOTSUP; + } } if (!ARG_SET(OPT_HEADER_ID) && ARG_UINT64(OPT_OFFSET_ID) && @@ -1358,9 +1383,16 @@ if (!type) type = crypt_get_default_type(); - if (dev_st == DEVICE_LUKS1_UNUSABLE || isLUKS1(type)) + if (dev_st == DEVICE_LUKS1_UNUSABLE || isLUKS1(type)) { + r = reencrypt_is_header_detached(ARG_STR(OPT_HEADER_ID), action_argv[0]); + if (r < 0) + return r; + if (!r && !ARG_SET(OPT_REDUCE_DEVICE_SIZE_ID)) { + log_err(_("Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size).")); + return -ENOTSUP; + } return reencrypt_luks1(action_argv[0]); - else if (dev_st == DEVICE_NOT_LUKS) { + } else if (dev_st == DEVICE_NOT_LUKS) { r = encrypt_luks2_init(&encrypt_cd, action_argv[0], action_argc > 1 ? action_argv[1] : NULL); if (r < 0 || ARG_SET(OPT_INIT_ONLY_ID)) { crypt_free(encrypt_cd); diff -Nru cryptsetup-2.5.0/src/utils_reencrypt_luks1.c cryptsetup-2.6.1/src/utils_reencrypt_luks1.c --- cryptsetup-2.5.0/src/utils_reencrypt_luks1.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_reencrypt_luks1.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * cryptsetup - LUKS1 utility for offline re-encryption * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -729,8 +729,8 @@ log_dbg("Reencrypting in forward direction."); - if (lseek64(fd_old, rc->device_offset, SEEK_SET) < 0 || - lseek64(fd_new, rc->device_offset, SEEK_SET) < 0) { + if (lseek(fd_old, rc->device_offset, SEEK_SET) < 0 || + lseek(fd_new, rc->device_offset, SEEK_SET) < 0) { log_err(_("Cannot seek to device offset.")); goto out; } @@ -788,7 +788,7 @@ size_t block_size, void *buf, uint64_t *bytes) { ssize_t s1, s2, working_block; - off64_t working_offset; + off_t working_offset; int r = -EIO; char *backing_file = NULL; struct tools_progress_params prog_parms = { @@ -827,8 +827,8 @@ working_block = block_size; } - if (lseek64(fd_old, working_offset, SEEK_SET) < 0 || - lseek64(fd_new, working_offset, SEEK_SET) < 0) { + if (lseek(fd_old, working_offset, SEEK_SET) < 0 || + lseek(fd_new, working_offset, SEEK_SET) < 0) { log_err(_("Cannot seek to device offset.")); goto out; } @@ -874,7 +874,7 @@ log_dbg("Zeroing rest of device."); - if (lseek64(fd, offset, SEEK_SET) < 0) { + if (lseek(fd, offset, SEEK_SET) < 0) { log_dbg("Cannot seek to device offset."); return; } diff -Nru cryptsetup-2.5.0/src/utils_tools.c cryptsetup-2.6.1/src/utils_tools.c --- cryptsetup-2.5.0/src/utils_tools.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/utils_tools.c 2023-02-09 16:12:17.000000000 +0000 @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout * Copyright (C) 2004-2007 Clemens Fruhwirth - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -435,29 +435,34 @@ void tools_package_version(const char *name, bool use_pwlibs) { - log_std("%s %s flags: %s%s\n", name, PACKAGE_VERSION, + bool udev = false, blkid = false, keyring = false, fips = false; + bool kernel_capi = false, pwquality = false, passwdqc = false; #ifdef USE_UDEV - "UDEV " + udev = true; #endif #ifdef HAVE_BLKID - "BLKID " + blkid = true; #endif #ifdef KERNEL_KEYRING - "KEYRING " + keyring = true; #endif #ifdef ENABLE_FIPS - "FIPS " + fips = true; #endif #ifdef ENABLE_AF_ALG - "KERNEL_CAPI " + kernel_capi = true; #endif - , #if defined(ENABLE_PWQUALITY) - use_pwlibs ? "PWQUALITY " : "" + pwquality = true; #elif defined(ENABLE_PASSWDQC) - use_pwlibs ? "PASSWDQC " : "" -#else - "" + passwdqc = true; #endif - ); + log_std("%s %s flags: %s%s%s%s%s%s%s\n", name, PACKAGE_VERSION, + udev ? "UDEV " : "", + blkid ? "BLKID " : "", + keyring ? "KEYRING " : "", + fips ? "FIPS " : "", + kernel_capi ? "KERNEL_CAPI " : "", + pwquality && use_pwlibs ? "PWQUALITY " : "", + passwdqc && use_pwlibs ? "PASSWDQC " : ""); } diff -Nru cryptsetup-2.5.0/src/veritysetup_arg_list.h cryptsetup-2.6.1/src/veritysetup_arg_list.h --- cryptsetup-2.5.0/src/veritysetup_arg_list.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/veritysetup_arg_list.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Veritysetup command line arguments list * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -63,6 +63,8 @@ ARG(OPT_SALT, 's', POPT_ARG_STRING, N_("Salt"), N_("hex string"), CRYPT_ARG_STRING, {}, {}) +ARG(OPT_USE_TASKLETS, '\0', POPT_ARG_NONE, N_("Use kernel tasklets for performance"), NULL, CRYPT_ARG_BOOL, {}, OPT_USE_TASKLETS_ACTIONS) + ARG(OPT_UUID, '\0', POPT_ARG_STRING, N_("UUID for device to use"), NULL, CRYPT_ARG_STRING, {}, {}) ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), NULL, CRYPT_ARG_BOOL, {}, {}) diff -Nru cryptsetup-2.5.0/src/veritysetup_args.h cryptsetup-2.6.1/src/veritysetup_args.h --- cryptsetup-2.5.0/src/veritysetup_args.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/veritysetup_args.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Command line arguments helpers * - * Copyright (C) 2020-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2022 Ondrej Kozina + * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -39,6 +39,7 @@ #define OPT_PANIC_ON_CORRUPTION_ACTIONS { OPEN_ACTION } #define OPT_ROOT_HASH_FILE_ACTIONS { FORMAT_ACTION, OPEN_ACTION, VERIFY_ACTION } #define OPT_ROOT_HASH_SIGNATURE_ACTIONS { OPEN_ACTION } +#define OPT_USE_TASKLETS_ACTIONS { OPEN_ACTION } enum { OPT_UNUSED_ID = 0, diff -Nru cryptsetup-2.5.0/src/veritysetup.c cryptsetup-2.6.1/src/veritysetup.c --- cryptsetup-2.5.0/src/veritysetup.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/src/veritysetup.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * veritysetup - setup cryptographic volumes for dm-verity * - * Copyright (C) 2012-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2022 Milan Broz + * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -184,6 +184,8 @@ activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS; if (ARG_SET(OPT_CHECK_AT_MOST_ONCE_ID)) activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE; + if (ARG_SET(OPT_USE_TASKLETS_ID)) + activate_flags |= CRYPT_ACTIVATE_TASKLETS; if (!ARG_SET(OPT_NO_SUPERBLOCK_ID)) { params.flags = flags; @@ -436,13 +438,15 @@ CRYPT_ACTIVATE_RESTART_ON_CORRUPTION| CRYPT_ACTIVATE_PANIC_ON_CORRUPTION| CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS| - CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE)) - log_std(" flags: %s%s%s%s%s\n", + CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE| + CRYPT_ACTIVATE_TASKLETS)) + log_std(" flags: %s%s%s%s%s%s\n", (cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "", (cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "", (cad.flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION) ? "panic_on_corruption " : "", (cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks " : "", - (cad.flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? "check_at_most_once" : ""); + (cad.flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? "check_at_most_once" : "", + (cad.flags & CRYPT_ACTIVATE_TASKLETS) ? "try_verify_in_tasklet" : ""); } out: crypt_free(cd); diff -Nru cryptsetup-2.5.0/tests/align-test cryptsetup-2.6.1/tests/align-test --- cryptsetup-2.5.0/tests/align-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/align-test 2023-02-09 16:12:17.000000000 +0000 @@ -10,6 +10,16 @@ PWD2="mymJeD8ivEhE" FAST_PBKDF="--pbkdf-force-iterations 1000" +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) + +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + +function fips_mode() +{ + [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] +} + cleanup() { udevadm settle >/dev/null 2>&1 if [ -d "$MNT_DIR" ] ; then @@ -40,6 +50,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + function dm_crypt_features() { VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) @@ -104,7 +126,7 @@ [ $ALIGN -ne $2 ] && fail "Expected alignment differs: expected $2 != detected $ALIGN" # test some operation, just in case - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --key-slot 1 + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --new-key-slot 1 [ $? -ne 0 ] && fail "Keyslot add failed." $CRYPTSETUP -q luksKillSlot $DEV 1 @@ -137,7 +159,7 @@ [ $POFF != $2 ] && fail "Expected data offset differs: expected $2 != detected $POFF" if [ -n "$4" ] ; then for j in 1 2 3 4 5 6 7 ; do - echo -e "\n" | $CRYPTSETUP luksAddKey $DEV -q $FAST_PBKDF --key-slot $j -c null $PARAMS + echo -e "\n" | $CRYPTSETUP luksAddKey $DEV -q $FAST_PBKDF --new-key-slot $j -c null $PARAMS echo -n $j [ $? -ne 0 ] && fail done @@ -174,6 +196,7 @@ } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run if [ $(id -u) != 0 ]; then echo "WARNING: You must be root to run this test, test skipped." exit 77 @@ -260,6 +283,8 @@ format_plain_fail 4096 cleanup +# skip tests using empty passphrase (LUKS1 cipher_null) +if [ ! fips_mode ]; then echo "# Offset check: 512B sector drive" add_device dev_size_mb=16 sector_size=512 num_tgts=1 # |k| expO reqO expected slot offsets @@ -298,6 +323,7 @@ format_null 512 4096 128 format_null 512 4096 2048 cleanup +fi echo "# Create enterprise-class 4K drive with fs and LUKS images." # loop device here presents 512 block but images have 4k block diff -Nru cryptsetup-2.5.0/tests/align-test2 cryptsetup-2.6.1/tests/align-test2 --- cryptsetup-2.5.0/tests/align-test2 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/align-test2 2023-02-09 16:12:17.000000000 +0000 @@ -11,6 +11,9 @@ PWD2="mymJeD8ivEhE" FAST_PBKDF="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + cleanup() { udevadm settle >/dev/null 2>&1 if [ -d "$MNT_DIR" ] ; then @@ -42,6 +45,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + function dm_crypt_features() { VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) @@ -122,7 +137,7 @@ [ $ALIGN -ne $_exp ] && fail "Expected alignment differs: expected $_exp != detected $ALIGN" # test some operation, just in case - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --key-slot 1 + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --new-key-slot 1 [ $? -ne 0 ] && fail "Keyslot add failed." $CRYPTSETUP -q luksKillSlot $DEV 1 @@ -193,6 +208,7 @@ } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run if [ $(id -u) != 0 ]; then echo "WARNING: You must be root to run this test, test skipped." exit 77 diff -Nru cryptsetup-2.5.0/tests/all-symbols-test.c cryptsetup-2.6.1/tests/all-symbols-test.c --- cryptsetup-2.5.0/tests/all-symbols-test.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/all-symbols-test.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * Test utility checking symbol versions in libcryptsetup. * - * Copyright (C) 2021-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2021-2023 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/tests/api-test-2.c cryptsetup-2.6.1/tests/api-test-2.c --- cryptsetup-2.5.0/tests/api-test-2.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/api-test-2.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * cryptsetup library LUKS2 API check functions * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -74,8 +74,8 @@ #define KEYFILE2 "key2.file" #define KEY2 "0123456789abcdef" -#define PASSPHRASE "blabla" -#define PASSPHRASE1 "albalb" +#define PASSPHRASE "blablabl" +#define PASSPHRASE1 "albalbal" #define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc" @@ -107,15 +107,15 @@ #define CONV_L2_512_DET_FULL "l2_512b_det_full" #define CONV_L1_256_LEGACY "l1_256b_legacy_offset" #define CONV_L1_256_UNMOVABLE "l1_256b_unmovable" -#define PASS0 "aaa" -#define PASS1 "hhh" -#define PASS2 "ccc" -#define PASS3 "ddd" -#define PASS4 "eee" -#define PASS5 "fff" -#define PASS6 "ggg" -#define PASS7 "bbb" -#define PASS8 "iii" +#define PASS0 "aaablabl" +#define PASS1 "hhhblabl" +#define PASS2 "cccblabl" +#define PASS3 "dddblabl" +#define PASS4 "eeeblabl" +#define PASS5 "fffblabl" +#define PASS6 "gggblabl" +#define PASS7 "bbbblabl" +#define PASS8 "iiiblabl" static int _fips_mode = 0; @@ -429,11 +429,11 @@ _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1); - _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && xz -dk " NO_REQS_LUKS2_HEADER ".xz", 1); + _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && tar xJf " REQS_LUKS2_HEADER ".tar.xz", 1); fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro); close(fd); - _system(" [ ! -e " REQS_LUKS2_HEADER " ] && xz -dk " REQS_LUKS2_HEADER ".xz", 1); + _system(" [ ! -e " REQS_LUKS2_HEADER " ] && tar xJf " REQS_LUKS2_HEADER ".tar.xz", 1); fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro); close(fd); @@ -709,7 +709,7 @@ }; char key[128], key2[128], key3[128]; - const char *tmp_buf, *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd"; + const char *tmp_buf, *passphrase = PASSPHRASE, *passphrase2 = "nsdkFI&Y#.sd"; const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; size_t key_size = strlen(vk_hex) / 2; @@ -889,7 +889,7 @@ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active"); EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - FAIL_(crypt_header_is_detached(cd), "no header for mismatched device"); + EQ_(crypt_header_is_detached(cd), 1); CRYPT_FREE(cd); params.data_device = NULL; @@ -1056,7 +1056,6 @@ }; char key[128], tmp[128]; - const char *passphrase = "blabla"; const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; size_t key_size = strlen(vk_hex) / 2; const char *cipher = "aes"; @@ -1103,7 +1102,7 @@ OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_set_metadata_size(cd, 0x080000, 0x080000)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); - EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 7); CRYPT_FREE(cd); OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); @@ -1585,8 +1584,8 @@ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; size_t key_size = strlen(vk_hex) / 2; - const char *cipher = "aes"; - const char *cipher_mode = "cbc-essiv:sha256"; + const char *cipher = "aes", *capi_cipher = "capi:cbc(aes)"; + const char *cipher_mode = "cbc-essiv:sha256", *capi_cipher_mode = "essiv:sha256"; uint64_t r_payload_offset, r_header_size, r_size; /* Cannot use Argon2 in FIPS */ @@ -1728,6 +1727,18 @@ OK_(crypt_deactivate(cd, CDEVICE_1)); CRYPT_FREE(cd); + if (t_dm_capi_string_supported()) { + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2)); + OK_(crypt_format(cd, CRYPT_LUKS2, capi_cipher, capi_cipher_mode, NULL, key, key_size, NULL)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + OK_(crypt_resize(cd, CDEVICE_1, 8)); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(8, r_size >> TST_SECTOR_SHIFT); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + } + _cleanup_dmdevices(); } @@ -1744,7 +1755,7 @@ .key_description = KEY_DESC_TEST0 }, params2 = { .key_description = KEY_DESC_TEST1 - }; + }, params_invalid = {}; uint64_t r_payload_offset; if (!t_dm_crypt_keyring_support()) { @@ -1763,6 +1774,7 @@ OK_(set_fast_pbkdf(cd)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + FAIL_(crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, ¶ms_invalid), "Invalid key description property."); EQ_(crypt_token_luks2_keyring_set(cd, 3, ¶ms), 3); EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3); CRYPT_FREE(cd); @@ -3295,8 +3307,8 @@ .key_description = KEY_DESC_TEST0 }; - OK_(prepare_keyfile(KEYFILE1, "aaa", 3)); - OK_(prepare_keyfile(KEYFILE2, "xxx", 3)); + OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE))); + OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1))); /* crypt_load (unrestricted) */ OK_(crypt_init(&cd, DEVICE_5)); @@ -3350,11 +3362,11 @@ OK_(crypt_repair(cd, CRYPT_LUKS2, NULL)); /* crypt_keyslot_add_passphrase (restricted) */ - FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, "aaa", 3, "bbb", 3)), "Unmet requirements detected"); + FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), "bbb", 3)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); /* crypt_keyslot_change_by_passphrase (restricted) */ - FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, "aaa", 3, "bbb", 3)), "Unmet requirements detected"); + FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, PASSPHRASE, strlen(PASSPHRASE), "bbb", 3)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); /* crypt_keyslot_add_by_keyfile (restricted) */ @@ -3366,18 +3378,18 @@ EQ_(r, -ETXTBSY); /* crypt_volume_key_get (unrestricted, but see below) */ - OK_(crypt_volume_key_get(cd, 0, key, &key_size, "aaa", 3)); + OK_(crypt_volume_key_get(cd, 0, key, &key_size, PASSPHRASE, strlen(PASSPHRASE))); /* crypt_keyslot_add_by_volume_key (restricted) */ - FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3)), "Unmet requirements detected"); + FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1))), "Unmet requirements detected"); EQ_(r, -ETXTBSY); /* crypt_keyslot_add_by_key (restricted) */ - FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, "xxx", 3, CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected"); + FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); /* crypt_keyslot_add_by_key (restricted) */ - FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3, 0)), "Unmet requirements detected"); + FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), 0)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); /* crypt_persistent_flasgs_set (restricted) */ @@ -3389,10 +3401,10 @@ EQ_(flags, CRYPT_REQUIREMENT_UNKNOWN); /* crypt_activate_by_passphrase (restricted for activation only) */ - FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)), "Unmet requirements detected"); + FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); - OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, 0)); - OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); + OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0)); + OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); /* crypt_activate_by_keyfile (restricted for activation only) */ @@ -3409,7 +3421,7 @@ #ifdef KERNEL_KEYRING if (t_dm_crypt_keyring_support()) { - kid = add_key("user", KEY_DESC_TEST0, "aaa", 3, KEY_SPEC_THREAD_KEYRING); + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); NOTFAIL_(kid, "Test or kernel keyring are broken."); /* crypt_activate_by_keyring (restricted for activation only) */ @@ -3417,6 +3429,8 @@ EQ_(r, t_dm_crypt_keyring_support() ? -ETXTBSY : -EINVAL); OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0)); OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY)); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); } #endif @@ -3502,10 +3516,15 @@ /* crypt_activate_by_token (restricted for activation only) */ #ifdef KERNEL_KEYRING if (t_dm_crypt_keyring_support()) { + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent EQ_(r, -ETXTBSY); OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0)); OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY)); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); } #endif OK_(get_luks2_offsets(0, 8192, 0, NULL, &r_payload_offset)); @@ -3517,7 +3536,7 @@ CRYPT_FREE(cd); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_load(cd, CRYPT_LUKS, NULL)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0)); OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); /* replace header with no requirements */ OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); @@ -3555,7 +3574,7 @@ OK_(crypt_init_by_name(&cd, CDEVICE_1)); /* crypt_resume_by_passphrase (restricted) */ - FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)), "Unmet requirements detected"); + FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE))), "Unmet requirements detected"); EQ_(r, -ETXTBSY); /* crypt_resume_by_keyfile (restricted) */ @@ -3569,13 +3588,13 @@ OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); OK_(crypt_init_by_name(&cd, CDEVICE_1)); - OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)); + OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE))); CRYPT_FREE(cd); OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); OK_(crypt_init_by_name(&cd, CDEVICE_1)); /* load VK in keyring */ - OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); + OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); /* crypt_resize (restricted) */ FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected"); EQ_(r, -ETXTBSY); @@ -3611,7 +3630,6 @@ .integrity = "hmac(sha256)" }; size_t key_size = 32 + 32; - const char *passphrase = "blabla"; const char *cipher = "aes"; const char *cipher_mode = "xts-random"; int ret; @@ -3625,8 +3643,8 @@ return; } - EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, passphrase, strlen(passphrase)), 7); - EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, passphrase, strlen(passphrase) ,0), 7); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 7); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, PASSPHRASE, strlen(PASSPHRASE) ,0), 7); GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); CRYPT_FREE(cd); @@ -3678,36 +3696,36 @@ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(set_fast_pbkdf(cd)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, key, 32, NULL)); - OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, "aaa", 3)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)); + OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, PASSPHRASE, strlen(PASSPHRASE))); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0)); /* check we can refresh significant flags */ if (t_dm_crypt_discard_support()) { - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_ALLOW_DISCARDS)); cad.flags = 0; } if (t_dm_crypt_cpu_switch_support()) { - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SAME_CPU_CRYPT)); cad.flags = 0; - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); cad.flags = 0; - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); cad.flags = 0; } OK_(crypt_volume_key_keyring(cd, 0)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised."); cad.flags = 0; @@ -3715,7 +3733,7 @@ #ifdef KERNEL_KEYRING if (t_dm_crypt_keyring_support()) { OK_(crypt_volume_key_keyring(cd, 1)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY)); cad.flags = 0; @@ -3724,26 +3742,26 @@ /* multiple flags at once */ if (t_dm_crypt_discard_support() && t_dm_crypt_cpu_switch_support()) { - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS)); cad.flags = 0; } /* do not allow reactivation with read-only (and drop flag silently because activation behaves exactly same) */ - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY), "Reactivated with read-only flag."); cad.flags = 0; /* reload flag is dropped silently */ OK_(crypt_deactivate(cd, CDEVICE_1)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH)); /* check read-only flag is not lost after reload */ OK_(crypt_deactivate(cd, CDEVICE_1)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_READONLY)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_READONLY)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY)); cad.flags = 0; @@ -3751,7 +3769,7 @@ /* check LUKS2 with auth. enc. reload */ OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); if (!crypt_format(cd2, CRYPT_LUKS2, "aes", "gcm-random", crypt_get_uuid(cd), key, 32, ¶ms)) { - OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, "aaa", 3)); + OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, PASSPHRASE, strlen(PASSPHRASE))); OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, 0)); OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL)); OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad)); @@ -3761,11 +3779,11 @@ OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad)); OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); cad.flags = 0; - OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH)); OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad)); FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL), ""); FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS), ""); - FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context"); + FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context"); OK_(crypt_deactivate(cd2, CDEVICE_2)); } else { printf("WARNING: cannot format integrity device, skipping few reload tests.\n"); @@ -3775,8 +3793,8 @@ /* Use LUKS1 context on LUKS2 device */ OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S)); OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, mode, crypt_get_uuid(cd), key, 32, NULL)); - OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, "aaa", 3)); - FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context"); + OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, PASSPHRASE, strlen(PASSPHRASE))); + FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context"); CRYPT_FREE(cd2); /* Use PLAIN context on LUKS2 device */ @@ -3792,8 +3810,8 @@ OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); OK_(set_fast_pbkdf(cd2)); OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, mode, crypt_get_uuid(cd), key, 32, NULL)); - OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, "aaa", 3)); - FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device"); + OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, PASSPHRASE, strlen(PASSPHRASE))); + FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device"); OK_(crypt_deactivate(cd, CDEVICE_1)); @@ -4725,6 +4743,268 @@ } #endif +static void LuksKeyslotAdd(void) +{ + struct crypt_params_luks2 params = { + .sector_size = 512 + }; + char key[128], key3[128]; +#ifdef KERNEL_KEYRING + int ks; + key_serial_t kid; +#endif + const struct crypt_token_params_luks2_keyring tparams = { + .key_description = KEY_DESC_TEST0 + }; + + const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; + size_t key_size = strlen(vk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset; + struct crypt_keyslot_context *um1, *um2; + + crypt_decode_key(key, vk_hex, key_size); + crypt_decode_key(key3, vk_hex2, key_size); + + // init test devices + OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1)); + + // test support for embedded key (after crypt_format) + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3); + EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE_LAST); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + CRYPT_FREE(cd); + + // test add by volume key + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE1, strlen(PASSPHRASE1), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um2, 0), 0); + EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // Add by same passphrase + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um1, 0), 1); + EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE); + crypt_keyslot_context_free(um1); + + // new passphrase can't be provided by key method + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um2)); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 1, um1, CRYPT_ANY_SLOT, um2, 0), "Can't get passphrase via selected unlock method"); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // add by keyfile + OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1))); + OK_(prepare_keyfile(KEYFILE2, KEY1, strlen(KEY1))); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1)); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, 0, um1, 2, um2, 0), 2); + EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_ACTIVE); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // add by same keyfile + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, 2, um1, 4, um1, 0), 4); + EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE); + crypt_keyslot_context_free(um1); + + // keyslot already exists + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1)); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2)); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 0, um2, 0), "Keyslot already exists."); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // generate new unbound key + OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, 9, &um1)); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 10, um2, CRYPT_VOLUME_KEY_NO_SEGMENT), 10); + EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + EQ_(crypt_token_luks2_keyring_set(cd, 3, &tparams), 3); + EQ_(crypt_token_assign_keyslot(cd, 3, 1), 3); + EQ_(crypt_token_assign_keyslot(cd, 3, 3), 3); + + // test unlocking/adding keyslot by LUKS2 token + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1)); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2)); + // passphrase not in keyring + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available."); +#ifdef KERNEL_KEYRING + // wrong passphrase in keyring + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available."); + + // token unlocks keyslot + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), 13); + EQ_(crypt_keyslot_status(cd, 13), CRYPT_SLOT_ACTIVE); + + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // token provides passphrase for new keyslot + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1)); + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 30, um2, 0), 30); + EQ_(crypt_keyslot_status(cd, 30), CRYPT_SLOT_ACTIVE); + OK_(crypt_token_is_assigned(cd, 3, 30)); + + // unlock and add by same token + crypt_keyslot_context_free(um1); + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1)); + ks = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um1, 0); + GE_(ks, 0); + EQ_(crypt_keyslot_status(cd, ks), CRYPT_SLOT_ACTIVE); + OK_(crypt_token_is_assigned(cd, 3, ks)); +#endif + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void VolumeKeyGet(void) +{ + struct crypt_params_luks2 params = { + .sector_size = 512 + }; + char key[256], key2[256]; +#ifdef KERNEL_KEYRING + key_serial_t kid; + const struct crypt_token_params_luks2_keyring tparams = { + .key_description = KEY_DESC_TEST0 + }; +#endif + + const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a" + "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1b"; + size_t key_size = strlen(vk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "xts-plain64"; + uint64_t r_payload_offset; + struct crypt_keyslot_context *um1, *um2; + + crypt_decode_key(key, vk_hex, key_size); + + OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1))); + +#ifdef KERNEL_KEYRING + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); +#endif + + // init test devices + OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1)); + + // test support for embedded key (after crypt_format) + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); + key_size--; + FAIL_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL), "buffer too small"); + + // check cached generated volume key can be retrieved + key_size++; + OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL)); + OK_(crypt_volume_key_verify(cd, key2, key_size)); + CRYPT_FREE(cd); + + // check we can add keyslot via retrieved key + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + CRYPT_FREE(cd); + + // check selected volume key can be retrieved and added + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + memset(key2, 0, key_size); + OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL)); + OK_(memcmp(key, key2, key_size)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 0, um2, 0), 0); + crypt_keyslot_context_free(um2); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um2, 0), 1); + crypt_keyslot_context_free(um2); +#ifdef KERNEL_KEYRING + EQ_(crypt_token_luks2_keyring_set(cd, 0, &tparams), 0); + EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0); +#endif + crypt_keyslot_context_free(um1); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + // check key context is not usable + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1)); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), -EINVAL); + crypt_keyslot_context_free(um1); + + // by passphrase + memset(key2, 0, key_size); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1)); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 0); + OK_(memcmp(key, key2, key_size)); + memset(key2, 0, key_size); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, 0, key2, &key_size, um1), 0); + OK_(memcmp(key, key2, key_size)); + crypt_keyslot_context_free(um1); + + // by keyfile + memset(key2, 0, key_size); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1)); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1); + OK_(memcmp(key, key2, key_size)); + memset(key2, 0, key_size); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, 1, key2, &key_size, um1), 1); + crypt_keyslot_context_free(um1); + +#ifdef KERNEL_KEYRING + // by token + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1)); + memset(key2, 0, key_size); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1); + OK_(memcmp(key, key2, key_size)); + crypt_keyslot_context_free(um1); +#endif + CRYPT_FREE(cd); + + _remove_keyfiles(); + _cleanup_dmdevices(); +} + static int _crypt_load_check(struct crypt_device *cd) { #ifdef HAVE_BLKID @@ -4850,6 +5130,8 @@ #if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION RUN_(Luks2Reencryption, "LUKS2 reencryption"); #endif + RUN_(LuksKeyslotAdd, "Adding keyslot via new API"); + RUN_(VolumeKeyGet, "Getting volume key via keyslot context API"); RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run always last! _cleanup(); diff -Nru cryptsetup-2.5.0/tests/api-test.c cryptsetup-2.6.1/tests/api-test.c --- cryptsetup-2.5.0/tests/api-test.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/api-test.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * cryptsetup library API check functions * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -65,8 +65,8 @@ #define KEYFILE2 "key2.file" #define KEY2 "0123456789abcdef" -#define PASSPHRASE "blabla" -#define PASSPHRASE1 "albalb" +#define PASSPHRASE "blablabl" +#define PASSPHRASE1 "albalbal" #define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc" @@ -302,6 +302,9 @@ _system("modprobe dm-verity >/dev/null 2>&1", 0); _system("modprobe dm-integrity >/dev/null 2>&1", 0); + if (t_dm_check_versions()) + return 1; + _fips_mode = fips_mode(); if (_debug) printf("FIPS MODE: %d\n", _fips_mode); @@ -322,8 +325,9 @@ }; int fd; char key[128], key2[128], path[128]; + struct crypt_keyslot_context *kc = NULL; - const char *passphrase = PASSPHRASE; + const char *passphrase = "blabla"; // hashed hex version of PASSPHRASE const char *vk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea"; size_t key_size = strlen(vk_hex) / 2; @@ -575,6 +579,11 @@ key_size++; OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase))); OK_(memcmp(key, key2, key_size)); + memset(key2, 0, key_size); + OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &kc)); + OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, kc)); + OK_(memcmp(key, key2, key_size)); + crypt_keyslot_context_free(kc); OK_(strcmp(cipher, crypt_get_cipher(cd))); OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); @@ -763,6 +772,10 @@ OK_(crypt_deactivate(cd, CDEVICE_1)); CRYPT_FREE(cd); + /* skip tests using empty passphrase */ + if(_fips_mode) + return; + OK_(get_luks_offsets(0, key_size, 1024*2, 0, NULL, &r_payload_offset)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); @@ -797,7 +810,7 @@ }; char key[128], key2[128], key3[128]; - const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd"; + const char *passphrase = PASSPHRASE, *passphrase2 = "nsdkFI&Y#.sd"; const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; size_t key_size = strlen(vk_hex) / 2; @@ -947,7 +960,7 @@ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active"); EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - FAIL_(crypt_header_is_detached(cd), "no header for mismatched device"); + EQ_(crypt_header_is_detached(cd), 1); CRYPT_FREE(cd); params.data_device = NULL; @@ -1712,6 +1725,10 @@ OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_out, &root_hash_out_size, NULL, 0)); EQ_(32, root_hash_out_size); OK_(memcmp(root_hash, root_hash_out, root_hash_out_size)); + memset(root_hash_out, 0, root_hash_out_size); + OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, root_hash_out, &root_hash_out_size, NULL)); + EQ_(32, root_hash_out_size); + OK_(memcmp(root_hash, root_hash_out, root_hash_out_size)); OK_(crypt_deactivate(cd, CDEVICE_1)); /* hash fail */ @@ -1788,6 +1805,9 @@ key_size++; OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0)); OK_(memcmp(key, key_def, key_size)); + memset(key, 0, key_size); + OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key, &key_size, NULL)); + OK_(memcmp(key, key_def, key_size)); reset_log(); OK_(crypt_dump(cd)); @@ -1802,6 +1822,7 @@ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0), "Need crypt_load"); + FAIL_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key, &key_size, NULL), "Need crypt_load"); // check params after init_by_name OK_(strcmp("xts-plain64", crypt_get_cipher_mode(cd))); @@ -1856,6 +1877,11 @@ int ret; uint64_t r_size, whole_device_size = 0; + if (!t_dm_integrity_resize_support()) { + printf("WARNING: integrity device resize not supported, skipping test.\n"); + return; + } + OK_(crypt_init(&cd, DEVICE_2)); ret = crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,¶ms); if (ret < 0) { @@ -1935,6 +1961,11 @@ params.journal_crypt_key_size = journal_crypt_key_size; params.journal_crypt_key = journal_crypt_key; + if (!t_dm_integrity_resize_support()) { + printf("WARNING: integrity device resize not supported, skipping test.\n"); + return; + } + OK_(crypt_init(&cd, DEVICE_2)); ret = crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,¶ms); if (ret < 0) { @@ -2032,11 +2063,13 @@ OK_(strcmp(ip.integrity,params.integrity)); OK_(strcmp(CRYPT_INTEGRITY,crypt_get_type(cd))); - OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); - EQ_(cad.flags & CRYPT_ACTIVATE_RECALCULATE, 0); - OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_RECALCULATE)); - OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); - EQ_(cad.flags & CRYPT_ACTIVATE_RECALCULATE, CRYPT_ACTIVATE_RECALCULATE); + if (t_dm_integrity_recalculate_support()) { + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.flags & CRYPT_ACTIVATE_RECALCULATE, 0); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_RECALCULATE)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.flags & CRYPT_ACTIVATE_RECALCULATE, CRYPT_ACTIVATE_RECALCULATE); + } OK_(crypt_deactivate(cd, CDEVICE_1)); CRYPT_FREE(cd); @@ -2061,6 +2094,221 @@ CRYPT_FREE(cd); } +static void LuksKeyslotAdd(void) +{ + enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 }; + struct crypt_params_luks1 params = { + .hash = "sha512", + .data_alignment = OFFSET_1M, // 4M, data offset will be 4096 + }; + struct crypt_pbkdf_type min_pbkdf2 = { + .type = "pbkdf2", + .hash = "sha256", + .iterations = 1000, + .flags = CRYPT_PBKDF_NO_BENCHMARK + }; + char key[128], key3[128]; + + const char *passphrase = PASSPHRASE, *passphrase2 = "nsdkFI&Y#.sd"; + const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; + size_t key_size = strlen(vk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset; + struct crypt_keyslot_context *um1, *um2; + + crypt_decode_key(key, vk_hex, key_size); + crypt_decode_key(key3, vk_hex2, key_size); + + // init test devices + OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1)); + + // test support for embedded key (after crypt_format) + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + CRYPT_FREE(cd); + + // test add by volume key + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase2, strlen(passphrase2), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um2, 0), 0); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // Add by same passphrase + OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &um1)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um1, 0), 1); + crypt_keyslot_context_free(um1); + + // new passphrase can't be provided by key method + OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &um1)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um2)); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 1, um1, CRYPT_ANY_SLOT, um2, 0), "Can't get passphrase via selected unlock method"); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // add by keyfile + OK_(prepare_keyfile(KEYFILE1, passphrase2, strlen(passphrase2))); + OK_(prepare_keyfile(KEYFILE2, KEY1, strlen(KEY1))); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1)); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, 0, um1, 2, um2, 0), 2); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // add by same keyfile + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 4, um1, 0), 4); + crypt_keyslot_context_free(um1); + + // keyslot already exists + OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase2, strlen(passphrase2), &um1)); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2)); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 0, um2, 0), "Keyslot already exists."); + crypt_keyslot_context_free(um2); + + // flags not supported with LUKS1 + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2)); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um2, CRYPT_VOLUME_KEY_NO_SEGMENT), "Not supported with LUKS1."); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + // LUKS2 token not supported + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1)); + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um2)); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 2, um1, CRYPT_ANY_SLOT, um2, 0), "Not supported with LUKS1."); + EQ_(crypt_keyslot_context_get_error(um2), -EINVAL); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1)); + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um2)); + FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um2, CRYPT_ANY_SLOT, um1, 0), "Not supported with LUKS1."); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void VolumeKeyGet(void) +{ + struct crypt_params_luks1 params = { + .hash = "sha512", + .data_alignment = 2048, // 2M, data offset will be 2048 + }; + struct crypt_pbkdf_type min_pbkdf2 = { + .type = "pbkdf2", + .hash = "sha256", + .iterations = 1000, + .flags = CRYPT_PBKDF_NO_BENCHMARK + }; + char key[128], key2[128]; + + const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + size_t key_size = strlen(vk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset; + struct crypt_keyslot_context *um1, *um2; + + crypt_decode_key(key, vk_hex, key_size); + + OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1))); + + // init test devices + OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1)); + + // test support for embedded key (after crypt_format) + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + key_size--; + FAIL_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL), "buffer too small"); + + // check cached generated volume key can be retrieved + key_size++; + OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL)); + OK_(crypt_volume_key_verify(cd, key2, key_size)); + CRYPT_FREE(cd); + + // check we can add keyslot via retrieved key + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3); + crypt_keyslot_context_free(um1); + crypt_keyslot_context_free(um2); + CRYPT_FREE(cd); + + // check selected volume key can be retrieved and added + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + memset(key2, 0, key_size); + OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL)); + OK_(memcmp(key, key2, key_size)); + OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1)); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 0, um2, 0), 0); + crypt_keyslot_context_free(um2); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2)); + EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um2, 0), 1); + crypt_keyslot_context_free(um2); + crypt_keyslot_context_free(um1); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + // check key context is not usable + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1)); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), -EINVAL); + crypt_keyslot_context_free(um1); + + // check token context is not usable + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1)); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), -EINVAL); + crypt_keyslot_context_free(um1); + + // by passphrase + memset(key2, 0, key_size); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1)); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 0); + OK_(memcmp(key, key2, key_size)); + memset(key2, 0, key_size); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, 0, key2, &key_size, um1), 0); + OK_(memcmp(key, key2, key_size)); + crypt_keyslot_context_free(um1); + + // by keyfile + memset(key2, 0, key_size); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1)); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1); + OK_(memcmp(key, key2, key_size)); + memset(key2, 0, key_size); + EQ_(crypt_volume_key_get_by_keyslot_context(cd, 1, key2, &key_size, um1), 1); + crypt_keyslot_context_free(um1); + CRYPT_FREE(cd); + + _remove_keyfiles(); + _cleanup_dmdevices(); +} + // Check that gcrypt is properly initialised in format static void NonFIPSAlg(void) { @@ -2155,6 +2403,8 @@ RUN_(ResizeIntegrity, "Integrity raw resize"); RUN_(ResizeIntegrityWithKey, "Integrity raw resize with key"); RUN_(WipeTest, "Wipe device"); + RUN_(LuksKeyslotAdd, "Adding keyslot via new API"); + RUN_(VolumeKeyGet, "Getting volume key via keyslot context API"); _cleanup(); return 0; diff -Nru cryptsetup-2.5.0/tests/api_test.h cryptsetup-2.6.1/tests/api_test.h --- cryptsetup-2.5.0/tests/api_test.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/api_test.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,9 +1,9 @@ /* * cryptsetup library API check functions * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz - * Copyright (C) 2016-2022 Ondrej Kozina + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2016-2023 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -38,6 +38,9 @@ int t_dm_crypt_keyring_support(void); int t_dm_crypt_cpu_switch_support(void); int t_dm_crypt_discard_support(void); +int t_dm_integrity_resize_support(void); +int t_dm_integrity_recalculate_support(void); +int t_dm_capi_string_supported(void); int t_set_readahead(const char *device, unsigned value); int fips_mode(void); @@ -122,7 +125,23 @@ #define T_DM_VERITY_FEC_SUPPORTED (1 << 10) /* Forward Error Correction (FEC) */ #define T_DM_KERNEL_KEYRING_SUPPORTED (1 << 11) /* dm-crypt allows loading kernel keyring keys */ #define T_DM_INTEGRITY_SUPPORTED (1 << 12) /* dm-integrity target supported */ -//FIXME add T_DM_SECTOR_SIZE once we have version +#define T_DM_SECTOR_SIZE_SUPPORTED (1 << 13) /* support for sector size setting in dm-crypt/dm-integrity */ +#define T_DM_CAPI_STRING_SUPPORTED (1 << 14) /* support for cryptoapi format cipher definition */ +#define T_DM_DEFERRED_SUPPORTED (1 << 15) /* deferred removal of device */ +#define T_DM_INTEGRITY_RECALC_SUPPORTED (1 << 16) /* dm-integrity automatic recalculation supported */ +#define T_DM_INTEGRITY_BITMAP_SUPPORTED (1 << 17) /* dm-integrity bitmap mode supported */ +#define T_DM_GET_TARGET_VERSION_SUPPORTED (1 << 18) /* dm DM_GET_TARGET version ioctl supported */ +#define T_DM_INTEGRITY_FIX_PADDING_SUPPORTED (1 << 19) /* supports the parameter fix_padding that fixes a bug that caused excessive padding */ +#define T_DM_BITLK_EBOIV_SUPPORTED (1 << 20) /* EBOIV for BITLK supported */ +#define T_DM_BITLK_ELEPHANT_SUPPORTED (1 << 21) /* Elephant diffuser for BITLK supported */ +#define T_DM_VERITY_SIGNATURE_SUPPORTED (1 << 22) /* Verity option root_hash_sig_key_desc supported */ +#define T_DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */ +#define T_DM_INTEGRITY_RESIZE_SUPPORTED (1 << 23) /* dm-integrity resize of the integrity device supported (introduced in the same version as discards)*/ +#define T_DM_VERITY_PANIC_CORRUPTION_SUPPORTED (1 << 24) /* dm-verity panic on corruption */ +#define T_DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues */ +#define T_DM_INTEGRITY_FIX_HMAC_SUPPORTED (1 << 26) /* hmac covers also superblock */ +#define T_DM_INTEGRITY_RESET_RECALC_SUPPORTED (1 << 27) /* dm-integrity automatic recalculation supported */ +#define T_DM_VERITY_TASKLETS_SUPPORTED (1 << 28) /* dm-verity tasklets supported */ /* loop helpers */ int loop_device(const char *loop); diff -Nru cryptsetup-2.5.0/tests/bitlk-compat-test cryptsetup-2.6.1/tests/bitlk-compat-test --- cryptsetup-2.5.0/tests/bitlk-compat-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/bitlk-compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -142,7 +142,7 @@ [ $ret -eq 0 ] || fail " failed to open $file ($ret)" $CRYPTSETUP status $MAP >/dev/null || fail $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail - uuid=$(lsblk -n -o UUID /dev/mapper/$MAP) + uuid=$(blkid -p -o value -s UUID /dev/mapper/$MAP) sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1) $CRYPTSETUP remove $MAP || fail [ "$uuid" = "$UUID" ] || fail " UUID check failed." @@ -166,7 +166,7 @@ [ $ret -eq 0 ] || fail " failed to open $file using volume key ($ret)" $CRYPTSETUP status $MAP >/dev/null || fail $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail - uuid=$(lsblk -n -o UUID /dev/mapper/$MAP) + uuid=$(blkid -p -o value -s UUID /dev/mapper/$MAP) sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1) $CRYPTSETUP remove $MAP || fail [ "$uuid" = "$UUID" ] || fail " UUID check failed." @@ -186,7 +186,7 @@ [ $ret -eq 0 ] || fail " failed to open $file ($ret)" $CRYPTSETUP status $MAP >/dev/null || fail $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail - uuid=$(lsblk -n -o UUID /dev/mapper/$MAP) + uuid=$(blkid -p -o value -s UUID /dev/mapper/$MAP) sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1) $CRYPTSETUP remove $MAP || fail [ "$uuid" = "$UUID" ] || fail " UUID check failed." diff -Nru cryptsetup-2.5.0/tests/compat-test cryptsetup-2.6.1/tests/compat-test --- cryptsetup-2.5.0/tests/compat-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -45,7 +45,7 @@ TEST_UUID="12345678-1234-1234-1234-123456789abc" LOOPDEV=$(losetup -f 2>/dev/null) -[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) function remove_mapping() { @@ -450,10 +450,13 @@ $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi +# skip tests using empty passphrase +if [ ! fips_mode ]; then # empty keyfile $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEYE || fail $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail +fi # open by volume key echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY1 $LOOPDEV || fail $CRYPTSETUP luksOpen --volume-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail @@ -468,11 +471,11 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 3 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail -echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail +echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail -echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail @@ -489,28 +492,28 @@ # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail -$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail +$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail # keyfile/keyfile -$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail +$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail # passphrase/keyfile -echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail # passphrase/passphrase -echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail # keyfile/passphrase -echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail +echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 8 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail prepare "[18] RemoveKey passphrase and keyfile" reuse $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail -$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail +$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail @@ -635,7 +638,7 @@ prepare "[23] ChangeKey passphrase and keyfile" wipe # [0]$KEY1 [1]key0 $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail -echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail # keyfile [0] / keyfile [0] $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail # passphrase [1] / passphrase [1] @@ -728,12 +731,15 @@ [ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail +# skip tests using empty passphrase +if [ ! fips_mode ]; then echo | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks1 $LOOPDEV || fail echo | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail echo | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail +fi prepare "[27] luksOpen/luksResume with specified key slot number" wipe # first, let's try passphrase option @@ -748,7 +754,7 @@ $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail -echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail +echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0 echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail @@ -757,7 +763,7 @@ # second, try it with keyfiles $CRYPTSETUP luksFormat --type luks1 -q -S 5 -d $KEY5 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5 -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1 $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail check_exists @@ -794,7 +800,7 @@ echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksClose $DEV_NAME || fail -echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail @@ -822,7 +828,7 @@ prepare "[30] LUKS erase" wipe $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY5 --key-slot 5 || fail -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksErase -q $LOOPDEV || fail @@ -1098,5 +1104,34 @@ EOF [ $? -eq 0 ] || fail "Expect script failed." +prepare "[41] New luksAddKey options." file +rm -f $VK_FILE +echo "$PWD1" | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $IMG || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail + +# pass pass +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $IMG || fail +echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $IMG || fail + +# pass file +echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $IMG $KEY1 || fail +$CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $IMG || fail + +# file pass +echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $IMG || fail +echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $IMG || fail + +# file file +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $IMG || fail +$CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $IMG || fail + +# vk pass +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $IMG || fail +echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S5 $IMG || fail + +# vk file +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $IMG || fail +$CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $IMG || fail + remove_mapping exit 0 diff -Nru cryptsetup-2.5.0/tests/compat-test2 cryptsetup-2.6.1/tests/compat-test2 --- cryptsetup-2.5.0/tests/compat-test2 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/compat-test2 2023-02-09 16:12:17.000000000 +0000 @@ -42,7 +42,7 @@ TEST_UUID="12345678-1234-1234-1234-123456789abc" LOOPDEV=$(losetup -f 2>/dev/null) -[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) function remove_mapping() { @@ -328,7 +328,7 @@ echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep -qe sha512 || fail # Check JSON dump for some mandatory section -$CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata | grep -q '\"tokens\":' || fail +$CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata | grep -q '"tokens":' || fail prepare "[5] open" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail @@ -427,10 +427,14 @@ $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi +# skip tests using empty passphrases +if [ ! fips_mode ]; then # empty keyfile $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEYE || fail $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail +fi + # open by volume key echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY1 --type luks2 $LOOPDEV || fail $CRYPTSETUP luksOpen --volume-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail @@ -442,11 +446,11 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --volume-key-file /dev/zero --key-slot 3 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail -echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail +echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail -echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail @@ -463,21 +467,21 @@ # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2 $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail -$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail +$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail # keyfile/keyfile -$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail +$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail # passphrase/keyfile -echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail # passphrase/passphrase -echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail # keyfile/passphrase -echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail +echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 8 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail prepare "[18] RemoveKey passphrase and keyfile" reuse @@ -605,7 +609,7 @@ prepare "[23] ChangeKey passphrase and keyfile" wipe # [0]$KEY1 [1]key0 $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --key-size 256 --luks2-keyslots-size 256k >/dev/null || fail -echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail # keyfile [0] / keyfile [0] $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail # passphrase [1] / passphrase [1] @@ -692,14 +696,14 @@ $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail -echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail +echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # second, try it with keyfiles $CRYPTSETUP -q luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksSuspend $DEV_NAME || fail @@ -746,7 +750,7 @@ echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksClose $DEV_NAME || fail -echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail @@ -773,7 +777,7 @@ prepare "[30] LUKS erase" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail $CRYPTSETUP luksErase -q $LOOPDEV || fail @@ -782,7 +786,7 @@ prepare "[31] LUKS convert" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata >/dev/null 2>&1 && fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail @@ -793,7 +797,7 @@ $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail # hash test $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha512 || fail -$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail @@ -900,9 +904,26 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" && fail # test we can remove keyslot with token - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S4 $FAST_PBKDF_OPT $LOOPDEV || fail - $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 4 || fail + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S4 $FAST_PBKDF_OPT $LOOPDEV || fail + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 4 --token-id 0 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 4 || fail + $CRYPTSETUP token remove --token-id 0 $LOOPDEV || fail + + # test we can add unassigned token + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN0 --unbound --token-id 0 || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV && fail + $CRYPTSETUP token remove --token-id 0 $LOOPDEV || fail + + # test token unassign works + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN0 -S0 --token-id 0 || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV || fail + $CRYPTSETUP token unassign --token-id 0 $LOOPDEV 2>/dev/null && fail + $CRYPTSETUP token unassign -S0 $LOOPDEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 0 -S0 $LOOPDEV || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV && fail + $CRYPTSETUP token unassign --token-id 0 -S0 $LOOPDEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 0 -S44 $LOOPDEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 44 -S0 $LOOPDEV 2>/dev/null && fail fi echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 10 || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 11 --json-file - || fail @@ -922,7 +943,7 @@ prepare "[34] LUKS keyslot priority" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -S 1 || fail -echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -S 5 || fail +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -S 5 || fail $CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail $CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail $CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail @@ -978,23 +999,23 @@ $CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail $CRYPTSETUP -q luksConvertKey $LOOPDEV -S 5 --key-file $KEY5 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || can_fail_fips -echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -S 1 --key-file $KEY5 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -S 1 --key-file $KEY5 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 5 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail echo $PWD1 | $CRYPTSETUP -q luksConvertKey $LOOPDEV -S 1 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || can_fail_fips -echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 21 --unbound -s 16 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 21 --unbound -s 72 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP luksConvertKey --pbkdf-force-iterations 1001 --pbkdf pbkdf2 -S 21 $LOOPDEV || fail prepare "[38] luksAddKey unbound tests" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail # unbound key may have arbitrary size -echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 16 $LOOPDEV || fail -echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 32 -S 2 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 72 $LOOPDEV || fail +echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 72 -S 2 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" || fail dd if=/dev/urandom of=$KEY_FILE0 bs=64 count=1 > /dev/null 2>&1 || fail -echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 512 -S 3 --volume-key-file $KEY_FILE0 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 512 -S 3 --volume-key-file $KEY_FILE0 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" || fail # unbound key size is required echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $LOOPDEV 2>/dev/null && fail @@ -1012,7 +1033,7 @@ # do not allow adding keyslot by unbound keyslot echo -e "$PWD3\n$PWD1" | $CRYPTSETUP -q luksAddKey $LOOPDEV 2> /dev/null && fail # check adding keyslot works when there's unbound keyslot -echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-file $KEY5 -S8 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-file $KEY5 -S8 || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP luksKillSlot -q $LOOPDEV 2 @@ -1036,7 +1057,7 @@ echo -n "[$mda KiB]" echo $PWD4 | $CRYPTSETUP open test_image_$mda $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail - echo -e "$PWD4\n$PWD3" | $CRYPTSETUP luksAddKey -S9 $FAST_PBKDF_OPT test_image_$mda || fail + echo -e "$PWD4\n$PWD3" | $CRYPTSETUP luksAddKey -q -S9 $FAST_PBKDF_OPT test_image_$mda || fail echo $PWD4 | $CRYPTSETUP open --test-passphrase test_image_$mda || fail echo $PWD3 | $CRYPTSETUP open -S9 --test-passphrase test_image_$mda || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import test_image_$mda --token-id 10 || fail @@ -1075,18 +1096,18 @@ $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail +$CRYPTSETUP luksAddKey -q $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail +$CRYPTSETUP luksAddKey -q $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 2 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail # unbound keyslot -echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-slot 21 --unbound -s 32 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 21 --unbound -s 72 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail -echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-slot 22 --unbound -s 32 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 22 --unbound -s 72 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $LOOPDEV --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail @@ -1100,5 +1121,84 @@ done echo +prepare "[43] New luksAddKey options." wipe +rm -f $VK_FILE +echo "$PWD1" | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail + +# pass pass +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $IMG || fail +echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $IMG || fail + +# pass file +echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $IMG $KEY1 || fail +$CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $IMG || fail + +# file pass +echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $IMG || fail +echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $IMG || fail + +# file file +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $IMG || fail +$CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $IMG || fail + +# vk pass +echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $IMG || fail +echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S5 $IMG || fail + +# vk file +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $IMG || fail +$CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $IMG || fail + +if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then + test_and_prepare_keyring + load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + load_key user $TEST_TOKEN1 $PWDW "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP token add $IMG --key-description $TEST_TOKEN0 --token-id 0 -S0 || fail + $CRYPTSETUP token add $IMG --key-description $TEST_TOKEN1 --token-id 1 --unbound || fail + + # pass token + echo -e "$PWD1" | $CRYPTSETUP luksAddKey -q -S7 --new-token-id 1 $FAST_PBKDF_OPT $IMG || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail + + # file token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 7 --new-token-id 1 -d $KEY1 $IMG || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail + + # vk token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --volume-key-file $VK_FILE --new-token-id 1 $IMG || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail + + # token pass + echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --token-id 0 $IMG || fail + echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S7 $IMG || fail + + # token file + echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S8 --token-id 0 $IMG $KEY2 || fail + $CRYPTSETUP open -q --test-passphrase -S8 --key-file $KEY2 $IMG || fail + + # token token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S9 --token-id 0 --new-token-id 1 $IMG || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail + + # reuse same token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S0 --new-key-slot 9 --token-id 0 --new-token-id 0 $IMG || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail + + # reuse same token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --token-id 0 --new-token-id 0 $IMG || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail +fi + remove_mapping exit 0 Binary files /tmp/tmp06sinjow/cYhX8ttuxL/cryptsetup-2.5.0/tests/conversion_imgs.tar.xz and /tmp/tmp06sinjow/0nlrCebF_0/cryptsetup-2.6.1/tests/conversion_imgs.tar.xz differ diff -Nru cryptsetup-2.5.0/tests/crypto-vectors.c cryptsetup-2.6.1/tests/crypto-vectors.c --- cryptsetup-2.5.0/tests/crypto-vectors.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/crypto-vectors.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * cryptsetup crypto backend test vectors * - * Copyright (C) 2018-2022 Milan Broz + * Copyright (C) 2018-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/tests/device-test cryptsetup-2.6.1/tests/device-test --- cryptsetup-2.5.0/tests/device-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/device-test 2023-02-09 16:12:17.000000000 +0000 @@ -10,6 +10,9 @@ FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" SKIP_COUNT=0 +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + cleanup() { [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME udevadm settle >/dev/null 2>&1 @@ -36,6 +39,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + add_device() { rmmod scsi_debug >/dev/null 2>&1 [ -d /sys/module/scsi_debug ] && skip "Cannot use scsi_debug module (in use or compiled-in)." @@ -108,7 +123,7 @@ [ $? -ne 0 ] && fail "Format failed." # test some operation, just in case - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1 + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --new-key-slot 1 [ $? -ne 0 ] && fail "Keyslot add failed." $CRYPTSETUP -q luksKillSlot $DEV 1 @@ -130,6 +145,7 @@ } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run if [ $(id -u) != 0 ]; then skip "You must be root to run this test, test skipped." fi diff -Nru cryptsetup-2.5.0/tests/differ.c cryptsetup-2.6.1/tests/differ.c --- cryptsetup-2.5.0/tests/differ.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/differ.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * cryptsetup file differ check (rewritten Clemens' fileDiffer in Python) * - * Copyright (C) 2010-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/tests/discards-test cryptsetup-2.6.1/tests/discards-test --- cryptsetup-2.5.0/tests/discards-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/discards-test 2023-02-09 16:12:17.000000000 +0000 @@ -6,6 +6,9 @@ DEV="" PWD1="93R4P4pIqAH8" +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + cleanup() { [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME udevadm settle >/dev/null 2>&1 @@ -27,6 +30,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + add_device() { rmmod scsi_debug >/dev/null 2>&1 if [ -d /sys/module/scsi_debug ] ; then @@ -61,6 +76,7 @@ } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run if [ $(id -u) != 0 ]; then echo "WARNING: You must be root to run this test, test skipped." exit 77 diff -Nru cryptsetup-2.5.0/tests/fake_systemd_tpm_path.c cryptsetup-2.6.1/tests/fake_systemd_tpm_path.c --- cryptsetup-2.5.0/tests/fake_systemd_tpm_path.c 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fake_systemd_tpm_path.c 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,17 @@ +#include +#include + +/* systemd tpm2-util.h */ +int tpm2_find_device_auto(int log_level, char **ret); + +extern int tpm2_find_device_auto(int log_level __attribute__((unused)), char **ret) +{ + const char *path = getenv("TPM_PATH"); + + if (!path) + *ret = NULL; + else + *ret = strdup(path); + + return 0; +} diff -Nru cryptsetup-2.5.0/tests/fuzz/crypt2_load_fuzz.cc cryptsetup-2.6.1/tests/fuzz/crypt2_load_fuzz.cc --- cryptsetup-2.5.0/tests/fuzz/crypt2_load_fuzz.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/crypt2_load_fuzz.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,112 @@ +/* + * cryptsetup LUKS2 fuzz target + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +extern "C" { +#define FILESIZE (16777216) +#include "src/cryptsetup.h" +#include +#include "luks2/luks2.h" +#include "crypto_backend/crypto_backend.h" +#include "FuzzerInterface.h" + +static int calculate_checksum(const uint8_t* data, size_t size) { + struct crypt_hash *hd = NULL; + struct luks2_hdr_disk *hdr = NULL; + int hash_size; + uint64_t hdr_size1, hdr_size2; + int r = 0; + + /* primary header */ + if (sizeof(struct luks2_hdr_disk) > size) + return 0; + hdr = CONST_CAST(struct luks2_hdr_disk *) data; + + hdr_size1 = be64_to_cpu(hdr->hdr_size); + if (hdr_size1 > size) + return 0; + memset(&hdr->csum, 0, LUKS2_CHECKSUM_L); + if ((r = crypt_hash_init(&hd, "sha256"))) + goto out; + if ((r = crypt_hash_write(hd, CONST_CAST(char*) data, hdr_size1))) + goto out; + hash_size = crypt_hash_size("sha256"); + if (hash_size <= 0) { + r = 1; + goto out; + } + if ((r = crypt_hash_final(hd, (char*)&hdr->csum, (size_t)hash_size))) + goto out; + crypt_hash_destroy(hd); + + /* secondary header */ + if (hdr_size1 < sizeof(struct luks2_hdr_disk)) + hdr_size1 = sizeof(struct luks2_hdr_disk); + + if (hdr_size1 + sizeof(struct luks2_hdr_disk) > size) + return 0; + hdr = CONST_CAST(struct luks2_hdr_disk *) (data + hdr_size1); + + hdr_size2 = be64_to_cpu(hdr->hdr_size); + if (hdr_size2 > size || (hdr_size1 + hdr_size2) > size) + return 0; + + memset(&hdr->csum, 0, LUKS2_CHECKSUM_L); + if ((r = crypt_hash_init(&hd, "sha256"))) + goto out; + if ((r = crypt_hash_write(hd, (char*) hdr, hdr_size2))) + goto out; + if ((r = crypt_hash_final(hd, (char*)&hdr->csum, (size_t)hash_size))) + goto out; + +out: + if (hd) + crypt_hash_destroy(hd); + return r; +} + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + int fd; + struct crypt_device *cd = NULL; + char name[] = "/tmp/test-script-fuzz.XXXXXX"; + + if (calculate_checksum(data, size)) + return 0; + + fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC); + if (fd == -1) + err(EXIT_FAILURE, "mkostemp() failed"); + + /* enlarge header */ + if (ftruncate(fd, FILESIZE) == -1) + goto out; + + if (write_buffer(fd, data, size) != (ssize_t)size) + goto out; + + if (crypt_init(&cd, name) == 0) + (void)crypt_load(cd, CRYPT_LUKS2, NULL); + crypt_free(cd); +out: + close(fd); + unlink(name); + return 0; +} +} diff -Nru cryptsetup-2.5.0/tests/fuzz/crypt2_load_fuzz.dict cryptsetup-2.6.1/tests/fuzz/crypt2_load_fuzz.dict --- cryptsetup-2.5.0/tests/fuzz/crypt2_load_fuzz.dict 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/crypt2_load_fuzz.dict 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,130 @@ +# LUKS2 dictionary based on AFL dictionary for JSON +# ------------------------------------------------- +# JSON dictionary from https://github.com/google/AFL/blob/master/dictionaries/json.dict +# Inspired by a dictionary by Jakub Wilk +# +# LUKS2 keywords by Daniel Zatovic + +"0" +",0" +":0" +"0:" +"-1.2e+3" + +"true" +"false" +"null" + +"\"\"" +",\"\"" +":\"\"" +"\"\":" + +"{}" +",{}" +":{}" +"{\"\":0}" +"{{}}" + +"[]" +",[]" +":[]" +"[0]" +"[[]]" + +"''" +"\\" +"\\b" +"\\f" +"\\n" +"\\r" +"\\t" +"\\u0000" +"\\x00" +"\\0" +"\\uD800\\uDC00" +"\\uDBFF\\uDFFF" + +"\"\":0" +"//" +"/**/" + +"$ref" +"type" +"coordinates" +"@context" +"@id" + +"," +":" + +"1024" +"2048" +"4096" +"512" +"aegis128-random" +"aes-cbc:essiv:sha256" +"aes-xts-plain64" +"af" +"allow-discards" +"area" +"argon2i" +"argon2id" +"backup-final" +"backup-moved-segment" +"backup-previous" +"checksum" +"config" +"cpus" +"crypt" +"datashift" +"digest" +"digests" +"direction" +"encryption" +"flags" +"hash" +"in-reencryption" +"integrity" +"iterations" +"iv_tweak" +"journal" +"journal_encryption" +"journal_integrity" +"json_size" +"kdf" +"key_description" +"key_size" +"keyslots" +"keyslots_size" +"linear" +"luks2" +"luks2-keyring" +"LUKS\xBA\xBE" +"memory" +"mode" +"no-journal" +"none" +"no-read-workqueue" +"no-write-workqueue" +"offline-reencrypt" +"offset" +"online-reencrypt-v2" +"pbkdf2" +"priority" +"raw" +"reencrypt" +"requirements" +"salt" +"same-cpu-crypt" +"sector_size" +"segments" +"serpent-xts-plain64" +"shift_size" +"size" +"SKUL\xBA\xBE" +"stripes" +"submit-from-crypt-cpus" +"time" +"tokens" +"twofish-xts-plain64" diff -Nru cryptsetup-2.5.0/tests/fuzz/crypt2_load_ondisk_fuzz.cc cryptsetup-2.6.1/tests/fuzz/crypt2_load_ondisk_fuzz.cc --- cryptsetup-2.5.0/tests/fuzz/crypt2_load_ondisk_fuzz.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/crypt2_load_ondisk_fuzz.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,64 @@ +/* + * cryptsetup LUKS1, FileVault, BitLocker fuzz target + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +extern "C" { +#define FILESIZE (16777216) +#include "src/cryptsetup.h" +#include +#include "luks1/luks.h" +#include "crypto_backend/crypto_backend.h" +#include "FuzzerInterface.h" + +void empty_log(int level, const char *msg, void *usrptr) {} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + int fd, r; + struct crypt_device *cd = NULL; + char name[] = "/tmp/test-script-fuzz.XXXXXX"; + + fd = mkostemp(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC); + if (fd == -1) + err(EXIT_FAILURE, "mkostemp() failed"); + + /* enlarge header */ + if (ftruncate(fd, FILESIZE) == -1) + goto out; + + if (write_buffer(fd, data, size) != (ssize_t) size) + goto out; + + crypt_set_log_callback(NULL, empty_log, NULL); + + if (crypt_init(&cd, name) == 0) { + r = crypt_load(cd, CRYPT_LUKS1, NULL); + if (r == 0) + goto out; + + r = crypt_load(cd, CRYPT_FVAULT2, NULL); + if (r == 0) + goto out; + + (void) crypt_load(cd, CRYPT_BITLK, NULL); + } +out: + crypt_free(cd); + close(fd); + unlink(name); + return 0; +} +} diff -Nru cryptsetup-2.5.0/tests/fuzz/crypt2_load_ondisk_fuzz.dict cryptsetup-2.6.1/tests/fuzz/crypt2_load_ondisk_fuzz.dict --- cryptsetup-2.5.0/tests/fuzz/crypt2_load_ondisk_fuzz.dict 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/crypt2_load_ondisk_fuzz.dict 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,9 @@ +"aegis128-random" +"aes-cbc:essiv:sha256" +"aes-xts-plain64" +"aes-lrv-plain64" +"twofish-xts-plain64" +"serpent-xts-plain64" +"whirpool" +"sha256" +"sha1" diff -Nru cryptsetup-2.5.0/tests/fuzz/crypt2_load_proto_fuzz.cc cryptsetup-2.6.1/tests/fuzz/crypt2_load_proto_fuzz.cc --- cryptsetup-2.5.0/tests/fuzz/crypt2_load_proto_fuzz.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/crypt2_load_proto_fuzz.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,51 @@ +/* + * cryptsetup LUKS2 custom mutator fuzz target + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "LUKS2.pb.h" +#include "proto_to_luks2_converter.h" +#include "libfuzzer/libfuzzer_macro.h" +#include "FuzzerInterface.h" + +extern "C" { +#include +#include +#include +#include +} + +DEFINE_PROTO_FUZZER(const LUKS2_proto::LUKS2_both_headers &headers) { + struct crypt_device *cd = NULL; + char name[] = "/tmp/test-proto-fuzz.XXXXXX"; + int fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC); + + if (fd < 0) + err(EXIT_FAILURE, "mkostemp() failed"); + + LUKS2_proto::LUKS2ProtoConverter converter; + converter.convert(headers, fd); + + if (crypt_init(&cd, name) == 0) + (void)crypt_load(cd, CRYPT_LUKS2, NULL); + crypt_free(cd); + + close(fd); + unlink(name); +} diff -Nru cryptsetup-2.5.0/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc cryptsetup-2.6.1/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc --- cryptsetup-2.5.0/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,51 @@ +/* + * cryptsetup LUKS2 custom mutator fuzz target + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "LUKS2_plain_JSON.pb.h" +#include "plain_json_proto_to_luks2_converter.h" +#include "libfuzzer/libfuzzer_macro.h" +#include "FuzzerInterface.h" + +extern "C" { +#include +#include +#include +#include +} + +DEFINE_PROTO_FUZZER(const json_proto::LUKS2_both_headers &headers) { + struct crypt_device *cd = NULL; + char name[] = "/tmp/test-proto-fuzz.XXXXXX"; + int fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC); + + if (fd < 0) + err(EXIT_FAILURE, "mkostemp() failed"); + + json_proto::LUKS2ProtoConverter converter; + converter.convert(headers, fd); + + if (crypt_init(&cd, name) == 0) + (void)crypt_load(cd, CRYPT_LUKS2, NULL); + crypt_free(cd); + + close(fd); + unlink(name); +} diff -Nru cryptsetup-2.5.0/tests/fuzz/crypt2_load_proto_plain_json_fuzz.dict cryptsetup-2.6.1/tests/fuzz/crypt2_load_proto_plain_json_fuzz.dict --- cryptsetup-2.5.0/tests/fuzz/crypt2_load_proto_plain_json_fuzz.dict 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/crypt2_load_proto_plain_json_fuzz.dict 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,72 @@ +# LUKS2 keywords by Daniel Zatovic + +"1024" +"2048" +"4096" +"512" +"aegis128-random" +"aes-cbc:essiv:sha256" +"aes-xts-plain64" +"af" +"allow-discards" +"area" +"argon2i" +"argon2id" +"backup-final" +"backup-moved-segment" +"backup-previous" +"checksum" +"config" +"cpus" +"crypt" +"datashift" +"digest" +"digests" +"direction" +"encryption" +"flags" +"hash" +"in-reencryption" +"integrity" +"iterations" +"iv_tweak" +"journal" +"journal_encryption" +"journal_integrity" +"json_size" +"kdf" +"key_description" +"key_size" +"keyslots" +"keyslots_size" +"linear" +"luks2" +"luks2-keyring" +"LUKS\xBA\xBE" +"memory" +"mode" +"no-journal" +"none" +"no-read-workqueue" +"no-write-workqueue" +"offline-reencrypt" +"offset" +"online-reencrypt-v2" +"pbkdf2" +"priority" +"raw" +"reencrypt" +"requirements" +"salt" +"same-cpu-crypt" +"sector_size" +"segments" +"serpent-xts-plain64" +"shift_size" +"size" +"SKUL\xBA\xBE" +"stripes" +"submit-from-crypt-cpus" +"time" +"tokens" +"twofish-xts-plain64" diff -Nru cryptsetup-2.5.0/tests/fuzz/FuzzerInterface.h cryptsetup-2.6.1/tests/fuzz/FuzzerInterface.h --- cryptsetup-2.5.0/tests/fuzz/FuzzerInterface.h 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/FuzzerInterface.h 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,81 @@ +// Based on https://github.com/llvm-mirror/compiler-rt/blob/master/lib/fuzzer/FuzzerInterface.h +// +//===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// Define the interface between libFuzzer and the library being tested. +//===----------------------------------------------------------------------===// + +// NOTE: the libFuzzer interface is thin and in the majority of cases +// you should not include this file into your target. In 95% of cases +// all you need is to define the following function in your file: +// extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); + +// WARNING: keep the interface in C. + +#ifndef LLVM_FUZZER_INTERFACE_H +#define LLVM_FUZZER_INTERFACE_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +// Define FUZZER_INTERFACE_VISIBILITY to set default visibility in a way that +// doesn't break MSVC. +#if defined(_WIN32) +#define FUZZER_INTERFACE_VISIBILITY __declspec(dllexport) +#else +#define FUZZER_INTERFACE_VISIBILITY __attribute__((visibility("default"))) +#endif + +// Mandatory user-provided target function. +// Executes the code under test with [Data, Data+Size) as the input. +// libFuzzer will invoke this function *many* times with different inputs. +// Must return 0. +FUZZER_INTERFACE_VISIBILITY int +LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); + +// Optional user-provided initialization function. +// If provided, this function will be called by libFuzzer once at startup. +// It may read and modify argc/argv. +// Must return 0. +FUZZER_INTERFACE_VISIBILITY int LLVMFuzzerInitialize(int *argc, char ***argv); + +// Optional user-provided custom mutator. +// Mutates raw data in [Data, Data+Size) inplace. +// Returns the new size, which is not greater than MaxSize. +// Given the same Seed produces the same mutation. +FUZZER_INTERFACE_VISIBILITY size_t +LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize, + unsigned int Seed); + +// Optional user-provided custom cross-over function. +// Combines pieces of Data1 & Data2 together into Out. +// Returns the new size, which is not greater than MaxOutSize. +// Should produce the same mutation given the same Seed. +FUZZER_INTERFACE_VISIBILITY size_t +LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, + const uint8_t *Data2, size_t Size2, uint8_t *Out, + size_t MaxOutSize, unsigned int Seed); + +// Experimental, may go away in future. +// libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator. +// Mutates raw data in [Data, Data+Size) inplace. +// Returns the new size, which is not greater than MaxSize. +FUZZER_INTERFACE_VISIBILITY size_t +LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize); + +#undef FUZZER_INTERFACE_VISIBILITY + +#ifdef __cplusplus +} // extern "C" +#endif // __cplusplus + +#endif // LLVM_FUZZER_INTERFACE_H diff -Nru cryptsetup-2.5.0/tests/fuzz/json_proto_converter.cc cryptsetup-2.6.1/tests/fuzz/json_proto_converter.cc --- cryptsetup-2.5.0/tests/fuzz/json_proto_converter.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/json_proto_converter.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,87 @@ +// Copyright 2020 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#include "json_proto_converter.h" + +namespace json_proto { + +void JsonProtoConverter::AppendArray(const ArrayValue& array_value) { + data_ << '['; + bool need_comma = false; + for (const auto& value : array_value.value()) { + // Trailing comma inside of an array makes JSON invalid, avoid adding that. + if (need_comma) + data_ << ','; + else + need_comma = true; + + AppendValue(value); + } + data_ << ']'; +} + +void JsonProtoConverter::AppendNumber(const NumberValue& number_value) { + if (number_value.has_float_value()) { + data_ << number_value.float_value().value(); + } else if (number_value.has_exponent_value()) { + auto value = number_value.exponent_value(); + data_ << value.base(); + data_ << (value.use_uppercase() ? 'E' : 'e'); + data_ << value.exponent(); + } else if (number_value.has_exponent_frac_value()) { + auto value = number_value.exponent_value(); + data_ << value.base(); + data_ << (value.use_uppercase() ? 'E' : 'e'); + data_ << value.exponent(); + } else { + data_ << number_value.integer_value().value(); + } +} + +void JsonProtoConverter::AppendObject(const JsonObject& json_object) { + data_ << '{' << '"' << json_object.name() << '"' << ':'; + AppendValue(json_object.value()); + data_ << '}'; +} + +void JsonProtoConverter::AppendValue(const JsonValue& json_value) { + if (json_value.has_object_value()) { + AppendObject(json_value.object_value()); + } else if (json_value.has_array_value()) { + AppendArray(json_value.array_value()); + } else if (json_value.has_number_value()) { + AppendNumber(json_value.number_value()); + } else if (json_value.has_string_value()) { + data_ << '"' << json_value.string_value().value() << '"'; + } else if (json_value.has_boolean_value()) { + data_ << (json_value.boolean_value().value() ? "true" : "false"); + } else { + data_ << "null"; + } +} + +std::string JsonProtoConverter::Convert(const JsonObject& json_object) { + AppendObject(json_object); + return data_.str(); +} + +std::string JsonProtoConverter::Convert( + const json_proto::ArrayValue& json_array) { + AppendArray(json_array); + return data_.str(); +} + +} // namespace json_proto diff -Nru cryptsetup-2.5.0/tests/fuzz/json_proto_converter.h cryptsetup-2.6.1/tests/fuzz/json_proto_converter.h --- cryptsetup-2.5.0/tests/fuzz/json_proto_converter.h 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/json_proto_converter.h 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,43 @@ +// Copyright 2020 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#ifndef JSON_PROTO_CONVERTER_H_ +#define JSON_PROTO_CONVERTER_H_ + +#include +#include + +#include "LUKS2_plain_JSON.pb.h" + +namespace json_proto { + +class JsonProtoConverter { + public: + std::string Convert(const json_proto::JsonObject&); + std::string Convert(const json_proto::ArrayValue&); + + private: + std::stringstream data_; + + void AppendArray(const json_proto::ArrayValue&); + void AppendNumber(const json_proto::NumberValue&); + void AppendObject(const json_proto::JsonObject&); + void AppendValue(const json_proto::JsonValue&); +}; + +} // namespace json_proto + +#endif // TESTING_LIBFUZZER_PROTO_JSON_PROTO_CONVERTER_H_ diff -Nru cryptsetup-2.5.0/tests/fuzz/LUKS2_plain_JSON.proto cryptsetup-2.6.1/tests/fuzz/LUKS2_plain_JSON.proto --- cryptsetup-2.5.0/tests/fuzz/LUKS2_plain_JSON.proto 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/LUKS2_plain_JSON.proto 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,190 @@ +/* + * cryptsetup LUKS2 custom mutator + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +syntax = "proto2"; + +package json_proto; + +// --------------------------------------------------------------------------- +// ----------------------------- GENERIC OBJECTS ----------------------------- +// --------------------------------------------------------------------------- + +message object_id { + oneof id { + // int_id will be mapped to range -16 to 16 (mod 33) + // this way iy should be easier to generate valid + // object cross-references + uint32 int_id = 1; + string string_id = 2; + } +} + +message string_uint64 { + required bool negative = 1; + oneof number { + uint32 uint_num = 2; + string string_num = 3; + } +} + +enum hash_algorithm { + HASH_ALG_SHA1 = 1; + HASH_ALG_SHA256 = 2; +} + + +// --------------------------------------------------------------------------- +// ----------------------------- BINARY HEADER ------------------------------- +// --------------------------------------------------------------------------- + +enum luks2_magic { + INVALID = 0; + FIRST = 1; + SECOND = 2; +} + +enum luks_version { + ONE = 1; + TWO = 2; + THREE = 3; +} + +// we limit the size to 64KiB to make the fuzzing faster +// because the checksum needs to be calculated for the whole image +enum hdr_size { + size_16_KB = 16384; + size_32_KB = 32768; + size_64_KB = 65536; +// size_128_KB = 131072; +// size_256_KB = 262144; +// size_512_KB = 524288; +// size_1_MB = 1048576; +// size_2_MB = 2097152; +// size_4_MB = 4194304; +} + +enum seqid_description { + PRIMARY_GREATER = 0; + SECONDARY_GREATER = 1; + EQUAL = 2; +} + +// message luks2_hdr_disk { +// char magic[LUKS2_MAGIC_L]; +// //uint16_t version; /* Version 2 */ +// uint64_t hdr_size; /* in bytes, including JSON area */ +// uint64_t seqid; /* increased on every update */ +// char label[LUKS2_LABEL_L]; +// char checksum_alg[LUKS2_CHECKSUM_ALG_L]; +// uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */ +// char uuid[LUKS2_UUID_L]; +// char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */ +// uint64_t hdr_offset; /* offset from device start in bytes */ +// char _padding[184]; +// uint8_t csum[LUKS2_CHECKSUM_L]; +// } +message LUKS2_header { + required luks_version version = 1; + required luks2_magic magic = 2; + required hdr_size hdr_size = 3; + required bool use_correct_checksum = 4; + + optional uint64 selected_offset = 5; +} + +message LUKS2_both_headers { + required LUKS2_header primary_header = 1; + required LUKS2_header secondary_header = 2; + + required seqid_description seqid = 3; + required JsonObject json_area = 4; +} + +message JsonObject { + required string name = 1; + required JsonValue value = 2; +} + +message JsonValue { + oneof value { + // Json value types: + + // null: null, will be used when 'oneof' contains nothing + + // object: another json object of any type + JsonObject object_value = 1; + + // array: an array of values + ArrayValue array_value = 2; + + // number: can be an integer, a float, an exponent + NumberValue number_value = 3; + + // string: unicode string + StringValue string_value = 4; + + // boolean: true or talse + BooleanValue boolean_value = 5; + } +} + +message ArrayValue { + repeated JsonValue value = 1; +} + +message NumberInteger { + required int64 value = 1; +} + +message NumberFloat { + required double value = 1; +} + +message NumberExponent { + required int32 base = 1; + required int32 exponent = 2; + required bool use_uppercase = 3; +} + +message NumberExponentFrac { + required float base = 1; + required int32 exponent = 2; + required bool use_uppercase = 3; +} + +message NumberValue { + required NumberInteger integer_value = 1; + + // integer_value is used when oneof field below has nothing. + oneof value { + NumberFloat float_value = 2; + NumberExponent exponent_value = 3; + NumberExponentFrac exponent_frac_value = 4; + } +} + +message StringValue { + required string value = 1; +} + +message BooleanValue { + required bool value = 1; +} diff -Nru cryptsetup-2.5.0/tests/fuzz/LUKS2.proto cryptsetup-2.6.1/tests/fuzz/LUKS2.proto --- cryptsetup-2.5.0/tests/fuzz/LUKS2.proto 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/LUKS2.proto 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,379 @@ +/* + * cryptsetup LUKS2 custom mutator + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +syntax = "proto2"; + +package LUKS2_proto; + +// --------------------------------------------------------------------------- +// ----------------------------- GENERIC OBJECTS ----------------------------- +// --------------------------------------------------------------------------- + +message object_id { + oneof id { + // int_id will be mapped to range -16 to 16 (mod 33) + // this way iy should be easier to generate valid + // object cross-references + uint32 int_id = 1; + string string_id = 2; + } +} + +message string_uint64 { + required bool negative = 1; + oneof number { + uint32 uint_num = 2; + string string_num = 3; + } +} + +enum hash_algorithm { + HASH_ALG_SHA1 = 1; + HASH_ALG_SHA256 = 2; +} + + +// --------------------------------------------------------------------------- +// ----------------------------- BINARY HEADER ------------------------------- +// --------------------------------------------------------------------------- + +enum luks2_magic { + INVALID = 0; + FIRST = 1; + SECOND = 2; +} + +enum luks_version { + ONE = 1; + TWO = 2; + THREE = 3; +} + +// we limit the size to 64KiB to make the fuzzing faster +// because the checksum needs to be calculated for the whole image +enum hdr_size { + size_16_KB = 16384; + size_32_KB = 32768; + size_64_KB = 65536; +// size_128_KB = 131072; +// size_256_KB = 262144; +// size_512_KB = 524288; +// size_1_MB = 1048576; +// size_2_MB = 2097152; +// size_4_MB = 4194304; +} + +enum seqid_description { + PRIMARY_GREATER = 0; + SECONDARY_GREATER = 1; + EQUAL = 2; +} + +// message luks2_hdr_disk { +// char magic[LUKS2_MAGIC_L]; +// //uint16_t version; /* Version 2 */ +// uint64_t hdr_size; /* in bytes, including JSON area */ +// uint64_t seqid; /* increased on every update */ +// char label[LUKS2_LABEL_L]; +// char checksum_alg[LUKS2_CHECKSUM_ALG_L]; +// uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */ +// char uuid[LUKS2_UUID_L]; +// char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */ +// uint64_t hdr_offset; /* offset from device start in bytes */ +// char _padding[184]; +// uint8_t csum[LUKS2_CHECKSUM_L]; +// } +message LUKS2_header { + required luks_version version = 1; + required luks2_magic magic = 2; + required hdr_size hdr_size = 3; + required bool use_correct_checksum = 4; + + optional uint64 selected_offset = 5; +} + +message LUKS2_both_headers { + required LUKS2_header primary_header = 1; + required LUKS2_header secondary_header = 2; + + required seqid_description seqid = 3; + required json_area_description json_area = 4; +} + +message json_area_description { + optional config_description config = 1; + repeated keyslot_description keyslots = 2; + repeated digest_description digests = 3; + repeated segment_description segments = 4; + repeated token_description tokens = 5; +} + +// --------------------------------------------------------------------------- +// ----------------------------- KEYSLOT OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +enum keyslot_type { + KEYSLOT_TYPE_LUKS2 = 1; + KEYSLOT_TYPE_REENCRYPT = 2; + KEYSLOT_TYPE_PLACEHOLDER = 3; +} + +enum reencrypt_keyslot_mode { + MODE_REENCRYPT = 1; + MODE_ENCRYPT = 2; + MODE_DECRYPT = 3; +} + +enum reencrypt_keyslot_direction { + DIRECTION_FORWARD = 1; + DIRECTION_BACKWARD = 2; +} + +// The area object contains these mandatory fields: +// - type [string] the area type. +// - offset [string-uint64] the offset from the device start to the beginning of the binary area (in bytes). +// - size [string-uint64] the area size (in bytes). +// +// Area type raw contains these additional fields: +// - encryption [string] the area encryption algorithm, in dm-crypt notation (for example aes-xts-plain64). +// - key_size [integer] the area encryption key size. +// +// Area type none and journal (used only for reencryption optional extension) contain only mandatory fields. +// +// Area type checksum (used only for reencryption optional extension) contains these additional fields: +// - hash [string] The hash algorithm for the checksum resilience mode. +// - sector_size [integer] The data unit size for digest checksum calculated with the hash algorithm. +// +// Area type datashift (used only for reencryption optional extension) contains this additional field: +// - shift_size [string-uint64] The data shift (in bytes) performed during reencryption (shift direction is according to direction field). + +enum keyslot_area_type { + KEYSLOT_AREA_TYPE_RAW = 1; + KEYSLOT_AREA_TYPE_NONE = 2; + KEYSLOT_AREA_TYPE_JOURNAL = 3; + KEYSLOT_AREA_TYPE_CHECKSUM = 4; + KEYSLOT_AREA_TYPE_DATASHIFT = 5; +} + +message keyslot_area_description { + // mandatory fields + optional keyslot_area_type type = 1; + optional string_uint64 offset = 2; + optional string_uint64 size = 3; + + // raw type fields + optional string encryption = 4; + optional int32 key_size = 5; + + // checksum type field + optional hash_algorithm hash = 6; + optional int32 sector_size = 7; + + // datashift type fields + optional string_uint64 shift_size = 8; +} + +// The object describes PBKDF attributes used for the keyslot. +// The kdf object mandatory fields are: +// - type [string] the PBKDF type. +// - salt [base64] the salt for PBKDF (binary data). +// +// The pbkdf2 type (compatible with LUKS1) contains these additional fields: +// - hash [string] the hash algorithm for the PBKDF2 (SHA-256). +// - iterations [integer] the PBKDF2 iterations count. +// +// The argon2i and argon2id type contains these additional fields: +// - time [integer] the time cost (in fact the iterations count for Argon2). +// - memory [integer] the memory cost, in kilobytes. If not available, the keyslot cannot be unlocked. +// - cpus [integer] the required number of threads (CPU cores number cost). If not available, unlocking will be slower. + +enum keyslot_kdf_type { + KEYSLOT_KDF_TYPE_PBKDF2 = 1; + KEYSLOT_KDF_TYPE_ARGON2I = 2; + KEYSLOT_KDF_TYPE_ARGON2ID = 3; +} + +message keyslot_kdf_description { + optional keyslot_kdf_type type = 1; + optional string salt = 2; + + // pbkdf2 type + optional hash_algorithm hash = 3; + optional int32 iterations = 4; + + // argon2i and argon2id types + optional int32 time = 5; + optional int32 memory = 6; + optional int32 cpus = 7; +} + +enum keyslot_af_type { + KEYSLOT_AF_TYPE_LUKS1 = 1; +} + +// The af (anti-forensic splitter) object contains this madatory field: +// - type [string] the anti-forensic function type. +// AF type luks1 (compatible with LUKS1 [1]) contains these additional fields: +// - stripes [integer] the number of stripes, for historical reasons only the 4000 value is supported. +// - hash [string] the hash algorithm used. + +message keyslot_af_description { + optional keyslot_af_type type = 1; + optional int32 stripes = 2; + optional hash_algorithm hash = 3; +} + +// - type [string] the keyslot type. +// - key_size [integer] the key size (in bytes) stored in keyslot. +// - priority [integer,optional] the keyslot priority. Here 0 means ignore (the slot should be used only if explicitly stated), 1 means normal priority and 2 means high priority (tried before normal priority). + +// REENCRYPT +// The key size field must be set to 1. The area type must be none, checksum, +// journal or datashift. +// The reencrypt object must contain these additional fields: +// - mode [string] the reencryption mode. reencrypt, encrypt and decrypt +// - direction [string] the reencryption direction. forward backward + +// - area [object] the allocated area in the binary keyslots area. +// LUKS2 object must contain these additional fields: +// - kdf [object] the PBKDF type and parameters used. +// - af [object] the anti-forensic splitter [1] (only the luks1 type is currently +// used). + +message keyslot_description { + // type + required object_id oid = 1; + + optional keyslot_type type = 2; + optional int32 key_size = 3; + optional int32 priority = 4; + + // reencrypt extension + optional reencrypt_keyslot_mode mode = 5; + optional reencrypt_keyslot_direction direction = 6; + + // objects + optional keyslot_area_description area = 7; + optional keyslot_kdf_description kdf = 8; + optional keyslot_af_description af = 9; +} + +// --------------------------------------------------------------------------- +// ------------------------------ DIGEST OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +message digest_description { + required object_id oid = 1; + + optional keyslot_kdf_type type = 2; + repeated object_id keyslots = 3; + repeated object_id segments = 4; + optional string salt = 5; + optional string digest = 6; + + // pbkdf2 digest fields + optional hash_algorithm hash = 7; + optional int32 iterations = 8; +} + +// --------------------------------------------------------------------------- +// ----------------------------- SEGMENT OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +enum segment_type { + SEGMENT_TYPE_LINEAR = 1; + SEGMENT_TYPE_CRYPT = 2; +} + +enum segment_flag { + IN_REENCRYPTION = 1; + BACKUP_FINAL = 2; + BACKUP_PREVIOUS = 3; + BACKUP_MOVED_SEGMENT = 4; +} + +message segment_integrity_description { + optional string type = 1; + optional string journal_encryption = 2; + optional string journal_integrity = 3; +} + +message segment_description { + required object_id oid = 1; + optional segment_type type = 2; + optional string_uint64 offset = 3; + optional string_uint64 size = 4; + repeated segment_flag flags = 5; + + // segment type crypt + optional string_uint64 iv_tweak = 6; + optional string encryption = 7; + optional int32 sector_size = 8; + optional segment_integrity_description integrity = 9; +} + +// --------------------------------------------------------------------------- +// ------------------------------ TOKEN OBJECT ------------------------------- +// --------------------------------------------------------------------------- + +message token_description { + required object_id oid = 1; + + optional string type = 2; + repeated object_id keyslots = 3; + optional string key_description = 4; +} + +// --------------------------------------------------------------------------- +// ------------------------------ CONFIG OBJECT ------------------------------ +// --------------------------------------------------------------------------- + +// - allow-discards allows TRIM (discards) on the active device. +// - same-cpu-crypt compatibility performance flag for dm-crypt [3] to per- form encryption using the same CPU that originated the request. +// - submit-from-crypt-cpus compatibility performance flag for dm-crypt [3] to disable offloading write requests to a separate thread after encryption. +// - no-journal disable data journalling for dm-integrity [10]. +// - no-read-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt read workqueue and process read requests synchronously. +// - no-write-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt write workqueue and process write requests synchronously. +enum config_flag { + CONFIG_FLAG_ALLOW_DISCARDS = 1; + CONFIG_FLAG_SAME_CPU_CRYPT = 2; + CONFIG_FLAG_SUBMIT_FROM_CRYPT_CPUS = 3; + CONFIG_FLAG_NO_JOURNAL = 4; + CONFIG_FLAG_NO_READ_WORKQUEUE = 5; + CONFIG_FLAG_NO_WRITE_WORKQUEUE = 6; +} + +enum config_requirement { + CONFIG_REQUIREMENT_OFFLINE_REENCRYPT = 1; + CONFIG_REQUIREMENT_ONLINE_REENCRYPT_V2 = 2; +} + +// - json_size [string-uint64] the JSON area size (in bytes). Must match the binary header. +// - keyslots_size [string-uint64] the binary keyslot area size (in bytes). Must be aligned to 4096 bytes. +// - flags [array, optional] the array of string objects with persistent flags for the device. +// - requirements [array, optional] the array of string objects with additional required features for the LUKS device. + +message config_description { + required bool use_primary_hdr_size = 2; + + repeated config_flag config_flags = 3; + repeated config_requirement requirements = 4; +} diff -Nru cryptsetup-2.5.0/tests/fuzz/Makefile.am cryptsetup-2.6.1/tests/fuzz/Makefile.am --- cryptsetup-2.5.0/tests/fuzz/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/Makefile.am 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,122 @@ +EXTRA_DIST = README.md oss-fuzz-build.sh +dist_noinst_DATA = \ + LUKS2.proto \ + LUKS2_plain_JSON.proto \ + crypt2_load_fuzz.dict \ + crypt2_load_ondisk_fuzz.dict \ + crypt2_load_proto_plain_json_fuzz.dict \ + unpoison-mutated-buffers-from-libfuzzer.patch +CLEANFILES = \ + LUKS2.pb.h \ + LUKS2.pb.cc \ + LUKS2_plain_JSON.pb.h \ + LUKS2_plain_JSON.pb.cc + +distclean-local: + -rm -rf out build + +LIB_FUZZING_ENGINE := $(if $(LIB_FUZZING_ENGINE),$(LIB_FUZZING_ENGINE),"-fsanitize=fuzzer") +SANITIZER := $(if $(SANITIZER),,"-fsanitize=address") + +DEPS_PATH := $(top_srcdir)/tests/fuzz/build/static_lib_deps + +crypt2_load_fuzz_SOURCES = FuzzerInterface.h crypt2_load_fuzz.cc +crypt2_load_fuzz_LDADD = ../../libcryptsetup.la ../../libcrypto_backend.la -L$(DEPS_PATH)/lib +crypt2_load_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER) +crypt2_load_fuzz_CXXFLAGS = $(AM_CXXFLAGS) -I$(top_srcdir)/lib -I$(top_srcdir)/tests/fuzz + +crypt2_load_ondisk_fuzz_SOURCES = FuzzerInterface.h crypt2_load_ondisk_fuzz.cc +crypt2_load_ondisk_fuzz_LDADD = ../../libcryptsetup.la -L$(DEPS_PATH)/lib +crypt2_load_ondisk_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER) +crypt2_load_ondisk_fuzz_CXXFLAGS = $(AM_CXXFLAGS) -I$(top_srcdir)/lib -I$(top_srcdir)/tests/fuzz + +test-environment-m: + @ if test ! -d $(DEPS_PATH); then \ + echo "You need to build static libraries first; use oss-fuzz-build.sh script."; \ + exit 1; \ + fi +test-environment: | test-environment-m $(DEPS_PATH) + +LUKS2.pb.h: LUKS2.proto + $(DEPS_PATH)/bin/protoc LUKS2.proto --cpp_out=. +LUKS2.pb.cc: LUKS2.pb.h + +LUKS2_plain_JSON.pb.h: LUKS2_plain_JSON.proto + $(DEPS_PATH)/bin/protoc LUKS2_plain_JSON.proto --cpp_out=. +LUKS2_plain_JSON.pb.cc: LUKS2_plain_JSON.pb.h + +crypt2_load_proto_fuzz-crypt2_load_proto_fuzz.$(OBJEXT): LUKS2.pb.cc +crypt2_load_proto_plain_json_fuzz-crypt2_load_proto_plain_json_fuzz.$(OBJEXT): LUKS2_plain_JSON.pb.cc + +nodist_crypt2_load_proto_fuzz_SOURCES = LUKS2.pb.h LUKS2.pb.cc +crypt2_load_proto_fuzz_SOURCES = FuzzerInterface.h \ + crypt2_load_proto_fuzz.cc \ + proto_to_luks2_converter.h \ + proto_to_luks2_converter.cc +crypt2_load_proto_fuzz_LDADD = \ + ../../libcryptsetup.la \ + ../../libcrypto_backend.la \ + -L$(DEPS_PATH)/lib -lprotobuf-mutator-libfuzzer -lprotobuf-mutator -lprotobuf +crypt2_load_proto_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER) +crypt2_load_proto_fuzz_CXXFLAGS = $(AM_CXXFLAGS) \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/tests/fuzz \ + -I$(DEPS_PATH)/include \ + -I$(DEPS_PATH)/include/libprotobuf-mutator -I$(DEPS_PATH)/include/libprotobuf-mutator/src + +nodist_crypt2_load_proto_plain_json_fuzz_SOURCES = LUKS2_plain_JSON.pb.h LUKS2_plain_JSON.pb.cc +crypt2_load_proto_plain_json_fuzz_SOURCES = FuzzerInterface.h \ + crypt2_load_proto_plain_json_fuzz.cc \ + json_proto_converter.h \ + json_proto_converter.cc \ + plain_json_proto_to_luks2_converter.h \ + plain_json_proto_to_luks2_converter.cc +crypt2_load_proto_plain_json_fuzz_LDADD = \ + ../../libcryptsetup.la \ + ../../libcrypto_backend.la \ + -L$(DEPS_PATH)/lib -lprotobuf-mutator-libfuzzer -lprotobuf-mutator -lprotobuf +crypt2_load_proto_plain_json_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER) +crypt2_load_proto_plain_json_fuzz_CXXFLAGS = $(AM_CXXFLAGS) \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/tests/fuzz \ + -I$(DEPS_PATH)/include \ + -I$(DEPS_PATH)/include/libprotobuf-mutator -I$(DEPS_PATH)/include/libprotobuf-mutator/src + +nodist_proto_to_luks2_SOURCES = LUKS2.pb.h LUKS2.pb.cc +proto_to_luks2_SOURCES = \ + proto_to_luks2.cc \ + proto_to_luks2_converter.h \ + proto_to_luks2_converter.cc +proto_to_luks2_LDADD = ../../libcryptsetup.la ../../libcrypto_backend.la -L$(DEPS_PATH)/lib -lprotobuf +proto_to_luks2_LDFLAGS = $(AM_LDFLAGS) -fsanitize=fuzzer-no-link $(SANITIZER) +proto_to_luks2_CXXFLAGS = $(AM_CXXFLAGS) \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/tests/fuzz \ + -I$(DEPS_PATH)/include + +nodist_plain_json_proto_to_luks2_SOURCES = LUKS2_plain_JSON.pb.h LUKS2_plain_JSON.pb.cc +plain_json_proto_to_luks2_SOURCES = \ + plain_json_proto_to_luks2.cc \ + plain_json_proto_to_luks2_converter.h \ + plain_json_proto_to_luks2_converter.cc \ + json_proto_converter.h \ + json_proto_converter.cc +plain_json_proto_to_luks2_LDADD = ../../libcryptsetup.la ../../libcrypto_backend.la -L$(DEPS_PATH)/lib -lprotobuf +plain_json_proto_to_luks2_LDFLAGS = $(AM_LDFLAGS) -fsanitize=fuzzer-no-link $(SANITIZER) +plain_json_proto_to_luks2_CXXFLAGS = $(AM_CXXFLAGS) \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/tests/fuzz \ + -I$(DEPS_PATH)/include + +if ENABLE_FUZZ_TARGETS +noinst_PROGRAMS = \ + crypt2_load_fuzz \ + crypt2_load_ondisk_fuzz \ + crypt2_load_proto_fuzz \ + crypt2_load_proto_plain_json_fuzz \ + proto_to_luks2 \ + plain_json_proto_to_luks2 + +fuzz-targets: test-environment $(noinst_PROGRAMS) +.PHONY: fuzz-targets +endif diff -Nru cryptsetup-2.5.0/tests/fuzz/oss-fuzz-build.sh cryptsetup-2.6.1/tests/fuzz/oss-fuzz-build.sh --- cryptsetup-2.5.0/tests/fuzz/oss-fuzz-build.sh 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/oss-fuzz-build.sh 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,152 @@ +#!/usr/bin/env bash + +function in_oss_fuzz() +{ + test -n "$FUZZING_ENGINE" +} + +echo "Running cryptsetup OSS-Fuzz build script." +env +set -ex +PWD=$(pwd) + +export LC_CTYPE=C.UTF-8 + +export SRC=${SRC:-$PWD/build} +export OUT="${OUT:-$PWD/out}" +export DEPS_PATH=$SRC/static_lib_deps + +export PKG_CONFIG_PATH="$DEPS_PATH"/lib/pkgconfig + +export CC=${CC:-clang} +export CXX=${CXX:-clang++} +export LIB_FUZZING_ENGINE="${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}" + +SANITIZER="${SANITIZER:-address -fsanitize-address-use-after-scope}" +flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link" + +export CFLAGS="${CFLAGS:-$flags} -I$DEPS_PATH/include" +export CXXFLAGS="${CXXFLAGS:-$flags} -I$DEPS_PATH/include" +export LDFLAGS="${LDFLAGS-} -L$DEPS_PATH/lib" + +ENABLED_FUZZERS=${ENABLED_FUZZERS:-crypt2_load_fuzz crypt2_load_ondisk_fuzz crypt2_load_proto_plain_json_fuzz} + +mkdir -p $SRC +mkdir -p $OUT +mkdir -p $DEPS_PATH +cd $SRC + +LIBFUZZER_PATCH="$PWD/unpoison-mutated-buffers-from-libfuzzer.patch" +in_oss_fuzz && LIBFUZZER_PATCH="$PWD/cryptsetup/tests/fuzz/unpoison-mutated-buffers-from-libfuzzer.patch" + +in_oss_fuzz && apt-get update && apt-get install -y \ + make autoconf automake autopoint libtool pkg-config \ + sharutils gettext expect keyutils ninja-build \ + bison + +[ ! -d zlib ] && git clone --depth 1 https://github.com/madler/zlib.git +[ ! -d xz ] && git clone https://git.tukaani.org/xz.git +[ ! -d json-c ] && git clone --depth 1 https://github.com/json-c/json-c.git +[ ! -d lvm2 ] && git clone --depth 1 https://sourceware.org/git/lvm2.git +[ ! -d popt ] && git clone --depth 1 https://github.com/rpm-software-management/popt.git +[ ! -d libprotobuf-mutator ] && git clone --depth 1 https://github.com/google/libprotobuf-mutator.git \ + && [ "$SANITIZER" == "memory" ] && ( cd libprotobuf-mutator; patch -p1 < $LIBFUZZER_PATCH ) +[ ! -d openssl ] && git clone --depth 1 https://github.com/openssl/openssl +[ ! -d util-linux ] && git clone --depth 1 https://github.com/util-linux/util-linux +[ ! -d cryptsetup_fuzzing ] && git clone --depth 1 https://gitlab.com/cryptsetup/cryptsetup_fuzzing.git + +cd openssl +./Configure --prefix="$DEPS_PATH" --libdir=lib no-shared no-module no-asm +make build_generated +make -j libcrypto.a +make install_dev +cd .. + +cd util-linux +./autogen.sh +./configure --prefix="$DEPS_PATH" --enable-static --disable-shared -disable-all-programs --enable-libuuid --enable-libblkid +make -j +make install +cd .. + +cd zlib +./configure --prefix="$DEPS_PATH" --static +make -j +make install +cd .. + +cd xz +./autogen.sh --no-po4a +./configure --prefix="$DEPS_PATH" --enable-static --disable-shared +make -j +make install +cd .. + +cd json-c +mkdir -p build +rm -fr build/* +cd build +cmake .. -DCMAKE_INSTALL_PREFIX="$DEPS_PATH" -DBUILD_SHARED_LIBS=OFF -DBUILD_STATIC_LIBS=ON +make -j +make install +cd ../.. + +cd lvm2 +./configure --prefix="$DEPS_PATH" --enable-static_link --disable-udev_sync --enable-pkgconfig --disable-selinux +make -j libdm.device-mapper +# build of dmsetup.static is broken +# make install_device-mapper +cp ./libdm/ioctl/libdevmapper.a "$DEPS_PATH"/lib/ +cp ./libdm/libdevmapper.h "$DEPS_PATH"/include/ +cp ./libdm/libdevmapper.pc "$PKG_CONFIG_PATH" +cd .. + +cd popt +# --no-undefined is incompatible with sanitizers +sed -i -e 's/-Wl,--no-undefined //' src/CMakeLists.txt +mkdir -p build +rm -fr build/* +cd build +cmake .. -DCMAKE_INSTALL_PREFIX="$DEPS_PATH" -DBUILD_SHARED_LIBS=OFF +make -j +make install +cd ../.. + +cd libprotobuf-mutator +mkdir -p build +rm -fr build/* +cd build +cmake .. -GNinja \ + -DCMAKE_INSTALL_PREFIX="$DEPS_PATH" \ + -DPKG_CONFIG_PATH="$PKG_CONFIG_PATH" \ + -DLIB_PROTO_MUTATOR_TESTING=OFF \ + -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON +ninja +ninja install +cd external.protobuf; +cp -Rf bin lib include "$DEPS_PATH"; +cd ../../.. + +if in_oss_fuzz; then + mkdir -p cryptsetup/tests/fuzz/build + ln -s ../../../../static_lib_deps cryptsetup/tests/fuzz/build/static_lib_deps + cd cryptsetup +else + cd ../../.. +fi +./autogen.sh +./configure --enable-static --disable-asciidoc --disable-ssh-token --disable-udev --disable-selinux --with-crypto_backend=openssl --disable-shared --enable-fuzz-targets +make clean +make -j fuzz-targets + +for fuzzer in $ENABLED_FUZZERS; do + cp tests/fuzz/$fuzzer $OUT + cp $SRC/cryptsetup_fuzzing/${fuzzer}_seed_corpus.zip $OUT + + # optionally copy the dictionary if it exists + if [ -e tests/fuzz/${fuzzer}.dict ]; then + cp tests/fuzz/${fuzzer}.dict $OUT + fi +done + +cd $PWD diff -Nru cryptsetup-2.5.0/tests/fuzz/plain_json_proto_to_luks2.cc cryptsetup-2.6.1/tests/fuzz/plain_json_proto_to_luks2.cc --- cryptsetup-2.5.0/tests/fuzz/plain_json_proto_to_luks2.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/plain_json_proto_to_luks2.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,75 @@ +/* + * cryptsetup LUKS2 protobuf to image converter + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +#include +#include + +#include +#include + +#include "plain_json_proto_to_luks2_converter.h" + +using namespace json_proto; + +int main(int argc, char *argv[]) { + LUKS2_both_headers headers; + LUKS2ProtoConverter converter; + int fd; + + std::string out_img_name; + + if (argc != 2) { + std::cerr << "Usage: " << argv[0] << " \n"; + return EXIT_FAILURE; + } + + fd = open(argv[1], O_RDONLY); + if (fd < 0) { + std::cerr << "Failed to open " << argv[1] << std::endl; + return EXIT_FAILURE; + } + + google::protobuf::io::FileInputStream fileInput(fd); + + if (!google::protobuf::TextFormat::Parse(&fileInput, &headers)) { + std::cerr << "Failed to parse protobuf " << argv[1] << std::endl; + close(fd); + return EXIT_FAILURE; + } + close(fd); + + out_img_name = argv[1]; + out_img_name += ".img"; + + fd = open(out_img_name.c_str(), O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC|O_TRUNC, 0644); + if (fd < 0) { + std::cerr << "Failed to open output file " << out_img_name << std::endl; + return EXIT_FAILURE; + } + converter.set_write_headers_only(false); + converter.convert(headers, fd); + + close(fd); + return EXIT_SUCCESS; +} diff -Nru cryptsetup-2.5.0/tests/fuzz/plain_json_proto_to_luks2_converter.cc cryptsetup-2.6.1/tests/fuzz/plain_json_proto_to_luks2_converter.cc --- cryptsetup-2.5.0/tests/fuzz/plain_json_proto_to_luks2_converter.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/plain_json_proto_to_luks2_converter.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,153 @@ +/* + * cryptsetup LUKS2 custom mutator fuzz target + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "plain_json_proto_to_luks2_converter.h" +#include "json_proto_converter.h" + +extern "C" { +#include "src/cryptsetup.h" +#include "luks2/luks2.h" +#include +} + +namespace json_proto { + +void LUKS2ProtoConverter::emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid, const std::string &json_text) { + struct luks2_hdr_disk hdr = {}; + int r; + + if (hd) + crypt_hash_destroy(hd); + if (crypt_hash_init(&hd, "sha256")) + err(EXIT_FAILURE, "crypt_hash_init failed"); + + + r = lseek(fd, offset, SEEK_SET); + if (r == -1) + err(EXIT_FAILURE, "lseek failed"); + + switch (header_proto.magic()) { + case INVALID: + memset(&hdr.magic, 0, LUKS2_MAGIC_L); + break; + case FIRST: + memcpy(&hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L); + break; + case SECOND: + memcpy(&hdr.magic, LUKS2_MAGIC_2ND, LUKS2_MAGIC_L); + break; + } + hdr.version = cpu_to_be16(header_proto.version()); + hdr.hdr_size = cpu_to_be64(header_proto.hdr_size()); + hdr.seqid = cpu_to_be64(seqid); + strncpy(hdr.checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L); + hdr.checksum_alg[LUKS2_CHECKSUM_ALG_L - 1] = '\0'; + strncpy(hdr.uuid, "af7f64ea-3233-4581-946b-6187d812841e", LUKS2_UUID_L); + memset(hdr.salt, 1, LUKS2_SALT_L); + + + if (header_proto.has_selected_offset()) + hdr.hdr_offset = cpu_to_be64(header_proto.selected_offset()); + else + hdr.hdr_offset = cpu_to_be64(offset); + + if (write_buffer(fd, &hdr, LUKS2_HDR_BIN_LEN) != LUKS2_HDR_BIN_LEN) + err(EXIT_FAILURE, "write_buffer failed"); + if (crypt_hash_write(hd, (char*)&hdr, LUKS2_HDR_BIN_LEN)) + err(EXIT_FAILURE, "crypt_hash_write failed"); + + size_t hdr_json_area_len = header_proto.hdr_size() - LUKS2_HDR_BIN_LEN; + uint8_t csum[LUKS2_CHECKSUM_L]; + + size_t write_size = json_text.length() > hdr_json_area_len - 1 ? hdr_json_area_len - 1 : json_text.length(); + if (write_buffer(fd, json_text.c_str(), write_size) != (ssize_t)write_size) + err(EXIT_FAILURE, "write_buffer failed"); + if (crypt_hash_write(hd, json_text.c_str(), write_size)) + err(EXIT_FAILURE, "crypt_hash_write failed"); + + for (size_t i = 0; i < (hdr_json_area_len - write_size); i++) { + if (crypt_hash_write(hd, "\0", 1)) + err(EXIT_FAILURE, "crypt_hash_write failed"); + } + + if (header_proto.use_correct_checksum()) { + if (lseek(fd, offset + offsetof(luks2_hdr_disk, csum), SEEK_SET) == -1) + err(EXIT_FAILURE, "lseek failed"); + + int hash_size = crypt_hash_size("sha256"); + if (hash_size <= 0) + err(EXIT_FAILURE, "crypt_hash_size failed"); + + if (crypt_hash_final(hd, (char*)csum, (size_t)hash_size)) + err(EXIT_FAILURE, "crypt_hash_final failed"); + if (write_buffer(fd, csum, hash_size) != hash_size) + err(EXIT_FAILURE, "write_buffer failed"); + } +} + +void LUKS2ProtoConverter::set_write_headers_only(bool headers_only) { + write_headers_only = headers_only; +} + +void LUKS2ProtoConverter::convert(const LUKS2_both_headers &headers, int fd) { + uint64_t primary_seqid, secondary_seqid; + int result; + + size_t out_size = headers.primary_header().hdr_size() + headers.secondary_header().hdr_size(); + + if (!write_headers_only) + out_size += KEYSLOTS_SIZE + DATA_SIZE; + + result = ftruncate(fd, out_size); + if (result == -1) + err(EXIT_FAILURE, "truncate failed"); + + result = lseek(fd, 0, SEEK_SET); + if (result == -1) + err(EXIT_FAILURE, "lseek failed"); + + switch (headers.seqid()) { + case EQUAL: + primary_seqid = 1; + secondary_seqid = 1; + break; + case PRIMARY_GREATER: + primary_seqid = 2; + secondary_seqid = 1; + break; + case SECONDARY_GREATER: + primary_seqid = 1; + secondary_seqid = 2; + break; + } + + JsonProtoConverter converter; + std::string json_text = converter.Convert(headers.json_area()); + + emit_luks2_binary_header(headers.primary_header(), fd, 0, primary_seqid, json_text); + emit_luks2_binary_header(headers.secondary_header(), fd, headers.primary_header().hdr_size(), secondary_seqid, json_text); +} + +LUKS2ProtoConverter::~LUKS2ProtoConverter() { + if (hd) + crypt_hash_destroy(hd); +} +} // namespace LUKS2_proto diff -Nru cryptsetup-2.5.0/tests/fuzz/plain_json_proto_to_luks2_converter.h cryptsetup-2.6.1/tests/fuzz/plain_json_proto_to_luks2_converter.h --- cryptsetup-2.5.0/tests/fuzz/plain_json_proto_to_luks2_converter.h 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/plain_json_proto_to_luks2_converter.h 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,58 @@ +/* + * cryptsetup LUKS2 custom mutator fuzz target + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef LUKS2_PROTO_CONVERTER_H_ +#define LUKS2_PROTO_CONVERTER_H_ + +#include +#include +#include + +#include "LUKS2_plain_JSON.pb.h" +extern "C" { +#include "crypto_backend/crypto_backend.h" +} + +namespace json_proto { + +class LUKS2ProtoConverter { + public: + ~LUKS2ProtoConverter(); + void create_jobj(const LUKS2_both_headers &headers, uint64_t hdr_size); + void convert(const LUKS2_both_headers &headers, int fd); + void create_jobj(const LUKS2_both_headers &headers); + void emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid, const std::string &json_text); + + void set_write_headers_only(bool headers_only); + + const uint8_t *get_out_buffer(); + size_t get_out_size(); + + static const uint64_t KEYSLOTS_SIZE = 3 * 1024 * 1024; + static const uint64_t DATA_SIZE = 16 * 1024 * 1024; + private: + bool write_headers_only = false; + struct crypt_hash *hd = NULL; +}; + +} // namespace LUKS2_proto + +#endif // LUKS2_PROTO_CONVERTER_H_ diff -Nru cryptsetup-2.5.0/tests/fuzz/proto_to_luks2.cc cryptsetup-2.6.1/tests/fuzz/proto_to_luks2.cc --- cryptsetup-2.5.0/tests/fuzz/proto_to_luks2.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/proto_to_luks2.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,75 @@ +/* + * cryptsetup LUKS2 protobuf to image converter + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +#include +#include + +#include +#include + +#include "proto_to_luks2_converter.h" + +using namespace LUKS2_proto; + +int main(int argc, char *argv[]) { + LUKS2_both_headers headers; + LUKS2ProtoConverter converter; + int fd; + + std::string out_img_name; + + if (argc != 2) { + std::cerr << "Usage: " << argv[0] << " \n"; + return EXIT_FAILURE; + } + + fd = open(argv[1], O_RDONLY); + if (fd < 0) { + std::cerr << "Failed to open " << argv[1] << std::endl; + return EXIT_FAILURE; + } + + google::protobuf::io::FileInputStream fileInput(fd); + + if (!google::protobuf::TextFormat::Parse(&fileInput, &headers)) { + std::cerr << "Failed to parse protobuf " << argv[1] << std::endl; + close(fd); + return EXIT_FAILURE; + } + close(fd); + + out_img_name = argv[1]; + out_img_name += ".img"; + + fd = open(out_img_name.c_str(), O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC|O_TRUNC, 0644); + if (fd < 0) { + std::cerr << "Failed to open output file " << out_img_name << std::endl; + return EXIT_FAILURE; + } + converter.set_write_headers_only(false); + converter.convert(headers, fd); + + close(fd); + return EXIT_SUCCESS; +} diff -Nru cryptsetup-2.5.0/tests/fuzz/proto_to_luks2_converter.cc cryptsetup-2.6.1/tests/fuzz/proto_to_luks2_converter.cc --- cryptsetup-2.5.0/tests/fuzz/proto_to_luks2_converter.cc 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/proto_to_luks2_converter.cc 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,604 @@ +/* + * cryptsetup LUKS2 custom mutator fuzz target + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "proto_to_luks2_converter.h" +#include + +extern "C" { +#include "src/cryptsetup.h" +#include "luks2/luks2.h" +#include +} + +namespace LUKS2_proto { + +std::string LUKS2ProtoConverter::string_uint64_to_string(const string_uint64 &str_u64) { + std::ostringstream os; + + if (str_u64.negative()) + os << "-"; + + if (str_u64.has_uint_num()) + os << str_u64.uint_num(); + else if (str_u64.has_string_num()) + os << str_u64.string_num(); + + return os.str(); +} + +std::string LUKS2ProtoConverter::object_id_to_string(const object_id &oid) { + std::ostringstream os; + + if (oid.has_int_id()) { + os << (oid.int_id() % 33) - 16; + } else if (oid.has_string_id()) { + os << oid.string_id(); + } + + return os.str(); +} + +std::string LUKS2ProtoConverter::hash_algorithm_to_string(const hash_algorithm type) { + switch (type) { + case HASH_ALG_SHA1: + return "sha1"; + case HASH_ALG_SHA256: + return "sha256"; + } +} + +std::string LUKS2ProtoConverter::keyslot_area_type_to_string(const keyslot_area_type type) { + switch (type) { + case KEYSLOT_AREA_TYPE_RAW: + return "raw"; + case KEYSLOT_AREA_TYPE_NONE: + return "none"; + case KEYSLOT_AREA_TYPE_JOURNAL: + return "journal"; + case KEYSLOT_AREA_TYPE_CHECKSUM: + return "checksum"; + case KEYSLOT_AREA_TYPE_DATASHIFT: + return "datashift"; + } +} + +void LUKS2ProtoConverter::generate_keyslot_area(struct json_object *jobj_area, const keyslot_area_description &keyslot_area_desc) { + // mandatory fields + if (keyslot_area_desc.has_type()) + json_object_object_add(jobj_area, "type", json_object_new_string(keyslot_area_type_to_string(keyslot_area_desc.type()).c_str())); + if (keyslot_area_desc.has_offset()) + json_object_object_add(jobj_area, "offset", json_object_new_string(string_uint64_to_string(keyslot_area_desc.offset()).c_str())); + if (keyslot_area_desc.has_size()) + json_object_object_add(jobj_area, "size", json_object_new_string(string_uint64_to_string(keyslot_area_desc.size()).c_str())); + + // raw type fields + if (keyslot_area_desc.has_encryption()) + json_object_object_add(jobj_area, "encryption", json_object_new_string(keyslot_area_desc.encryption().c_str())); + if (keyslot_area_desc.has_key_size()) + json_object_object_add(jobj_area, "key_size", json_object_new_int(keyslot_area_desc.key_size())); + + // checksum type fields + if (keyslot_area_desc.has_hash()) + json_object_object_add(jobj_area, "hash", json_object_new_string(hash_algorithm_to_string(keyslot_area_desc.hash()).c_str())); + if (keyslot_area_desc.has_sector_size()) + json_object_object_add(jobj_area, "sector_size", json_object_new_int(keyslot_area_desc.sector_size())); + + // datashift type fields + if (keyslot_area_desc.has_shift_size()) + json_object_object_add(jobj_area, "shift_size", json_object_new_string(string_uint64_to_string(keyslot_area_desc.shift_size()).c_str())); +} + +std::string LUKS2ProtoConverter::keyslot_kdf_type_to_string(const keyslot_kdf_type type) { + switch (type) { + case KEYSLOT_KDF_TYPE_PBKDF2: + return "pbkdf2"; + case KEYSLOT_KDF_TYPE_ARGON2I: + return "argon2i"; + case KEYSLOT_KDF_TYPE_ARGON2ID: + return "argon2id"; + } +} + +void LUKS2ProtoConverter::generate_keyslot_kdf(struct json_object *jobj_kdf, const keyslot_kdf_description &keyslot_kdf_desc) { + // mandatory fields + if (keyslot_kdf_desc.has_type()) + json_object_object_add(jobj_kdf, "type", json_object_new_string(keyslot_kdf_type_to_string(keyslot_kdf_desc.type()).c_str())); + + if (keyslot_kdf_desc.has_salt()) + json_object_object_add(jobj_kdf, "salt", json_object_new_string(keyslot_kdf_desc.salt().c_str())); + else + json_object_object_add(jobj_kdf, "salt", json_object_new_string("6vz4xK7cjan92rDA5JF8O6Jk2HouV0O8DMB6GlztVk=")); + + // pbkdf2 type + if (keyslot_kdf_desc.has_hash()) + json_object_object_add(jobj_kdf, "hash", json_object_new_string(hash_algorithm_to_string(keyslot_kdf_desc.hash()).c_str())); + if (keyslot_kdf_desc.has_iterations()) + json_object_object_add(jobj_kdf, "iterations", json_object_new_int(keyslot_kdf_desc.iterations())); + + // argon2i and argon2id types + if (keyslot_kdf_desc.has_time()) + json_object_object_add(jobj_kdf, "time", json_object_new_int(keyslot_kdf_desc.time())); + if (keyslot_kdf_desc.has_memory()) + json_object_object_add(jobj_kdf, "memory", json_object_new_int(keyslot_kdf_desc.memory())); + if (keyslot_kdf_desc.has_cpus()) + json_object_object_add(jobj_kdf, "cpus", json_object_new_int(keyslot_kdf_desc.cpus())); +} + +std::string LUKS2ProtoConverter::keyslot_af_type_to_string(const keyslot_af_type type) { + switch (type) { + case KEYSLOT_AF_TYPE_LUKS1: + return "luks1"; + } +} + +void LUKS2ProtoConverter::generate_keyslot_af(struct json_object *jobj_af, const keyslot_af_description &keyslot_af_desc) { + if (keyslot_af_desc.has_type()) + json_object_object_add(jobj_af, "type", json_object_new_string(keyslot_af_type_to_string(keyslot_af_desc.type()).c_str())); + if (keyslot_af_desc.has_stripes()) + json_object_object_add(jobj_af, "stripes", json_object_new_int(keyslot_af_desc.stripes())); + if (keyslot_af_desc.has_hash()) + json_object_object_add(jobj_af, "hash", json_object_new_string(hash_algorithm_to_string(keyslot_af_desc.hash()).c_str())); +} + +std::string LUKS2ProtoConverter::keyslot_type_to_string(const keyslot_type type) { + switch (type) { + case KEYSLOT_TYPE_LUKS2: + return "luks2"; + case KEYSLOT_TYPE_REENCRYPT: + return "reencrypt"; + case KEYSLOT_TYPE_PLACEHOLDER: + return "placeholder"; + } +} + +std::string LUKS2ProtoConverter::reencrypt_keyslot_mode_to_string(const reencrypt_keyslot_mode mode) { + switch (mode) { + case MODE_REENCRYPT: + return "reencrypt"; + case MODE_ENCRYPT: + return "encrypt"; + case MODE_DECRYPT: + return "decrypt"; + } +} + +std::string LUKS2ProtoConverter::reencrypt_keyslot_direction_to_string(const reencrypt_keyslot_direction direction) { + switch (direction) { + case DIRECTION_FORWARD: + return "forward"; + case DIRECTION_BACKWARD: + return "backward"; + } +} + +void LUKS2ProtoConverter::generate_keyslot(struct json_object *jobj_keyslots, const keyslot_description &keyslot_desc) { + struct json_object *jobj_keyslot, *jobj_area, *jobj_kdf, *jobj_af; + + jobj_keyslot = json_object_new_object(); + if (keyslot_desc.has_type()) + json_object_object_add(jobj_keyslot, "type", json_object_new_string(keyslot_type_to_string(keyslot_desc.type()).c_str())); + if (keyslot_desc.has_key_size()) + json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(keyslot_desc.key_size())); + if (keyslot_desc.has_priority()) + json_object_object_add(jobj_keyslot, "priority", json_object_new_int(keyslot_desc.priority())); + if (keyslot_desc.has_mode()) + json_object_object_add(jobj_keyslot, "mode", json_object_new_int(keyslot_desc.mode())); + if (keyslot_desc.has_direction()) + json_object_object_add(jobj_keyslot, "direction", json_object_new_int(keyslot_desc.direction())); + + /* Area object */ + if (keyslot_desc.has_area()) { + jobj_area = json_object_new_object(); + generate_keyslot_area(jobj_area, keyslot_desc.area()); + json_object_object_add(jobj_keyslot, "area", jobj_area); + } + + /* KDF object */ + if (keyslot_desc.has_kdf()) { + jobj_kdf = json_object_new_object(); + generate_keyslot_kdf(jobj_kdf, keyslot_desc.kdf()); + json_object_object_add(jobj_keyslot, "kdf", jobj_kdf); + } + + /* AF object */ + if (keyslot_desc.has_af()) { + jobj_af = json_object_new_object(); + generate_keyslot_af(jobj_af, keyslot_desc.af()); + json_object_object_add(jobj_keyslot, "af", jobj_af); + } + + json_object_object_add(jobj_keyslots, object_id_to_string(keyslot_desc.oid()).c_str(), jobj_keyslot); +} + +void LUKS2ProtoConverter::generate_token(struct json_object *jobj_tokens, const token_description &token_desc) { + struct json_object *jobj_token, *jobj_keyslots; + jobj_token = json_object_new_object(); + + if (token_desc.has_type()) + json_object_object_add(jobj_token, "type", json_object_new_string(token_desc.type().c_str())); + + if (token_desc.has_key_description()) + json_object_object_add(jobj_token, "key_description", json_object_new_string(token_desc.key_description().c_str())); + + if (!token_desc.keyslots().empty()) { + jobj_keyslots = json_object_new_array(); + + for (const object_id& oid : token_desc.keyslots()) { + json_object_array_add(jobj_keyslots, + json_object_new_string(object_id_to_string(oid).c_str())); + } + + /* Replace or add new keyslots array */ + json_object_object_add(jobj_token, "keyslots", jobj_keyslots); + } + + json_object_object_add(jobj_tokens, object_id_to_string(token_desc.oid()).c_str(), jobj_token); +} + +void LUKS2ProtoConverter::generate_digest(struct json_object *jobj_digests, const digest_description &digest_desc) { + struct json_object *jobj_digest, *jobj_keyslots, *jobj_segments; + + jobj_digest = json_object_new_object(); + + if (digest_desc.has_type()) + json_object_object_add(jobj_digest, "type", json_object_new_string(keyslot_kdf_type_to_string(digest_desc.type()).c_str())); + + if (!digest_desc.keyslots().empty()) { + jobj_keyslots = json_object_new_array(); + + for (const object_id& oid : digest_desc.keyslots()) { + json_object_array_add(jobj_keyslots, + json_object_new_string(object_id_to_string(oid).c_str())); + } + + /* Replace or add new keyslots array */ + json_object_object_add(jobj_digest, "keyslots", jobj_keyslots); + } + + if (!digest_desc.segments().empty()) { + jobj_segments = json_object_new_array(); + + for (const object_id& oid : digest_desc.segments()) { + json_object_array_add(jobj_segments, + json_object_new_string(object_id_to_string(oid).c_str())); + } + + /* Replace or add new segments array */ + json_object_object_add(jobj_digest, "segments", jobj_segments); + } + + if (digest_desc.has_salt()) + json_object_object_add(jobj_digest, "salt", json_object_new_string(digest_desc.salt().c_str())); + if (digest_desc.has_digest()) + json_object_object_add(jobj_digest, "digest", json_object_new_string(digest_desc.digest().c_str())); + if (digest_desc.has_hash()) + json_object_object_add(jobj_digest, "hash", json_object_new_string(hash_algorithm_to_string(digest_desc.hash()).c_str())); + if (digest_desc.has_iterations()) + json_object_object_add(jobj_digest, "iterations", json_object_new_int(digest_desc.iterations())); + + json_object_object_add(jobj_digests, object_id_to_string(digest_desc.oid()).c_str(), jobj_digest); +} + +std::string LUKS2ProtoConverter::segment_type_to_string(segment_type type) { + switch (type) { + case SEGMENT_TYPE_LINEAR: + return "linear"; + case SEGMENT_TYPE_CRYPT: + return "crypt"; + } +} + +std::string LUKS2ProtoConverter::segment_flag_to_string(segment_flag flag) { + switch (flag) { + case IN_REENCRYPTION: + return "in-reencryption"; + case BACKUP_FINAL: + return "backup-final"; + case BACKUP_PREVIOUS: + return "backup-previous"; + case BACKUP_MOVED_SEGMENT: + return "backup-moved-segment"; + } +} + +void LUKS2ProtoConverter::generate_segment_integrity(struct json_object *jobj_integrity, const segment_integrity_description &segment_integrity_desc) { + if (segment_integrity_desc.has_type()) + json_object_object_add(jobj_integrity, "type", json_object_new_string(segment_integrity_desc.type().c_str())); + if (segment_integrity_desc.has_journal_encryption()) + json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string(segment_integrity_desc.journal_encryption().c_str())); + if (segment_integrity_desc.has_journal_integrity()) + json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string(segment_integrity_desc.journal_integrity().c_str())); +} + +void LUKS2ProtoConverter::generate_segment(struct json_object *jobj_segments, const segment_description &segment_desc) { + json_object *jobj_flags, *jobj_integrity; + json_object *jobj_segment = json_object_new_object(); + + if (segment_desc.has_type()) + json_object_object_add(jobj_segment, "type", json_object_new_string(segment_type_to_string(segment_desc.type()).c_str())); + + if (segment_desc.has_offset()) + json_object_object_add(jobj_segment, "offset", json_object_new_string(string_uint64_to_string(segment_desc.offset()).c_str())); + if (segment_desc.has_size()) + json_object_object_add(jobj_segment, "size", json_object_new_string(string_uint64_to_string(segment_desc.size()).c_str())); + + if (!segment_desc.flags().empty()) { + jobj_flags = json_object_new_array(); + + for (const int flag : segment_desc.flags()) { + json_object_array_add(jobj_flags, + json_object_new_string(segment_flag_to_string(segment_flag(flag)).c_str())); + } + + /* Replace or add new flags array */ + json_object_object_add(jobj_segment, "flags", jobj_flags); + } + + if (segment_desc.has_iv_tweak()) + json_object_object_add(jobj_segment, "iv_tweak", json_object_new_string(string_uint64_to_string(segment_desc.iv_tweak()).c_str())); + if (segment_desc.has_encryption()) + json_object_object_add(jobj_segment, "encryption", json_object_new_string(segment_desc.encryption().c_str())); + if (segment_desc.has_sector_size()) + json_object_object_add(jobj_segment, "sector_size", json_object_new_int(segment_desc.sector_size())); + + if (segment_desc.has_integrity()) { + jobj_integrity = json_object_new_object(); + generate_segment_integrity(jobj_integrity, segment_desc.integrity()); + json_object_object_add(jobj_segment, "integrity", jobj_integrity); + } + + json_object_object_add(jobj_segments, object_id_to_string(segment_desc.oid()).c_str(), jobj_segment); +} + +void LUKS2ProtoConverter::create_jobj(const LUKS2_both_headers &headers) { + json_object *jobj_keyslots = NULL; + json_object *jobj_digests = NULL; + json_object *jobj_segments = NULL; + json_object *jobj_tokens = NULL; + + const json_area_description &json_desc = headers.json_area(); + + jobj = json_object_new_object(); + if (!jobj) + return; + + jobj_keyslots = json_object_new_object(); + for (const keyslot_description &keyslot_desc : json_desc.keyslots()) { + generate_keyslot(jobj_keyslots, keyslot_desc); + } + json_object_object_add(jobj, "keyslots", jobj_keyslots); + + jobj_digests = json_object_new_object(); + for (const digest_description &digest_desc : json_desc.digests()) { + generate_digest(jobj_digests, digest_desc); + } + json_object_object_add(jobj, "digests", jobj_digests); + + jobj_segments = json_object_new_object(); + for (const segment_description &segment_desc : json_desc.segments()) { + generate_segment(jobj_segments, segment_desc); + } + json_object_object_add(jobj, "segments", jobj_segments); + + jobj_tokens = json_object_new_object(); + for (const token_description &token_desc : json_desc.tokens()) { + generate_token(jobj_tokens, token_desc); + } + json_object_object_add(jobj, "tokens", jobj_tokens); + + if (json_desc.has_config()) { + uint64_t hdr_size = json_desc.config().use_primary_hdr_size() ? headers.primary_header().hdr_size() : headers.secondary_header().hdr_size(); + generate_config(json_desc.config(), hdr_size - LUKS2_HDR_BIN_LEN, KEYSLOTS_SIZE); + } +} + +void LUKS2ProtoConverter::emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid) { + struct luks2_hdr_disk hdr = {}; + int r; + + if (hd) + crypt_hash_destroy(hd); + if (crypt_hash_init(&hd, "sha256")) + err(EXIT_FAILURE, "crypt_hash_init failed"); + + + r = lseek(fd, offset, SEEK_SET); + if (r == -1) + err(EXIT_FAILURE, "lseek failed"); + + switch (header_proto.magic()) { + case INVALID: + memset(&hdr.magic, 0, LUKS2_MAGIC_L); + break; + case FIRST: + memcpy(&hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L); + break; + case SECOND: + memcpy(&hdr.magic, LUKS2_MAGIC_2ND, LUKS2_MAGIC_L); + break; + } + hdr.version = cpu_to_be16(header_proto.version()); + hdr.hdr_size = cpu_to_be64(header_proto.hdr_size()); + hdr.seqid = cpu_to_be64(seqid); + strncpy(hdr.checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L); + hdr.checksum_alg[LUKS2_CHECKSUM_ALG_L - 1] = '\0'; + strncpy(hdr.uuid, "af7f64ea-3233-4581-946b-6187d812841e", LUKS2_UUID_L); + memset(hdr.salt, 1, LUKS2_SALT_L); + + + if (header_proto.has_selected_offset()) + hdr.hdr_offset = cpu_to_be64(header_proto.selected_offset()); + else + hdr.hdr_offset = cpu_to_be64(offset); + + if (write_buffer(fd, &hdr, LUKS2_HDR_BIN_LEN) != LUKS2_HDR_BIN_LEN) + err(EXIT_FAILURE, "write_buffer failed"); + if (crypt_hash_write(hd, (char*)&hdr, LUKS2_HDR_BIN_LEN)) + err(EXIT_FAILURE, "crypt_hash_write failed"); + + size_t hdr_json_area_len = header_proto.hdr_size() - LUKS2_HDR_BIN_LEN; + size_t json_text_len; + const char *json_text; + uint8_t csum[LUKS2_CHECKSUM_L]; + + if (jobj) { + json_text = json_object_to_json_string_ext((struct json_object *)jobj, JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); + if (!json_text || !*json_text) + err(EXIT_FAILURE, "json_object_to_json_string_ext failed"); + + json_text_len = strlen(json_text); + + size_t write_size = json_text_len > hdr_json_area_len - 1 ? hdr_json_area_len - 1 : json_text_len; + if (write_buffer(fd, json_text, write_size) != (ssize_t)write_size) + err(EXIT_FAILURE, "write_buffer failed"); + if (crypt_hash_write(hd, json_text, write_size)) + err(EXIT_FAILURE, "crypt_hash_write failed"); + + for (size_t i = 0; i < (hdr_json_area_len - write_size); i++) { + if (crypt_hash_write(hd, "\0", 1)) + err(EXIT_FAILURE, "crypt_hash_write failed"); + } + } + + if (header_proto.use_correct_checksum()) { + if (lseek(fd, offset + offsetof(luks2_hdr_disk, csum), SEEK_SET) == -1) + err(EXIT_FAILURE, "lseek failed"); + + int hash_size = crypt_hash_size("sha256"); + if (hash_size <= 0) + err(EXIT_FAILURE, "crypt_hash_size failed"); + + if (crypt_hash_final(hd, (char*)csum, (size_t)hash_size)) + err(EXIT_FAILURE, "crypt_hash_final failed"); + if (write_buffer(fd, csum, hash_size) != hash_size) + err(EXIT_FAILURE, "write_buffer failed"); + } +} + +void LUKS2ProtoConverter::set_write_headers_only(bool headers_only) { + write_headers_only = headers_only; +} + +void LUKS2ProtoConverter::convert(const LUKS2_both_headers &headers, int fd) { + uint64_t primary_seqid, secondary_seqid; + int result; + + size_t out_size = headers.primary_header().hdr_size() + headers.secondary_header().hdr_size(); + + if (!write_headers_only) + out_size += KEYSLOTS_SIZE + DATA_SIZE; + + result = ftruncate(fd, out_size); + if (result == -1) + err(EXIT_FAILURE, "truncate failed"); + + result = lseek(fd, 0, SEEK_SET); + if (result == -1) + err(EXIT_FAILURE, "lseek failed"); + + switch (headers.seqid()) { + case EQUAL: + primary_seqid = 1; + secondary_seqid = 1; + break; + case PRIMARY_GREATER: + primary_seqid = 2; + secondary_seqid = 1; + break; + case SECONDARY_GREATER: + primary_seqid = 1; + secondary_seqid = 2; + break; + } + + create_jobj(headers); + emit_luks2_binary_header(headers.primary_header(), fd, 0, primary_seqid); + emit_luks2_binary_header(headers.secondary_header(), fd, headers.primary_header().hdr_size(), secondary_seqid); +} + +std::string LUKS2ProtoConverter::config_flag_to_string(config_flag flag) { + switch (flag) { + case CONFIG_FLAG_ALLOW_DISCARDS: + return "allow-discards"; + case CONFIG_FLAG_SAME_CPU_CRYPT: + return "same-cpu-crypt"; + case CONFIG_FLAG_SUBMIT_FROM_CRYPT_CPUS: + return "submit-from-crypt-cpus"; + case CONFIG_FLAG_NO_JOURNAL: + return "no-journal"; + case CONFIG_FLAG_NO_READ_WORKQUEUE: + return "no-read-workqueue"; + case CONFIG_FLAG_NO_WRITE_WORKQUEUE: + return "no-write-workqueue"; + } +} + +std::string LUKS2ProtoConverter::config_requirement_to_string(config_requirement requirement) { + switch (requirement) { + case CONFIG_REQUIREMENT_OFFLINE_REENCRYPT: + return "offline-reencrypt"; + case CONFIG_REQUIREMENT_ONLINE_REENCRYPT_V2: + return "online-reencrypt-v2"; + } +} + +void LUKS2ProtoConverter::generate_config(const config_description &config_desc, uint64_t json_size, uint64_t keyslots_size) { + json_object *jobj_config, *jobj_flags, *jobj_requirements, *jobj_mandatory; + jobj_config = json_object_new_object(); + + json_object_object_add(jobj_config, "json_size", json_object_new_string(std::to_string(json_size).c_str())); + json_object_object_add(jobj_config, "keyslots_size", json_object_new_string(std::to_string(keyslots_size).c_str())); + + if (!config_desc.config_flags().empty()) { + jobj_flags = json_object_new_array(); + + for (const int flag : config_desc.config_flags()) { + json_object_array_add(jobj_flags, + json_object_new_string(config_flag_to_string(config_flag(flag)).c_str())); + } + + /* Replace or add new flags array */ + json_object_object_add(jobj_config, "flags", jobj_flags); + } + + if (!config_desc.requirements().empty()) { + jobj_requirements = json_object_new_object(); + jobj_mandatory = json_object_new_array(); + + for (const int requirement : config_desc.requirements()) { + json_object_array_add(jobj_mandatory, + json_object_new_string(config_requirement_to_string(config_requirement(requirement)).c_str())); + } + + /* Replace or add new requirements array */ + json_object_object_add(jobj_requirements, "mandatory", jobj_mandatory); + json_object_object_add(jobj_config, "requirements", jobj_requirements); + } + + json_object_object_add(jobj, "config", jobj_config); +} + +LUKS2ProtoConverter::~LUKS2ProtoConverter() { + json_object_put(jobj); + if (hd) + crypt_hash_destroy(hd); +} +} // namespace LUKS2_proto diff -Nru cryptsetup-2.5.0/tests/fuzz/proto_to_luks2_converter.h cryptsetup-2.6.1/tests/fuzz/proto_to_luks2_converter.h --- cryptsetup-2.5.0/tests/fuzz/proto_to_luks2_converter.h 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/proto_to_luks2_converter.h 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,91 @@ +/* + * cryptsetup LUKS2 custom mutator fuzz target + * + * Copyright (C) 2022-2023 Daniel Zatovic + * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef LUKS2_PROTO_CONVERTER_H_ +#define LUKS2_PROTO_CONVERTER_H_ + +#include +#include +#include + +#include "LUKS2.pb.h" +extern "C" { +#include "crypto_backend/crypto_backend.h" +} + +namespace LUKS2_proto { + +class LUKS2ProtoConverter { + public: + ~LUKS2ProtoConverter(); + std::string string_uint64_to_string(const string_uint64 &str_u64); + std::string hash_algorithm_to_string(const hash_algorithm type); + std::string object_id_to_string(const object_id &oid); + + std::string keyslot_area_type_to_string(const keyslot_area_type type); + std::string keyslot_kdf_type_to_string(const keyslot_kdf_type type); + std::string reencrypt_keyslot_mode_to_string(const reencrypt_keyslot_mode mode); + std::string keyslot_type_to_string(const keyslot_type type); + std::string reencrypt_keyslot_direction_to_string(const reencrypt_keyslot_direction direction); + std::string keyslot_af_type_to_string(const keyslot_af_type type); + + std::string config_flag_to_string(config_flag flag); + std::string config_requirement_to_string(config_requirement requirements); + + std::string segment_type_to_string(segment_type type); + std::string segment_flag_to_string(segment_flag flag); + + void generate_keyslot(struct json_object *jobj_keyslots, const keyslot_description &keyslot_desc); + void generate_keyslot_area(struct json_object *jobj_area, const keyslot_area_description &keyslot_area_desc); + void generate_keyslot_kdf(struct json_object *jobj_kdf, const keyslot_kdf_description &keyslot_kdf_desc); + void generate_keyslot_af(struct json_object *jobj_af, const keyslot_af_description &keyslot_af_desc); + + void generate_token(struct json_object *jobj_tokens, const token_description &token_desc); + + void generate_digest(struct json_object *jobj_digests, const digest_description &digest_desc); + + void generate_segment_integrity(struct json_object *jobj_integrity, const segment_integrity_description &segment_integrity_desc); + void generate_segment(struct json_object *jobj_segments, const segment_description &segment_desc); + + void generate_config(const config_description &config_desc, uint64_t json_size, uint64_t keyslots_size); + + void create_jobj(const LUKS2_both_headers &headers, uint64_t hdr_size); + void emit_luks2_binary_header(uint64_t offset, uint64_t seqid, bool is_primary, uint64_t hdr_size); + void convert(const LUKS2_both_headers &headers, int fd); + void create_jobj(const LUKS2_both_headers &headers); + void emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid); + + void set_write_headers_only(bool headers_only); + + const uint8_t *get_out_buffer(); + size_t get_out_size(); + + static const uint64_t KEYSLOTS_SIZE = 3 * 1024 * 1024; + static const uint64_t DATA_SIZE = 16 * 1024 * 1024; + private: + bool write_headers_only = false; + struct crypt_hash *hd = NULL; + struct ::json_object *jobj = NULL; +}; + +} // namespace LUKS2_proto + +#endif // LUKS2_PROTO_CONVERTER_H_ diff -Nru cryptsetup-2.5.0/tests/fuzz/README.md cryptsetup-2.6.1/tests/fuzz/README.md --- cryptsetup-2.5.0/tests/fuzz/README.md 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/README.md 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,66 @@ +# Fuzzing target for cryptsetup project + +This directory contains experimental targets for fuzzing testing. +It can be run in the OSS-Fuzz project but also compiled separately. + +# Requirements + +Fuzzers use address sanitizer. To properly detect problems, all +important libraries must be compiled statically with sanitizer enabled. + +Compilation requires *clang* and *clang++* compilers (gcc is not +supported yet). + +# Standalone build + +The script `oss-fuzz-build.sh` can be used to prepare the tree +with pre-compiled library dependencies. +We use upstream git for projects, which can clash with locally +installed versions. The best is to use only basic system installation +without development packages (script will use custom include, libs, +and pkg-config paths). + +# Build Docker image and fuzzers + +You can also run OSS-Fuzz in a Docker image, use these commands +to prepare fuzzers: +``` +sudo python3 infra/helper.py build_image cryptsetup +sudo python3 infra/helper.py build_fuzzers cryptsetup +``` +On SELinux systems also add (https://github.com/google/oss-fuzz/issues/30): +``` +sudo chcon -Rt svirt_sandbox_file_t build/ +``` + +# Run LUKS2 fuzzer +`FUZZER_NAME` can be one of: `crypt2_load_fuzz`, `crypt2_load_proto_fuzz`, `crypt2_load_proto_plain_json_fuzz` +``` +FUZZER_NAME="crypt2_load_proto_plain_json_fuzz" +sudo mkdir -p build/corpus/cryptsetup/$FUZZER_NAME +sudo python infra/helper.py run_fuzzer --corpus-dir build/corpus/cryptsetup/$FUZZER_NAME/ --sanitizer address cryptsetup $FUZZER_NAME '-jobs=8 -workers=8' +``` + +The output of the parallel threads will be written to `fuzz-.log` (where `` is the number of the process). +You can watch it using e.g.: +``` +tail -f build/out/cryptsetup/fuzz-* +``` + +Optionally, you can use experimental `fork` mode for parallelization and the output will be displayed directly on the terminal: +``` +sudo python infra/helper.py run_fuzzer --corpus-dir build/corpus/cryptsetup/$FUZZER_NAME/ --sanitizer address cryptsetup $FUZZER_NAME '-fork=8 ' +``` + +# Rebuild fuzz targets for coverage +``` +sudo python infra/helper.py build_fuzzers --sanitizer coverage cryptsetup +``` + +# Generate coverage report +``` +sudo python infra/helper.py coverage cryptsetup --no-corpus-download --fuzz-target $FUZZER_NAME +``` + +# Further information +For more details, you can look into the [Using fuzzing for Linux disk encryption tools](https://is.muni.cz/th/bum03/?lang=en) thesis. diff -Nru cryptsetup-2.5.0/tests/fuzz/unpoison-mutated-buffers-from-libfuzzer.patch cryptsetup-2.6.1/tests/fuzz/unpoison-mutated-buffers-from-libfuzzer.patch --- cryptsetup-2.5.0/tests/fuzz/unpoison-mutated-buffers-from-libfuzzer.patch 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fuzz/unpoison-mutated-buffers-from-libfuzzer.patch 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,29 @@ +diff --git a/src/libfuzzer/libfuzzer_mutator.cc b/src/libfuzzer/libfuzzer_mutator.cc +index 34d144c..b671fd4 100644 +--- a/src/libfuzzer/libfuzzer_mutator.cc ++++ b/src/libfuzzer/libfuzzer_mutator.cc +@@ -14,6 +14,8 @@ + + #include "src/libfuzzer/libfuzzer_mutator.h" + ++#include ++ + #include + + #include +@@ -64,6 +66,7 @@ template + T MutateValue(T v) { + size_t size = + LLVMFuzzerMutate(reinterpret_cast(&v), sizeof(v), sizeof(v)); ++ __msan_unpoison(reinterpret_cast(&v), size); + memset(reinterpret_cast(&v) + size, 0, sizeof(v) - size); + return v; + } +@@ -93,6 +96,7 @@ std::string Mutator::MutateString(const std::string& value, + result.resize(std::max(1, new_size)); + result.resize(LLVMFuzzerMutate(reinterpret_cast(&result[0]), + value.size(), result.size())); ++ __msan_unpoison(reinterpret_cast(&result[0]), result.size()); + return result; + } + diff -Nru cryptsetup-2.5.0/tests/fvault2-compat-test cryptsetup-2.6.1/tests/fvault2-compat-test --- cryptsetup-2.5.0/tests/fvault2-compat-test 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/fvault2-compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,134 @@ +#!/bin/bash + +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +MAP=fvault2test +TST_DIR=fvault2-images + +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + +[ -z "$srcdir" ] && srcdir="." + +function create_mapping() +{ + local image=$1 + local passphrase=$2 + echo -n "$passphrase" | "$CRYPTSETUP" open --type fvault2 --key-file - \ + "$image" "$MAP" +} + +function remove_mapping() +{ + [ -b "/dev/mapper/$MAP" ] && dmsetup remove --retry "$MAP" + rm -rf $TST_DIR +} + +function fail() +{ + [ -n "$1" ] && echo "$1" + echo " [FAILED]" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + remove_mapping + exit 2 +} + +function skip() +{ + [ -n "$1" ] && echo "$1" + echo "Test skipped." + remove_mapping + exit 77 +} + +function produce_dump() +{ + "$CRYPTSETUP" fvault2Dump "$1" || fail +} + +function produce_dump_key() +{ + echo "$2" | "$CRYPTSETUP" fvault2Dump "$1" --dump-volume-key || fail +} + +function check_dump() +{ + local dump=$1 + local key=$2 + local exp_value=$3 + local regex="$key:\s*\(.*\)" + local value=$(echo "$dump" | sed -n "s|$regex|\1|p" | sed 's|\s*$||') + [ "$value" = "$exp_value" ] || fail \ + "$key check failed: expected \"$exp_value\", got \"$value\"" +} + +function check_uuid() +{ + local exp_uuid=$1 + local uuid=$(blkid -po value -s UUID "/dev/mapper/$MAP") + [ "$uuid" = "$exp_uuid" ] || fail \ + "UUID check failed: expected \"$exp_uuid\", got \"$uuid\"" +} + +function check_sha256() +{ + local exp_sum=$1 + local sum=$(sha256sum /dev/mapper/$MAP | head -c 64) + [ "$sum" = "$exp_sum" ] || fail \ + "SHA256 sum check failed: expected \"$exp_sum\", got \"$sum\"" +} + +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + +export LANG=C +[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." + +if [ ! -d $TST_DIR ]; then + tar xJSf $srcdir/fvault2-images.tar.xz --no-same-owner 2>/dev/null || skip "Incompatible tar." +fi + +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run + +echo "HEADER CHECK" +IMG="$TST_DIR/small" +PWD="heslo123" + +echo -n " $IMG" +dump=$(produce_dump $IMG) +check_dump "$dump" 'Physical volume UUID' fc52bfae-5a1f-4f9b-b3a6-f33303a0e401 +check_dump "$dump" 'Family UUID' 33a76caa-1481-4bc5-8d04-1ac1707c19c0 +check_dump "$dump" 'Logical volume offset' '67108864 [bytes]' +check_dump "$dump" 'Logical volume size' '167772160 [bytes]' +check_dump "$dump" 'PBKDF2 iterations' 204222 +check_dump "$dump" 'PBKDF2 salt' '2c 24 9e db 66 63 d6 fb cc 79 05 b7 a4 d7 27 52' +dump=$(produce_dump_key $IMG heslo123) +check_dump "$dump" 'Volume key' '20 73 4d 33 89 21 27 74 d7 61 0c 29 d7 32 88 09 16 f3 be 14 c4 b1 2a c7 aa f0 7e 5c cc 77 b3 19' +echo $PWD | $CRYPTSETUP open --type fvault2 --test-passphrase $IMG || fail +echo " [OK]" + +if [ $(id -u) != 0 ]; then + echo "WARNING: You must be root to run activation part of test, test skipped." + remove_mapping + exit 0 +fi + +echo "ACTIVATION CHECK" +echo -n " $IMG" +create_mapping $IMG heslo123 +check_uuid de124d8a-2164-394e-924f-8e28db0a09cb +check_sha256 2c662e36c0f7e2f5583e6a939bbcbdc660805692d0fccaa45ad4052beb3b8e18 +echo " [OK]" + +remove_mapping +exit 0 Binary files /tmp/tmp06sinjow/cYhX8ttuxL/cryptsetup-2.5.0/tests/fvault2-images.tar.xz and /tmp/tmp06sinjow/0nlrCebF_0/cryptsetup-2.6.1/tests/fvault2-images.tar.xz differ diff -Nru cryptsetup-2.5.0/tests/keyring-compat-test cryptsetup-2.6.1/tests/keyring-compat-test --- cryptsetup-2.5.0/tests/keyring-compat-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/keyring-compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -21,12 +21,15 @@ CHKS_DMCRYPT=vk_in_dmcrypt.chk CHKS_KEYRING=vk_in_keyring.chk -PWD="aaa" +PWD="aaablabl" [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup -[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) function remove_mapping() { @@ -47,6 +50,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + function fail() { [ -n "$1" ] && echo "$1" @@ -116,6 +131,7 @@ } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." command -v dmsetup >/dev/null || skip "Cannot find dmsetup, test skipped" command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped" diff -Nru cryptsetup-2.5.0/tests/loopaes-test cryptsetup-2.6.1/tests/loopaes-test --- cryptsetup-2.5.0/tests/loopaes-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/loopaes-test 2023-02-09 16:12:17.000000000 +0000 @@ -3,6 +3,9 @@ [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + # try to validate using loop-AES losetup/kernel if available LOSETUP_AES=/losetup-aes.old @@ -42,6 +45,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + function prepare() { remove_mapping @@ -145,6 +160,7 @@ [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped." [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run command -v uuencode >/dev/null || skip "WARNING: test require uuencode binary, test skipped." check_version || skip "Probably old kernel, test skipped." diff -Nru cryptsetup-2.5.0/tests/luks1-compat-test cryptsetup-2.6.1/tests/luks1-compat-test --- cryptsetup-2.5.0/tests/luks1-compat-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/luks1-compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -1,17 +1,14 @@ #!/bin/bash -# check luks1 images parsing - -# NOTE: if image with whirlpool hash fails, check -# that you are not using old gcrypt with flawed whirlpool -# (see cryptsetup debug output) - [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup TST_DIR=luks1-images MAP=luks1tst KEYFILE=keyfile1 +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + [ -z "$srcdir" ] && srcdir="." function remove_mapping() @@ -37,17 +34,33 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + +function remove_imgs() +{ + echo "WARNING: $1 not available, not testing some images." + rm $(ls $TST_DIR/*$1*.img) +} + function test_one() { - $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip "Cannot use $1/$2, test skipped." + $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || remove_imgs $1 } function test_required() { - command -v lsblk >/dev/null || skip "lsblk tool required, test skipped." - echo "REQUIRED KDF TEST" - $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip + $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && remove_imgs whirlpool echo "REQUIRED CIPHERS TEST" echo "# Algorithm | Key | Encryption | Decryption" @@ -61,8 +74,10 @@ export LANG=C [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." -test_required +command -v blkid >/dev/null || skip "blkid tool required, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run [ ! -d $TST_DIR ] && tar xJf $srcdir/luks1-images.tar.xz --no-same-owner +test_required echo "PASSPHRASE CHECK" for file in $(ls $TST_DIR/luks1_*) ; do @@ -99,7 +114,7 @@ [ $ret -ne 0 ] && fail $CRYPTSETUP status $MAP >/dev/null || fail $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail - UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) + UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP) $CRYPTSETUP remove $MAP || fail [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." echo " [OK]" Binary files /tmp/tmp06sinjow/cYhX8ttuxL/cryptsetup-2.5.0/tests/luks2_header_requirements_free.xz and /tmp/tmp06sinjow/0nlrCebF_0/cryptsetup-2.6.1/tests/luks2_header_requirements_free.xz differ Binary files /tmp/tmp06sinjow/cYhX8ttuxL/cryptsetup-2.5.0/tests/luks2_header_requirements.tar.xz and /tmp/tmp06sinjow/0nlrCebF_0/cryptsetup-2.6.1/tests/luks2_header_requirements.tar.xz differ Binary files /tmp/tmp06sinjow/cYhX8ttuxL/cryptsetup-2.5.0/tests/luks2_header_requirements.xz and /tmp/tmp06sinjow/0nlrCebF_0/cryptsetup-2.6.1/tests/luks2_header_requirements.xz differ diff -Nru cryptsetup-2.5.0/tests/luks2-integrity-test cryptsetup-2.6.1/tests/luks2-integrity-test --- cryptsetup-2.5.0/tests/luks2-integrity-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/luks2-integrity-test 2023-02-09 16:12:17.000000000 +0000 @@ -11,6 +11,9 @@ KEY_FILE=key.img FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + dmremove() { # device udevadm settle >/dev/null 2>&1 dmsetup remove $1 >/dev/null 2>&1 @@ -38,6 +41,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + add_device() { cleanup dd if=/dev/urandom of=$KEY_FILE bs=1 count=512 >/dev/null 2>&1 @@ -139,6 +154,7 @@ [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run modprobe dm-integrity >/dev/null 2>&1 dmsetup targets | grep integrity >/dev/null 2>&1 || skip "Cannot find dm-integrity target, test skipped." command -v wipefs >/dev/null || skip "Cannot find wipefs, test skipped." diff -Nru cryptsetup-2.5.0/tests/luks2-reencryption-mangle-test cryptsetup-2.6.1/tests/luks2-reencryption-mangle-test --- cryptsetup-2.5.0/tests/luks2-reencryption-mangle-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/luks2-reencryption-mangle-test 2023-02-09 16:12:17.000000000 +0000 @@ -217,7 +217,8 @@ function valgrind_run() { - INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" + export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" + $CRYPTSETUP_RAW "$@" } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." diff -Nru cryptsetup-2.5.0/tests/luks2-reencryption-test cryptsetup-2.6.1/tests/luks2-reencryption-test --- cryptsetup-2.5.0/tests/luks2-reencryption-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/luks2-reencryption-test 2023-02-09 16:12:17.000000000 +0000 @@ -1,6 +1,6 @@ #!/bin/bash -PS4='$LINENO:' +#PS4='$LINENO:' [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup @@ -27,7 +27,7 @@ PWD3="1-9Qu5Ejfnqv" DEV_LINK="reenc-test-link" -[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) function dm_crypt_features() { @@ -222,7 +222,7 @@ function check_hash_dev() # $1 dev, $2 hash { - HASH=$(sha256sum $1 | cut -d' ' -f 1) + HASH=$(sha1sum $1 | cut -d' ' -f 1) [ $HASH != "$2" ] && fail "HASH differs (expected: $2) (result $HASH)" } @@ -235,7 +235,7 @@ function check_hash_dev_head() # $1 dev, $2 len, $3 hash { - local hash=$(dd if=$1 bs=512 count=$2 2>/dev/null | sha256sum | cut -d' ' -f1) + local hash=$(dd if=$1 bs=512 count=$2 2>/dev/null | sha1sum | cut -d' ' -f1) [ $hash != "$3" ] && fail "HASH differs (expected: $3) (result $hash)" } @@ -855,25 +855,25 @@ # REENCRYPTION tests # 28 MiBs of zeros (32MiBs - 4MiB LUKS2 header) -HASH1=f8280c81b347b01405277bf9e8bf0685ae8be863ff104797c65b7169f8203fd2 +HASH1=4da90c0638bd7d29ce3d0ace3df5ee99706c23da # 1 MiB of zeros -HASH2=30e14955ebf1352266dc2ff8067e68104607e750abb9d3b36582b8af909fcb58 +HASH2=3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3 # 256 MiBs of zeros -HASH3=a6d72ac7690f53be6ae46ba88506bd97302a093f7108472bd9efc3cefda06484 +HASH3=7b91dbdc56c5781edf6c8847b4aa6965566c5c75 # 64 MiBs of zeroes -HASH4=3b6a07d0d404fab4e23b6d34bc6696a6a312dd92821332385e5af7c01c421351 +HASH4=44fac4bedde4df04b9572ac665d3ac2c5cd00c7d # 56 MiBs of zeroes -HASH5=8afcb7e7189ce4d112fd245eaa60c3cfcf5a5d5e1d6bf4eb85941d73ef8cfbd5 +HASH5=bcd8ce9b30a43b2dacdf479493c93e167ef60946 # 43 MiBs of zeroes -HASH6=39f7c6d38af574fe2c90ef400dfaba8ef8edccd11bdac998a3f8143a86837331 +HASH6=2cf8a5f40a2ab5373c5425d6071da480f1ce08e8 # 31 MiBs of zeroes -HASH7=18a393d1a505e22ccf3e29effe3005ea8627e4c36b7cca0e53f58121f49b67e1 +HASH7=7ed56dd14d2841cf169fe503d097be04192666bd # 60 MiBs of zeroes -HASH8=cf5ac69ca412f9b3b1a8b8de27d368c5c05ed4b1b6aa40e6c38d9cbf23711342 +HASH8=233ba936226a3ac499e67babaebd0d4aafb9761a # 240 MiBs of zeroes (256MiBs - 16MiBs default LUKS2 header size) -HASH9=17088b031491a37e0ee9e1025a3938f55ee94ae27653370ad2fe5b0b32e35334 +HASH9=045eebed703cce308e049deb019b877f0445862f # 16 MiBs of zeroes -HASH10=080acf35a507ac9849cfcba47dc2ad83e01b75663a516279c8b9d243b719643e +HASH10=3b4417fc421cee30a9ad0fd9319220a8dae32da2 prepare dev_size_mb=32 setup_luks2_env @@ -1080,6 +1080,22 @@ $CRYPTSETUP close $DEV_NAME echo $PWD1 | $CRYPTSETUP open --header $IMG_HDR $DEV --test-passphrase || fail +# Encrypt without size reduction must not allow header device same as data device +wipe_dev_head $DEV 1 +echo $PWD1 | $CRYPTSETUP reencrypt $DEV --type luks2 --encrypt --header $DEV -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $DEV 2>/dev/null && fail +ln -s $DEV $DEV_LINK || fail +echo $PWD1 | $CRYPTSETUP reencrypt $DEV --type luks2 --encrypt --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $DEV 2>/dev/null && fail +rm -f $DEV_LINK || fail + +dd if=/dev/zero of=$IMG bs=4k count=1 >/dev/null 2>&1 +echo $PWD1 | $CRYPTSETUP reencrypt $IMG --type luks2 --encrypt --header $IMG -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail +ln -s $IMG $DEV_LINK || fail +echo $PWD1 | $CRYPTSETUP reencrypt $IMG --type luks2 --encrypt --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail + echo "[4] Reencryption with detached header" wipe $PWD1 $IMG_HDR echo $PWD1 | $CRYPTSETUP reencrypt -c aes-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail @@ -1827,15 +1843,12 @@ echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience none 2> /dev/null && fail test -f $IMG_HDR && fail $CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail -# FIXME: There's a bug in --hotzone-size parameter when initializing decryption with datashift -#echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience checksum --hotzone-size 4m || fail -echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience checksum || fail +echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience checksum --hotzone-size 4m || fail $CRYPTSETUP isLuks $DEV -q && fail # $CRYPTSETUP luksDump $IMG_HDR echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience datashift 2> /dev/null && fail echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience none 2> /dev/null && fail -# FIXME: (see above) -#echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience journal || fail +echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience journal || fail rm -f $IMG_HDR check_blkid @@ -1989,6 +2002,17 @@ # FIXME: Should not reencryption remove it automatically? rm -f $IMG_HDR +# 1MiB data size +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 63488 || fail +echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail +wipe_dev /dev/mapper/$DEV_NAME +# --hotzone-size larger than data expected to get auto corrected by library +echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only --hotzone-size 4M || fail +check_hash_dev /dev/mapper/$DEV_NAME $HASH2 +echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail +check_hash_dev_head $DEV 2048 $HASH2 +rm -f $IMG_HDR + # small device (less than header size) prepare dev_size_mb=5 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -S5 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail diff -Nru cryptsetup-2.5.0/tests/Makefile.am cryptsetup-2.6.1/tests/Makefile.am --- cryptsetup-2.5.0/tests/Makefile.am 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/Makefile.am 2023-02-09 16:12:17.000000000 +0000 @@ -20,6 +20,7 @@ vectors-test \ blockwise-compat-test \ bitlk-compat-test \ + fvault2-compat-test \ run-all-symbols \ unit-utils-crypt-test \ unit-wipe-test \ @@ -39,14 +40,24 @@ TESTS += ssh-test-plugin endif +if EXTERNAL_TOKENS +TESTS += systemd-test-plugin +endif + ssh-test-plugin: fake_token_path.so +systemd-test-plugin: fake_token_path.so fake_systemd_tpm_path.so -fake_token_path.so: - $(CC) $(CFLAGS) $(LDFLAGS) -I $(top_srcdir)/lib -fPIC -shared \ +# Do not use global CFLAGS here as the *.so link does not support sanitizers +fake_token_path.so: fake_token_path.c + $(CC) $(LDFLAGS) -I $(top_srcdir)/lib -fPIC -shared -D_GNU_SOURCE \ -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \ -o fake_token_path.so $(top_srcdir)/tests/fake_token_path.c \ -DBUILD_DIR=\"$(abs_top_srcdir)/.libs/\" +fake_systemd_tpm_path.so: fake_systemd_tpm_path.c + $(CC) $(LDFLAGS) -fPIC -shared -D_GNU_SOURCE -o fake_systemd_tpm_path.so \ + $(top_srcdir)/tests/fake_systemd_tpm_path.c + EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \ compatimage2.img.xz \ conversion_imgs.tar.xz \ @@ -55,8 +66,7 @@ xfs_512_block_size.img.xz \ valid_header_file.xz \ luks2_valid_hdr.img.xz \ - luks2_header_requirements.xz \ - luks2_header_requirements_free.xz \ + luks2_header_requirements.tar.xz \ luks2_mda_images.tar.xz \ evil_hdr-payload_overwrite.xz \ evil_hdr-stripes_payload_dmg.xz \ @@ -88,15 +98,19 @@ Makefile.localtest \ bitlk-compat-test \ bitlk-images.tar.xz \ + fvault2-compat-test \ + fvault2-images.tar.xz \ ssh-test-plugin \ generate-symbols-list \ run-all-symbols \ fake_token_path.c \ - unit-wipe-test + fake_systemd_tpm_path.c \ + unit-wipe-test \ + systemd-test-plugin -CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log test-symbols-list.h fake_token_path.so +CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log test-symbols-list.h fake_token_path.so fake_systemd_tpm_path.so clean-local: - -rm -rf tcrypt-images luks1-images luks2-images bitlk-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp + -rm -rf tcrypt-images luks1-images luks2-images bitlk-images fvault2-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp external-tokens differ_SOURCES = differ.c differ_CFLAGS = $(AM_CFLAGS) -Wall -O2 @@ -151,7 +165,7 @@ check_PROGRAMS = api-test api-test-2 differ vectors-test unit-utils-io unit-utils-crypt-test unit-wipe all-symbols-test -check-programs: test-symbols-list.h $(check_PROGRAMS) fake_token_path.so +check-programs: test-symbols-list.h $(check_PROGRAMS) fake_token_path.so fake_systemd_tpm_path.so conversion_imgs: @tar xJf conversion_imgs.tar.xz @@ -172,6 +186,21 @@ @VALG=1 ./luks2-reencryption-mangle-test @VALG=1 ./bitlk-compat-test @VALG=1 ./tcrypt-compat-test - @grep -l "ERROR SUMMARY: [^0] errors" valglog* || echo "No leaks detected." + @VALG=1 ./align-test + @VALG=1 ./align-test2 + @VALG=1 ./device-test + @VALG=1 ./discards-test + @VALG=1 ./keyring-compat-test + @VALG=1 ./loopaes-test + @VALG=1 ./luks1-compat-test + @VALG=1 ./luks2-integrity-test + @VALG=1 ./mode-test + @VALG=1 ./password-hash-test + @VALG=1 ./reencryption-compat-test + @VALG=1 ./fvault2-compat-test + @[ -z "$RUN_SSH_PLUGIN_TEST" ] || VALG=1 ./ssh-test-plugin + @INFOSTRING="unit-utils-crypt-test" ./valg-api.sh ./unit-utils-crypt-test + @INFOSTRING="vectors-test" ./valg-api.sh ./vectors-test + @grep -l "ERROR SUMMARY: [^0][0-9]* errors" valglog* || echo "No leaks detected." .PHONY: valgrind-check diff -Nru cryptsetup-2.5.0/tests/Makefile.localtest cryptsetup-2.6.1/tests/Makefile.localtest --- cryptsetup-2.5.0/tests/Makefile.localtest 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/Makefile.localtest 2023-02-09 16:12:17.000000000 +0000 @@ -14,6 +14,11 @@ TESTS += ssh-test-plugin endif +ifneq ($(RUN_SYSTEMD_PLUGIN_TEST),) +TESTS += systemd-test-plugin +TESTS_UTILS += fake_systemd_tpm_path.so +endif + check-programs: $(TESTS_UTILS) $(TESTS) differ: differ.o @@ -43,6 +48,9 @@ all-symbols-test: all-symbols-test.o $(CC) -o $@ $^ -ldl +fake_systemd_tpm_path.so: fake_systemd_tpm_path.c + $(CC) -fPIC -shared -D_GNU_SOURCE -o fake_systemd_tpm_path.so fake_systemd_tpm_path.c + tests: $(TESTS_UTILS) $(TESTS) @for test in $(sort $(TESTS)); do \ echo [$$test]; \ diff -Nru cryptsetup-2.5.0/tests/mode-test cryptsetup-2.6.1/tests/mode-test --- cryptsetup-2.5.0/tests/mode-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/mode-test 2023-02-09 16:12:17.000000000 +0000 @@ -8,6 +8,7 @@ HEADER_IMG=mode-test.img PASSWORD=3xrododenron PASSWORD1=$PASSWORD +FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" # cipher-chainmode-ivopts:ivmode CIPHERS="aes twofish serpent" @@ -16,6 +17,9 @@ LOOPDEV=$(losetup -f 2>/dev/null) +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + dmremove() { # device udevadm settle >/dev/null 2>&1 dmsetup remove --retry $1 >/dev/null 2>&1 @@ -43,6 +47,19 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + + add_device() { cleanup dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1 @@ -110,14 +127,14 @@ echo -n "[n/a]" fi - echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1 + echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF2 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1 if [ $? -eq 0 ] ; then echo -n -e " LUKS1:" echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail dmcrypt_check "$DEV_NAME"_tstdev $OUT fi - echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 -i 1 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1 + echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 $FAST_PBKDF2 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1 if [ $? -eq 0 ] ; then echo -n -e " LUKS2:" echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail @@ -136,6 +153,7 @@ [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped." [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run add_device diff -Nru cryptsetup-2.5.0/tests/password-hash-test cryptsetup-2.6.1/tests/password-hash-test --- cryptsetup-2.5.0/tests/password-hash-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/password-hash-test 2023-02-09 16:12:17.000000000 +0000 @@ -9,6 +9,9 @@ DEV2=$DEV_NAME"_x" +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + dmremove() { # device udevadm settle >/dev/null 2>&1 dmsetup remove --retry $1 >/dev/null 2>&1 @@ -35,6 +38,18 @@ cleanup 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + crypt_key() # hash keysize pwd/file name outkey [limit] [offset] { DEV2=$DEV_NAME"_x" @@ -102,6 +117,7 @@ } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run if [ $(id -u) != 0 ]; then echo "WARNING: You must be root to run this test, test skipped." exit 77 diff -Nru cryptsetup-2.5.0/tests/reencryption-compat-test cryptsetup-2.6.1/tests/reencryption-compat-test --- cryptsetup-2.5.0/tests/reencryption-compat-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/reencryption-compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -6,12 +6,16 @@ REENC="$REENC_BIN reencrypt" FAST_PBKDF="--pbkdf-force-iterations 1000 --pbkdf pbkdf2" +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + DEV_NAME=reenc9768 DEV_NAME2=reenc1273 IMG=reenc-data IMG_HDR=$IMG.hdr HEADER_LUKS2_PV=blkid-luks2-pv.img ORIG_IMG=reenc-data-orig +DEV_LINK="reenc-test-link" KEY1=key1 PWD1="93R4P4pIqAH8" PWD2="1cND4319812f" @@ -19,6 +23,12 @@ MNT_DIR=./mnt_luks START_DIR=$(pwd) +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) + +function fips_mode() +{ + [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] +} function del_scsi_device() { @@ -31,7 +41,7 @@ [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME [ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1 - rm -f $IMG $IMG_HDR $ORIG_IMG $KEY1 $HEADER_LUKS2_PV >/dev/null 2>&1 + rm -f $IMG $IMG_HDR $ORIG_IMG $KEY1 $HEADER_LUKS2_PV $DEV_LINK >/dev/null 2>&1 umount $MNT_DIR > /dev/null 2>&1 rmdir $MNT_DIR > /dev/null 2>&1 LOOPDEV1="" @@ -54,6 +64,18 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + function add_scsi_device() { del_scsi_device if [ -d /sys/module/scsi_debug ] ; then @@ -230,6 +252,7 @@ [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ ! -x "$REENC_BIN" ] && skip "Cannot find $REENC_BIN, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run command -v wipefs >/dev/null || skip "Cannot find wipefs, test skipped." # REENCRYPTION tests @@ -281,10 +304,24 @@ # FIXME echo $PWD1 | $REENC ... echo "[4] Encryption of not yet encrypted device" +# Encrypt without size reduction must not allow header device same as data device +wipe_dev $LOOPDEV1 +echo $PWD1 | $REENC $LOOPDEV1 --type luks1 --new --header $LOOPDEV1 -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $LOOPDEV1 2>/dev/null && fail +ln -s $LOOPDEV1 $DEV_LINK || fail +echo $PWD1 | $REENC $LOOPDEV1 --type luks1 --new --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $LOOPDEV1 2>/dev/null && fail +rm -f $DEV_LINK || fail +echo $PWD1 | $REENC $IMG --type luks1 --new --header $IMG -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail +ln -s $IMG $DEV_LINK || fail +echo $PWD1 | $REENC $IMG --type luks1 --new --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail +$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail + +if [ ! fips_mode ]; then # well, movin' zeroes :-) OFFSET=2048 SIZE=$(blockdev --getsz $LOOPDEV1) -wipe_dev $LOOPDEV1 dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3 dmsetup remove --retry $DEV_NAME2 || fail @@ -307,6 +344,7 @@ echo fake | $REENC $LOOPDEV1 -d $KEY1 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail $CRYPTSETUP open --test-passphrase $LOOPDEV1 -d $KEY1 || fail wipe_dev $LOOPDEV1 +fi echo "[5] Reencryption using specific keyslot" echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail @@ -380,6 +418,7 @@ test_logging "[4096/512 sector]" || fail test_logging_tmpfs || fail +if [ ! fips_mode ]; then echo "[10] Removal of encryption" prepare 8192 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail @@ -444,6 +483,7 @@ echo $PWD1 | $REENC --header $IMG_HDR $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail test -f $IMG_HDR && fail fi +fi # if [ ! fips_mode ] remove_mapping exit 0 diff -Nru cryptsetup-2.5.0/tests/ssh-test-plugin cryptsetup-2.6.1/tests/ssh-test-plugin --- cryptsetup-2.5.0/tests/ssh-test-plugin 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/ssh-test-plugin 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,9 @@ #!/bin/bash [ -z "$CRYPTSETUP_PATH" ] && { - export LD_PRELOAD=./fake_token_path.so + TOKEN_PATH="./fake_token_path.so" + [ ! -f $TOKEN_PATH ] && { echo "Please compile $TOKEN_PATH."; exit 77; } + export LD_PRELOAD=$TOKEN_PATH CRYPTSETUP_PATH=".." } CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup @@ -9,7 +11,7 @@ IMG="ssh_test.img" MAP="sshtest" USER="sshtest" -PASSWD="sshtest" +PASSWD="sshtest1" PASSWD2="sshtest2" SSH_OPTIONS="-o StrictHostKeyChecking=no" @@ -19,6 +21,10 @@ FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_SSH_VALGRIND=../.libs/cryptsetup-ssh +CRYPTSETUP_LIB_VALGRIND=../.libs + [ -z "$srcdir" ] && srcdir="." function remove_mapping() @@ -93,6 +99,24 @@ exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + [ ! -f $CRYPTSETUP_SSH_VALGRIND ] && fail "Unable to get location of cryptsetup-ssh executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + +function valgrind_run_ssh() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_SSH_VALGRIND} "$@" +} + format() { dd if=/dev/zero of=$IMG bs=1M count=32 >/dev/null 2>&1 @@ -129,6 +153,7 @@ } [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run && CRYPTSETUP_SSH=valgrind_run_ssh [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." # Prevent running dangerous useradd operation by default diff -Nru cryptsetup-2.5.0/tests/systemd-test-plugin cryptsetup-2.6.1/tests/systemd-test-plugin --- cryptsetup-2.5.0/tests/systemd-test-plugin 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-2.6.1/tests/systemd-test-plugin 2023-02-09 16:12:17.000000000 +0000 @@ -0,0 +1,150 @@ +#!/bin/bash + +CC="cc" + +PASSWD="tpm2_test" +PASSWD2="tpm2_test2" +FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" +IMG=systemd_token_test.img +MAP="systemd_tpm2_test" + +function bin_check() +{ + command -v $1 >/dev/null || skip "WARNING: test require $1 binary, test skipped." +} + +function cleanup() { + [ -S $SWTPM_STATE_DIR/ctrl.sock ] && { + # shutdown TPM via control socket + swtpm_ioctl -s --unix $SWTPM_STATE_DIR/ctrl.sock + sleep 1 + } + + # if graceful shutdown was successful, pidfile should be deleted + # if it is still present, we forcefully kill the process + [ -f "$SWTPM_PIDFILE" ] && { + kill -9 $(cat $SWTPM_PIDFILE) >/dev/null 2>&1 + } + + [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP + + rm -f $SWTPM_PIDFILE >/dev/null 2>&1 + rm -rf $SWTPM_STATE_DIR >/dev/null 2>&1 + rm -f $IMG >/dev/null 2>&1 +} + +function fail() +{ + echo "[FAILED]" + [ -n "$1" ] && echo "$1" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + cleanup + exit 2 +} + +function skip() +{ + [ -n "$1" ] && echo "$1" + cleanup + exit 77 +} + +# Prevent downloading and compiling systemd by default +[ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] && skip "WARNING: Variable RUN_SYSTEMD_PLUGIN_TEST must be defined, test skipped." + +[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." +bin_check swtpm +bin_check swtpm_ioctl + +CRYPTENROLL_LD_PRELOAD="" + +# if CRYPTSETUP_PATH is defined, we run against installed binaries, +# otherwise we compile systemd tokens from source +[ -z "$CRYPTSETUP_PATH" ] && { + bin_check git + bin_check meson + bin_check ninja + bin_check pkgconf + + TOKEN_PATH=fake_token_path.so + [ -f $TOKEN_PATH ] || skip "Please compile $TOKEN_PATH." + INSTALL_PATH=$(pwd)/external-tokens/install + make -C .. install DESTDIR=$INSTALL_PATH + PC_FILE="$(find $INSTALL_PATH -name 'libcryptsetup.pc')" + sed -i "s/^prefix=/prefix=${INSTALL_PATH//\//\\\/}/g" "$PC_FILE" + export PKG_CONFIG_PATH=$(dirname $PC_FILE) + + # systemd build system misses libcryptsetup.h if it is installed in non-default path + export CFLAGS="${CFLAGS:-} $(pkgconf --cflags libcryptsetup)" + + SYSTEMD_PATH=$(pwd)/external-tokens/systemd + CRYPTSETUP_PATH=$(pwd)/.. + SYSTEMD_CRYPTENROLL=$SYSTEMD_PATH/build/systemd-cryptenroll + + mkdir -p $SYSTEMD_PATH + [ "$(ls -A $SYSTEMD_PATH)" ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH + cd $SYSTEMD_PATH + meson -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true build/ || skip "Failed to configure systemd via meson, some dependencies are probably missing." + ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd." + + cd $CRYPTSETUP_PATH/tests + cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so ../.libs/ + cp $SYSTEMD_PATH/build/src/shared/*.so ../.libs/ + + export LD_PRELOAD="${LD_PRELOAD-}:$CRYPTSETUP_PATH/tests/$TOKEN_PATH" + CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/.libs/libcryptsetup.so" +} +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." + +[ -z "$SYSTEMD_CRYPTENROLL" ] && { + bin_check systemd-cryptenroll + SYSTEMD_CRYPTENROLL="systemd-cryptenroll" +} + +[ -z "$TPM_PATH" ] && { + echo "Setting up virtual TPM using swtpm..." + SWTPM_PIDFILE=$(mktemp /tmp/systemd_swtpm_pid.XXXXXX) + SWTPM_STATE_DIR=$(mktemp -d /tmp/systemd_swtpm_state.XXXXXX) + modprobe tpm_vtpm_proxy || skip "Failed to load tpm_vtpm_proxy kernel module, required for emulated TPM." + SWTPM_LOG=$(swtpm chardev --vtpm-proxy --tpm2 --tpmstate dir=$SWTPM_STATE_DIR -d --pid file=$SWTPM_PIDFILE --ctrl type=unixio,path=$SWTPM_STATE_DIR/ctrl.sock) + TPM_PATH=$(echo $SWTPM_LOG | grep -Eo '/dev/tpm([0-9])+' | sed 's/tpm/tpmrm/') + [ -z "$TPM_PATH" ] && skip "No TPM_PATH set and swtpm failed, test skipped." + sleep 1 + echo "Virtual TPM set up at $TPM_PATH" +} + +FAKE_TPM_PATH="$(pwd)/fake_systemd_tpm_path.so" +[ -f $FAKE_TPM_PATH ] || skip "Please compile $FAKE_TPM_PATH." +export LD_PRELOAD="$LD_PRELOAD:$FAKE_TPM_PATH" + +export TPM_PATH=$TPM_PATH +echo "TPM path is $TPM_PATH" + +dd if=/dev/zero of=$IMG bs=1M count=32 >/dev/null 2>&1 +echo $PASSWD | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG --force-password -q + +echo "Enrolling the device to TPM 2 using systemd-cryptenroll.." +LD_PRELOAD="$LD_PRELOAD:$CRYPTENROLL_LD_PRELOAD" PASSWORD="$PASSWD" $SYSTEMD_CRYPTENROLL $IMG --tpm2-device=$TPM_PATH >/dev/null 2>&1 + +$CRYPTSETUP luksDump $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)." +echo "Activating the device via TPM2 external token.." +$CRYPTSETUP open --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token." +$CRYPTSETUP close $MAP >/dev/null 2>&1 || fail "Failed to close $MAP." + +echo "Adding passphrase via TPM2 token.." +echo $PASSWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token." +echo $PASSWD2 | $CRYPTSETUP open $IMG --test-passphrase --disable-external-tokens >/dev/null 2>&1 || fail "Failed to test passphrase added by tpm2 token." + +echo "Exporting and removing TPM2 token.." +EXPORTED_TOKEN=$($CRYPTSETUP token export $IMG --token-id 0) +$CRYPTSETUP token remove $IMG --token-id 0 +$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal." + +echo "Re-importing TPM2 token.." +echo $EXPORTED_TOKEN | $CRYPTSETUP token import $IMG --token-id 0 || fail "Failed to re-import deleted token." +$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token." + +cleanup +exit 0 diff -Nru cryptsetup-2.5.0/tests/tcrypt-compat-test cryptsetup-2.6.1/tests/tcrypt-compat-test --- cryptsetup-2.5.0/tests/tcrypt-compat-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/tcrypt-compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -75,7 +75,7 @@ function test_required() { - command -v lsblk >/dev/null || skip "lsblk tool required, test skipped." + command -v blkid >/dev/null || skip "blkid tool required, test skipped." echo "REQUIRED KDF TEST" test_kdf sha256 @@ -198,7 +198,7 @@ [ $ret -ne 0 ] && fail $CRYPTSETUP status $MAP >/dev/null || fail $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail - UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) + UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP) $CRYPTSETUP remove $MAP || fail [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." echo " [OK]" @@ -213,7 +213,7 @@ [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue [ $ret -ne 0 ] && fail - UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) + UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP) $CRYPTSETUP remove $MAP || fail [ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed." echo " [OK]" diff -Nru cryptsetup-2.5.0/tests/test_utils.c cryptsetup-2.6.1/tests/test_utils.c --- cryptsetup-2.5.0/tests/test_utils.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/test_utils.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * cryptsetup library API test utilities * - * Copyright (C) 2009-2022 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2022 Milan Broz + * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -225,7 +225,7 @@ __attribute__((format(printf, 3, 4))) static int _snprintf(char **r_ptr, size_t *r_remains, const char *format, ...) { - int len; + int len, r = 0; va_list argp; assert(r_remains); @@ -234,15 +234,16 @@ va_start(argp, format); len = vsnprintf(*r_ptr, *r_remains, format, argp); - if (len < 0 || (size_t)len >= *r_remains) - return -EINVAL; - - *r_ptr += len; - *r_remains -= len; + if (len < 0 || (size_t)len >= *r_remains) { + r = -EINVAL; + } else { + *r_ptr += len; + *r_remains -= len; + } va_end(argp); - return 0; + return r; } int dmdevice_error_io(const char *dm_name, @@ -539,6 +540,20 @@ if (t_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch) && _keyring_check()) t_dm_crypt_flags |= T_DM_KERNEL_KEYRING_SUPPORTED; + + if (t_dm_satisfies_version(1, 17, 0, crypt_maj, crypt_min, crypt_patch)) { + t_dm_crypt_flags |= T_DM_SECTOR_SIZE_SUPPORTED; + t_dm_crypt_flags |= T_DM_CAPI_STRING_SUPPORTED; + } + + if (t_dm_satisfies_version(1, 19, 0, crypt_maj, crypt_min, crypt_patch)) + t_dm_crypt_flags |= T_DM_BITLK_EBOIV_SUPPORTED; + + if (t_dm_satisfies_version(1, 20, 0, crypt_maj, crypt_min, crypt_patch)) + t_dm_crypt_flags |= T_DM_BITLK_ELEPHANT_SUPPORTED; + + if (t_dm_satisfies_version(1, 22, 0, crypt_maj, crypt_min, crypt_patch)) + t_dm_crypt_flags |= T_DM_CRYPT_NO_WORKQUEUE_SUPPORTED; } static void t_dm_set_verity_compat(const char *dm_version __attribute__((unused)), @@ -560,6 +575,15 @@ t_dm_crypt_flags |= T_DM_VERITY_ON_CORRUPTION_SUPPORTED; t_dm_crypt_flags |= T_DM_VERITY_FEC_SUPPORTED; } + + if (t_dm_satisfies_version(1, 5, 0, verity_maj, verity_min, verity_patch)) + t_dm_crypt_flags |= T_DM_VERITY_SIGNATURE_SUPPORTED; + + if (t_dm_satisfies_version(1, 7, 0, verity_maj, verity_min, verity_patch)) + t_dm_crypt_flags |= T_DM_VERITY_PANIC_CORRUPTION_SUPPORTED; + + if (t_dm_satisfies_version(1, 9, 0, verity_maj, verity_min, verity_patch)) + t_dm_crypt_flags |= T_DM_VERITY_TASKLETS_SUPPORTED; } static void t_dm_set_integrity_compat(const char *dm_version __attribute__((unused)), @@ -569,6 +593,24 @@ { if (integrity_maj > 0) t_dm_crypt_flags |= T_DM_INTEGRITY_SUPPORTED; + + if (t_dm_satisfies_version(1, 2, 0, integrity_maj, integrity_min, integrity_patch)) + t_dm_crypt_flags |= T_DM_INTEGRITY_RECALC_SUPPORTED; + + if (t_dm_satisfies_version(1, 3, 0, integrity_maj, integrity_min, integrity_patch)) + t_dm_crypt_flags |= T_DM_INTEGRITY_BITMAP_SUPPORTED; + + if (t_dm_satisfies_version(1, 4, 0, integrity_maj, integrity_min, integrity_patch)) + t_dm_crypt_flags |= T_DM_INTEGRITY_FIX_PADDING_SUPPORTED; + + if (t_dm_satisfies_version(1, 6, 0, integrity_maj, integrity_min, integrity_patch)) + t_dm_crypt_flags |= T_DM_INTEGRITY_DISCARDS_SUPPORTED; + + if (t_dm_satisfies_version(1, 7, 0, integrity_maj, integrity_min, integrity_patch)) + t_dm_crypt_flags |= T_DM_INTEGRITY_FIX_HMAC_SUPPORTED; + + if (t_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch)) + t_dm_crypt_flags |= T_DM_INTEGRITY_RESET_RECALC_SUPPORTED; } int t_dm_check_versions(void) @@ -633,6 +675,21 @@ return t_dm_crypt_flags & T_DM_DISCARDS_SUPPORTED; } +int t_dm_integrity_resize_support(void) +{ + return t_dm_crypt_flags & T_DM_INTEGRITY_RESIZE_SUPPORTED; +} + +int t_dm_integrity_recalculate_support(void) +{ + return t_dm_crypt_flags & T_DM_INTEGRITY_RECALC_SUPPORTED; +} + +int t_dm_capi_string_supported(void) +{ + return t_dm_crypt_flags & T_DM_CAPI_STRING_SUPPORTED; +} + /* loop helpers */ #define LOOP_DEV_MAJOR 7 diff -Nru cryptsetup-2.5.0/tests/unit-utils-crypt.c cryptsetup-2.6.1/tests/unit-utils-crypt.c --- cryptsetup-2.5.0/tests/unit-utils-crypt.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/unit-utils-crypt.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * cryptsetup crypto name and hex conversion helper test vectors * - * Copyright (C) 2022 Milan Broz + * Copyright (C) 2022-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/tests/unit-utils-io.c cryptsetup-2.6.1/tests/unit-utils-io.c --- cryptsetup-2.5.0/tests/unit-utils-io.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/unit-utils-io.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * simple unit test for utils_io.c (blockwise low level functions) * - * Copyright (C) 2018-2022 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/tests/unit-wipe.c cryptsetup-2.6.1/tests/unit-wipe.c --- cryptsetup-2.5.0/tests/unit-wipe.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/unit-wipe.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,7 +1,7 @@ /* * unit test helper for crypt_wipe API call * - * Copyright (C) 2022 Milan Broz + * Copyright (C) 2022-2023 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff -Nru cryptsetup-2.5.0/tests/verity-compat-test cryptsetup-2.6.1/tests/verity-compat-test --- cryptsetup-2.5.0/tests/verity-compat-test 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tests/verity-compat-test 2023-02-09 16:12:17.000000000 +0000 @@ -422,6 +422,7 @@ echo "[OK]" } +export LANG=C [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ ! -x "$VERITYSETUP" ] && skip "Cannot find $VERITYSETUP, test skipped." @@ -476,6 +477,11 @@ if check_version 1 7; then check_option 512 $HASH $SALT 1 sha256 "--panic-on-corruption" "panic_on_corruption" fi + + if check_version 1 9; then + echo "Verity data performance options test." + check_option 512 $HASH $SALT 1 sha256 "--use-tasklets" "try_verify_in_tasklet" + fi fi echo "Veritysetup [hash-offset bigger than 2G works] " diff -Nru cryptsetup-2.5.0/tokens/ssh/cryptsetup-ssh.c cryptsetup-2.6.1/tokens/ssh/cryptsetup-ssh.c --- cryptsetup-2.5.0/tokens/ssh/cryptsetup-ssh.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tokens/ssh/cryptsetup-ssh.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Example of LUKS2 token storing third party metadata (EXPERIMENTAL EXAMPLE) * - * Copyright (C) 2016-2022 Milan Broz - * Copyright (C) 2021-2022 Vojtech Trefny + * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2021-2023 Vojtech Trefny * * Use: * - generate ssh example token diff -Nru cryptsetup-2.5.0/tokens/ssh/libcryptsetup-token-ssh.c cryptsetup-2.6.1/tokens/ssh/libcryptsetup-token-ssh.c --- cryptsetup-2.5.0/tokens/ssh/libcryptsetup-token-ssh.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tokens/ssh/libcryptsetup-token-ssh.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * Example of LUKS2 ssh token handler (EXPERIMENTAL) * - * Copyright (C) 2016-2022 Milan Broz - * Copyright (C) 2020-2022 Vojtech Trefny + * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2020-2023 Vojtech Trefny * * Use: * - generate LUKS device @@ -80,6 +80,9 @@ ssh_session ssh; jobj_token = get_token_jobj(cd, token); + if (!jobj_token) + return -ENOMEM; + json_object_object_get_ex(jobj_token, "ssh_server", &jobj_server); json_object_object_get_ex(jobj_token, "ssh_user", &jobj_user); json_object_object_get_ex(jobj_token, "ssh_path", &jobj_path); @@ -87,6 +90,7 @@ r = ssh_pki_import_privkey_file(json_object_get_string(jobj_keypath), pin, NULL, NULL, &pkey); if (r != SSH_OK) { + json_object_put(jobj_token); if (r == SSH_EOF) { crypt_log(cd, CRYPT_LOG_ERROR, "Failed to open and import private key.\n"); return -EINVAL; @@ -98,6 +102,7 @@ ssh = sshplugin_session_init(cd, json_object_get_string(jobj_server), json_object_get_string(jobj_user)); if (!ssh) { + json_object_put(jobj_token); ssh_key_free(pkey); return -EINVAL; } @@ -111,6 +116,7 @@ ssh_disconnect(ssh); ssh_free(ssh); + json_object_put(jobj_token); return r ? -EINVAL : r; } diff -Nru cryptsetup-2.5.0/tokens/ssh/ssh-utils.c cryptsetup-2.6.1/tokens/ssh/ssh-utils.c --- cryptsetup-2.5.0/tokens/ssh/ssh-utils.c 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tokens/ssh/ssh-utils.c 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * ssh plugin utilities * - * Copyright (C) 2016-2022 Milan Broz - * Copyright (C) 2020-2022 Vojtech Trefny + * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2020-2023 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff -Nru cryptsetup-2.5.0/tokens/ssh/ssh-utils.h cryptsetup-2.6.1/tokens/ssh/ssh-utils.h --- cryptsetup-2.5.0/tokens/ssh/ssh-utils.h 2022-07-28 15:32:33.000000000 +0000 +++ cryptsetup-2.6.1/tokens/ssh/ssh-utils.h 2023-02-09 16:12:17.000000000 +0000 @@ -1,8 +1,8 @@ /* * ssh plugin utilities * - * Copyright (C) 2016-2022 Milan Broz - * Copyright (C) 2020-2022 Vojtech Trefny + * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2020-2023 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public